You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+33-29Lines changed: 33 additions & 29 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -73,7 +73,7 @@ docker build -t pre-commit \
73
73
.
74
74
```
75
75
76
-
To disable pre-commit color output set `-e PRE_COMMIT_COLOR=never`.
76
+
To disable the pre-commit color output, set `-e PRE_COMMIT_COLOR=never`.
77
77
78
78
</details>
79
79
@@ -154,7 +154,7 @@ EOF
154
154
155
155
### 4. Run
156
156
157
-
After pre-commit hook has been installed you can run it manually on all files in the repository.
157
+
After the pre-commit hook has been installing you can run it manually on all files in the repository.
158
158
159
159
Local installation:
160
160
@@ -168,7 +168,7 @@ Docker:
168
168
docker run -v $(pwd):/lint -w /lint pre-commit run -a
169
169
```
170
170
171
-
> You be able list tools versions when needed
171
+
> You be able to list tools versions when needed
172
172
>
173
173
> ```bash
174
174
> TAG=latest && docker run --entrypoint cat pre-commit:$TAG /usr/bin/tools_versions_info
@@ -178,20 +178,22 @@ docker run -v $(pwd):/lint -w /lint pre-commit run -a
178
178
179
179
There are several [pre-commit](https://pre-commit.com/) hooks to keep Terraform configurations (both `*.tf` and `*.tfvars`) and Terragrunt configurations (`*.hcl`) in a good shape:
|`checkov`| [checkov](https://github.com/bridgecrewio/checkov) static analysis of terraform templates to spot potential security issues. [Hook notes](#checkov) |
184
-
|`terraform_docs_replace`| Runs `terraform-docs` and pipes the output directly to README.md |
185
-
|`terraform_docs_without_aggregate_type_defaults`| Inserts input and output documentation into `README.md` without aggregate type defaults. Hook notes same as for [terraform_docs](#terraform_docs) |
186
-
|`terraform_docs`| Inserts input and output documentation into `README.md`. Recommended. [Hook notes](#terraform_docs) |
187
-
|`terraform_fmt`| Rewrites all Terraform configuration files to a canonical format. [Hook notes](#terraform_fmt) |
|`terraform_tflint`| Validates all Terraform configuration files with [TFLint](https://github.com/terraform-linters/tflint). [Available TFLint rules](https://github.com/terraform-linters/tflint/tree/master/docs/rules#rules). [Hook notes](#terraform_tflint). |
190
-
|`terraform_tfsec`| [TFSec](https://github.com/liamg/tfsec) static analysis of terraform templates to spot potential security issues. [Hook notes](#terraform_tfsec) |
191
-
|`terraform_validate`| Validates all Terraform configuration files. [Hook notes](#terraform_validate) |
192
-
|`terragrunt_fmt`| Rewrites all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) to a canonical format. |
193
-
|`terragrunt_validate`| Validates all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) |
194
-
|`terrascan`| [terrascan](https://github.com/accurics/terrascan) Detect compliance and security violations. |
181
+
<!-- markdownlint-disable no-inline-html -->
182
+
| Hook name | Description | Dependencies<br><sup>[Install instructions here](#1-install-dependencies)</sup> |
|`checkov`| [checkov](https://github.com/bridgecrewio/checkov) static analysis of terraform templates to spot potential security issues. [Hook notes](#checkov) | `checkov`<br>Ubuntu deps: `python3`, `python3-pip` |
185
+
|`terraform_docs_replace`| Runs `terraform-docs` and pipes the output directly to README.md |`terraform-docs`|
186
+
|`terraform_docs_without_`<br>`aggregate_type_defaults`| Inserts input and output documentation into `README.md` without aggregate type defaults. Hook notes same as for [terraform_docs](#terraform_docs) | `python3`, `terraform-docs` |
187
+
|`terraform_docs`| Inserts input and output documentation into `README.md`. Recommended. [Hook notes](#terraform_docs) | `terraform-docs` |
188
+
|`terraform_fmt`| Rewrites all Terraform configuration files to a canonical format. [Hook notes](#terraform_fmt) | - |
|`terragrunt_fmt`| Rewrites all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) to a canonical format. |`terragrunt`|
194
+
|`terragrunt_validate`| Validates all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) | - |
195
+
|`terrascan`| [terrascan](https://github.com/accurics/terrascan) Detect compliance and security violations. |`terrascan`|
196
+
<!-- markdownlint-enable no-inline-html -->
195
197
196
198
Check the [source file](https://github.com/antonbabenko/pre-commit-terraform/blob/master/.pre-commit-hooks.yaml) to know arguments used for each hook.
197
199
@@ -221,9 +223,9 @@ For [checkov](https://github.com/bridgecrewio/checkov) you need to specify each
221
223
222
224
if they are present in`README.md`.
223
225
224
-
2. It is possible to pass additional arguments to shell scripts when using `terraform_docs` and `terraform_docs_without_aggregate_type_defaults`. Send pull-request with the new hook ifthere is something missing.
226
+
2. It is possible to pass additional arguments to shell scripts when using `terraform_docs` and `terraform_docs_without_aggregate_type_defaults`. Send pull-request with the new hook ifsomething is missing.
225
227
226
-
For these hooks you need to specify all arguments as one:
228
+
For these hooks, you need to specify all arguments as one:
227
229
228
230
```yaml
229
231
- id: terraform_docs
@@ -233,7 +235,7 @@ For these hooks you need to specify all arguments as one:
233
235
234
236
### terraform_docs_replace
235
237
236
-
`terraform_docs_replace` replaces the entire README.md rather than doing string replacement between markers. Put your additional documentation at the top of your `main.tf`for it to be pulled in. The optional `--dest` argument lets you change the name of the file that gets created/modified.
238
+
`terraform_docs_replace` replaces the entire README.md rather than doing string replacement between markers. Put your additional documentation at the top of your `main.tf`for it to be pulled in. The optional `--dest` argument lets you change the filename that gets created/modified.
237
239
238
240
Example:
239
241
@@ -274,7 +276,7 @@ Example:
274
276
- '--args=-platform=darwin_amd64'
275
277
```
276
278
277
-
4. It may happen that Terraform working directory (`.terraform`) already exists but not in the best condition (eg, not initialized modules, wrong version of Terraform, etc). To solve this problem you can find and delete all `.terraform` directories in your repository:
279
+
4. It may happen that Terraform working directory (`.terraform`) already exists but not in the best condition (eg, not initialized modules, wrong version of Terraform, etc.). To solve this problem, you can find and delete all `.terraform` directories in your repository:
278
280
279
281
```bash
280
282
echo"
@@ -283,14 +285,14 @@ Example:
283
285
}
284
286
">>~/.bashrc
285
287
286
-
# Reload shell and use `rm_terraform` command in repo root
288
+
# Reload shell and use `rm_terraform` command in the repo root
287
289
```
288
290
289
-
`terraform_providers_lock` hook will try to reinitialize them before running `terraform providers lock` command.
291
+
`terraform_providers_lock` hook will try to reinitialize them before running the `terraform providers lock` command.
290
292
291
293
### terraform_tflint
292
294
293
-
1. `terraform_tflint` supports custom arguments so you can enable module inspection, deep check mode etc.
295
+
1. `terraform_tflint` supports custom arguments so you can enable module inspection, deep check mode, etc.
2. When you have multiple directories and want to run `tflint` in all of them and share single config file it is impractical to hard-code the path to `.tflint.hcl` file. The solution is to use `__GIT_WORKING_DIR__` placeholder which will be replaced by `terraform_tflint` hooks with Git working directory (repo root) at run time. For example:
306
+
2. When you have multiple directories and want to run `tflint` in all of them and share a single config file, it is impractical to hard-code the path to `.tflint.hcl` file. The solution is to use the`__GIT_WORKING_DIR__` placeholder which will be replaced by `terraform_tflint` hooks with Git working directory (repo root) at run time. For example:
305
307
306
308
```yaml
307
309
- id: terraform_tflint
@@ -373,7 +375,7 @@ Example:
373
375
- --envs=AWS_SECRET_ACCESS_KEY="asecretkey"
374
376
```
375
377
376
-
3. It may happen that Terraform working directory (`.terraform`) already exists but not in the best condition (eg, not initialized modules, wrong version of Terraform, etc). To solve this problem you can find and delete all `.terraform` directories in your repository:
378
+
3. It may happen that Terraform working directory (`.terraform`) already exists but not in the best condition (eg, not initialized modules, wrong version of Terraform, etc.). To solve this problem, you can find and delete all `.terraform` directories in your repository:
377
379
378
380
```bash
379
381
echo"
@@ -382,10 +384,10 @@ Example:
382
384
}
383
385
">>~/.bashrc
384
386
385
-
# Reload shell and use `rm_terraform` command in repo root
387
+
# Reload shell and use `rm_terraform` command in the repo root
386
388
```
387
389
388
-
`terraform_validate` hook will try to reinitialize them before running `terraform validate` command.
390
+
`terraform_validate` hook will try to reinitialize them before running the `terraform validate` command.
389
391
390
392
**Warning:** If you use Terraform workspaces, DO NOT use this workaround ([details](https://github.com/antonbabenko/pre-commit-terraform/issues/203#issuecomment-918791847)). Wait to [`force-init`](https://github.com/antonbabenko/pre-commit-terraform/issues/224) option implementation
391
393
@@ -394,10 +396,12 @@ Example:
394
396
395
397
This repository is managed by [Anton Babenko](https://github.com/antonbabenko) with help from these awesome contributors:
0 commit comments