From a55f47ff96ccb2fee7be832d4314ff7a477903ff Mon Sep 17 00:00:00 2001 From: Soren Martius Date: Mon, 6 Jan 2020 22:55:46 -0300 Subject: [PATCH 1/2] pre-commit hooks for terraform fmt, validate and tflint --- .pre-commit-hooks.yaml | 27 ++++++++++++++++++++++++++ LICENSE | 2 +- README.adoc | 0 README.md | 2 -- pre_commit_hooks/terraform/fmt.sh | 11 +++++++++++ pre_commit_hooks/terraform/tflint.sh | 12 ++++++++++++ pre_commit_hooks/terraform/validate.sh | 13 +++++++++++++ 7 files changed, 64 insertions(+), 3 deletions(-) create mode 100644 .pre-commit-hooks.yaml create mode 100644 README.adoc delete mode 100644 README.md create mode 100644 pre_commit_hooks/terraform/fmt.sh create mode 100644 pre_commit_hooks/terraform/tflint.sh create mode 100644 pre_commit_hooks/terraform/validate.sh diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml new file mode 100644 index 0000000..7acd0c9 --- /dev/null +++ b/.pre-commit-hooks.yaml @@ -0,0 +1,27 @@ +# Configuring our pre-commit hooks to be used with pre-commit: http://pre-commit.com/ + +- id: terraform-fmt + name: Terraform fmt + description: The terraform fmt command is used to rewrite Terraform configuration files to a canonical format and style. This command applies a subset of the Terraform language style conventions, along with other minor adjustments for readability. + entry: pre_commit_hooks/terraform/fmt.sh + language: script + files: \.tf$ + exclude: \.+.terraform\/.*$ + require_serial: true + +- id: terraform-validate + name: Terraform validate + description: The terraform validate command validates all Terraform configuration files, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc. + entry: pre_commit_hooks/terraform/validate.sh + language: script + files: \.tf$ + exclude: \.+.terraform\/.*$ + require_serial: true + +- id: tflint + name: tflint + description: Linter for Terraform source code + entry: hooks/tflint.sh + language: script + files: \.tf$ + exclude: \.+.terraform\/.*$ diff --git a/LICENSE b/LICENSE index 261eeb9..5391b0b 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright [yyyy] [name of copyright owner] + Copyright [2020] [Mineiros] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/README.adoc b/README.adoc new file mode 100644 index 0000000..e69de29 diff --git a/README.md b/README.md deleted file mode 100644 index 247eda6..0000000 --- a/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# pre-commit-hooks -A collection of pre-commit-hooks used by the Mineiros IaC Library. diff --git a/pre_commit_hooks/terraform/fmt.sh b/pre_commit_hooks/terraform/fmt.sh new file mode 100644 index 0000000..4fccf59 --- /dev/null +++ b/pre_commit_hooks/terraform/fmt.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +# set -e is considered to be a bad practice as written here http://mywiki.wooledge.org/BashFAQ/105 +# so we use a trap instead +trap 'exit' ERR + +# Make environment variables working in OSX GUI apps such as Github Desktop https://stackoverflow.com/q/135688/483528 +export PATH=$PATH:/usr/local/bin + +terraform fmt -recursive + diff --git a/pre_commit_hooks/terraform/tflint.sh b/pre_commit_hooks/terraform/tflint.sh new file mode 100644 index 0000000..855105b --- /dev/null +++ b/pre_commit_hooks/terraform/tflint.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +# set -e is considered to be a bad practice as written here http://mywiki.wooledge.org/BashFAQ/105 +# so we use a trap instead +trap 'exit' ERR + +# Make environment variables working in OSX GUI apps such as Github Desktop https://stackoverflow.com/q/135688/483528 +export PATH=$PATH:/usr/local/bin + +for file in "$@"; do + tflint "$file" +done diff --git a/pre_commit_hooks/terraform/validate.sh b/pre_commit_hooks/terraform/validate.sh new file mode 100644 index 0000000..53a3bd8 --- /dev/null +++ b/pre_commit_hooks/terraform/validate.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +# set -e is considered to be a bad practice as written here http://mywiki.wooledge.org/BashFAQ/105 +# so we use a trap instead +trap 'exit' ERR + +# Make environment variables working in OSX GUI apps such as Github Desktop https://stackoverflow.com/q/135688/483528 +export PATH=$PATH:/usr/local/bin + +for dir in $(echo "$@" | xargs -n1 dirname | sort -u | uniq); do + terraform init -backend=false "$dir" + terraform validate "$dir" +done From dda9386ef445a104780ec89fa999d879883d6617 Mon Sep 17 00:00:00 2001 From: Soren Martius Date: Tue, 7 Jan 2020 08:32:52 -0300 Subject: [PATCH 2/2] add documentation to README.md --- .pre-commit-hooks.yaml | 5 +++- README.adoc | 58 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 1 deletion(-) diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index 7acd0c9..ce1f5a6 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -1,5 +1,6 @@ # Configuring our pre-commit hooks to be used with pre-commit: http://pre-commit.com/ +# https://www.terraform.io/docs/commands/fmt.html - id: terraform-fmt name: Terraform fmt description: The terraform fmt command is used to rewrite Terraform configuration files to a canonical format and style. This command applies a subset of the Terraform language style conventions, along with other minor adjustments for readability. @@ -9,6 +10,7 @@ exclude: \.+.terraform\/.*$ require_serial: true +# https://www.terraform.io/docs/commands/validate.html - id: terraform-validate name: Terraform validate description: The terraform validate command validates all Terraform configuration files, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc. @@ -18,9 +20,10 @@ exclude: \.+.terraform\/.*$ require_serial: true +# https://github.com/terraform-linters/tflint - id: tflint name: tflint - description: Linter for Terraform source code + description: TFLint is a Terraform linter focused on possible errors, best practices, etc. (Terraform >= 0.12) entry: hooks/tflint.sh language: script files: \.tf$ diff --git a/README.adoc b/README.adoc index e69de29..7156109 100644 --- a/README.adoc +++ b/README.adoc @@ -0,0 +1,58 @@ +// AsciiDoc TOC settings +:toc: +:toc-placement!: +:toc-title: + +// GitHub Flavored Asciidoc (GFA). See https://gist.github.com/dcode/0cfbf2699a1fe9b46ff04c41721dda74 for details. +ifdef::env-github[] +:tip-caption: :bulb: +:note-caption: :information_source: +:important-caption: :heavy_exclamation_mark: +:caution-caption: :fire: +:warning-caption: :warning: +endif::[] + += pre-commit-hooks + +This repository is a collection of https://pre-commit.com/[pre-commit hooks] used by https://mineiros.io[mineiros.io]. + +Currently, the following hooks are supported: + +* terraform-fmt: The terraform fmt command is used to rewrite Terraform configuration `*.tf` files to a canonical format and style. +* terraform-validate: The terraform validate command validates all Terraform configuration `*.tf` files, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc. +* tflint: TFLint is a Terraform linter focused on possible errors, best practices, etc. (Terraform >= 0.12). Applied to all Terraform configuration `*.tf` files. + +== Installation +Install https://pre-commit.com/[pre-commit]. E.G. `brew install pre-commit` + +== Usage + +Create a `.pre-commit-config.yaml` inside your repositories. You can dynamically add and remove hooks inside the configuration file. +Please see the https://pre-commit.com/#usage[documentation] for further information. + +``` +repos: + - repo: https://github.com/mineiros-io/pre-commit-hooks + rev: # Check for the latest version: https://github.com/mineiros-io/pre-commit-hooks/releases + hooks: + - id: terraform-fmt + - id: terraform-validate + - id: tflint +``` + +Once you created the configuration file inside your repository, you must run `pre-commit install` to activate the hooks. + +That's it, pre-commit will now listen for changes in your files and run the checks accordingly. + +=== Run Check against All Files + +==== Example: Run A Specific Hook +``` +pre-commit run terraform-validate --all-files +``` + +==== Example: Run All Hooks ( Useful Inside CI ) +``` + +pre-commit run --all-files +```