-
-
Notifications
You must be signed in to change notification settings - Fork 4
/
.pre-commit-hooks.yaml
160 lines (144 loc) · 4.25 KB
/
.pre-commit-hooks.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
- id: infracost_breakdown
name: Infracost breakdown
description: Check OpenTofu infrastructure cost
entry: hooks/infracost_breakdown.sh
language: script
require_serial: true
files: \.((tf|tofu)(vars)?|hcl)$
exclude: \.terraform\/.*$
- id: tofu_fmt
name: OpenTofu fmt
description: Rewrites all OpenTofu configuration files to a canonical format.
entry: hooks/tofu_fmt.sh
language: script
files: \.(tf|tofu)(vars)?$
exclude: \.terraform\/.*$
- id: tofu_docs
name: OpenTofu docs
description:
Inserts input and output documentation into README.md (using
terraform-docs).
require_serial: true
entry: hooks/tofu_docs.sh
language: script
files: (\.(tf|tofu)|\.terraform\.lock\.hcl)$
exclude: \.terraform\/.*$
- id: tofu_docs_without_aggregate_type_defaults
name: OpenTofu docs (without aggregate type defaults)
description:
Inserts input and output documentation into README.md (using
terraform-docs). Identical to terraform_docs.
require_serial: true
entry: hooks/tofu_docs.sh
language: script
files: \.(tf|tofu)$
exclude: \.terraform\/.*$
- id: tofu_docs_replace
name: OpenTofu docs (overwrite README.md)
description: Overwrite content of README.md with terraform-docs.
require_serial: true
entry: hooks/tofu_docs_replace.py
language: python
files: \.(tf|tofu)$
exclude: \.terraform\/.*$
- id: tofu_validate
name: OpenTofu validate
description: Validates all OpenTofu configuration files.
require_serial: true
entry: hooks/tofu_validate.sh
language: script
files: \.(tf|tofu)(vars)?$
exclude: \.terraform\/.*$
- id: tofu_providers_lock
name: Lock OpenTofu provider versions
description: Updates provider signatures in dependency lock files.
require_serial: true
entry: hooks/tofu_providers_lock.sh
language: script
files: (\.terraform\.lock\.hcl)$
exclude: \.terraform\/.*$
- id: tofu_tflint
name: OpenTofu validate with tflint
description: Validates all OpenTofu configuration files with TFLint.
require_serial: true
entry: hooks/tofu_tflint.sh
language: script
files: \.(tf|tofu)(vars)?$
exclude: \.terraform\/.*$
- id: terragrunt_fmt
name: Terragrunt fmt
description:
Rewrites all Terragrunt configuration files to a canonical format.
entry: hooks/terragrunt_fmt.sh
language: script
files: (\.hcl)$
exclude: \.terraform\/.*$
- id: terragrunt_validate
name: Terragrunt validate
description: Validates all Terragrunt configuration files.
entry: hooks/terragrunt_validate.sh
language: script
files: (\.hcl)$
exclude: \.terraform\/.*$
- id: tofu_tfsec
name: OpenTofu validate with tfsec (deprecated, use "tofu_trivy")
description:
Static analysis of OpenTofu templates to spot potential security issues.
require_serial: true
entry: hooks/tofu_tfsec.sh
files: \.(tf|tofu)(vars)?$
language: script
- id: tofu_trivy
name: OpenTofu validate with trivy
description:
Static analysis of OpenTofu templates to spot potential security issues.
require_serial: true
entry: hooks/tofu_trivy.sh
files: \.(tf|tofu)(vars)?$
language: script
- id: checkov
name: checkov (deprecated, use "tofu_checkov")
description: Runs checkov on OpenTofu templates.
entry: checkov -d .
language: python
pass_filenames: false
always_run: false
files: \.tf$
exclude: \.terraform\/.*$
require_serial: true
- id: tofu_checkov
name: Checkov
description: Runs checkov on OpenTofu templates.
entry: hooks/tofu_checkov.sh
language: script
always_run: false
files: \.(tf|tofu)$
exclude: \.terraform\/.*$
require_serial: true
- id: tofu_wrapper_module_for_each
name: OpenTofu wrapper with for_each in module
description: Generate OpenTofu wrappers with for_each in module.
entry: hooks/tofu_wrapper_module_for_each.sh
language: script
pass_filenames: false
always_run: false
require_serial: true
files: \.tf$
exclude: \.terraform\/.*$
- id: terrascan
name: terrascan
description: Runs terrascan on OpenTofu templates.
language: script
entry: hooks/terrascan.sh
files: \.(tf|tofu)$
exclude: \.terraform\/.*$
require_serial: true
- id: tfupdate
name: tfupdate
description: Runs tfupdate on OpenTofu templates.
language: script
entry: hooks/tfupdate.sh
args:
- --args=terraform
files: \.(tf|tofu)$
require_serial: true