forked from antonbabenko/pre-commit-terraform
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.pre-commit-hooks.yaml
169 lines (151 loc) · 4.83 KB
/
.pre-commit-hooks.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
- id: infracost_breakdown
name: Infracost breakdown
description: Check terraform infrastructure cost
entry: hooks/infracost_breakdown.sh
language: script
require_serial: true
files: \.(tf(vars)?|hcl)$
exclude: \.terraform/.*$
- id: terraform_fmt
name: Terraform fmt
description: Rewrites all Terraform configuration files to a canonical format.
entry: hooks/terraform_fmt.sh
language: script
files: (\.tf|\.tfvars)$
exclude: \.terraform/.*$
- id: terraform_docs
name: Terraform docs
description: Inserts input and output documentation into README.md (using terraform-docs).
require_serial: true
entry: hooks/terraform_docs.sh
language: script
files: (\.tf|\.terraform\.lock\.hcl)$
exclude: \.terraform/.*$
- id: terraform_docs_without_aggregate_type_defaults
name: Terraform docs (without aggregate type defaults)
description: Inserts input and output documentation into README.md (using terraform-docs). Identical to terraform_docs.
require_serial: true
entry: hooks/terraform_docs.sh
language: script
files: (\.tf)$
exclude: \.terraform/.*$
- id: terraform_docs_replace
name: Terraform docs (overwrite README.md)
description: Overwrite content of README.md with terraform-docs.
require_serial: true
entry: terraform_docs_replace
language: python
files: (\.tf)$
exclude: \.terraform/.*$
- id: terraform_validate
name: Terraform validate
description: Validates all Terraform configuration files.
require_serial: true
entry: hooks/terraform_validate.sh
language: script
files: \.(tf(vars)?|terraform\.lock\.hcl)$
exclude: \.terraform/.*$
- id: terraform_providers_lock
name: Lock terraform provider versions
description: Updates provider signatures in dependency lock files.
require_serial: true
entry: hooks/terraform_providers_lock.sh
language: script
files: (\.terraform\.lock\.hcl)$
exclude: \.terraform/.*$
- id: terraform_tflint
name: Terraform validate with tflint
description: Validates all Terraform configuration files with TFLint.
require_serial: true
entry: hooks/terraform_tflint.sh
language: script
files: (\.tf|\.tfvars)$
exclude: \.terraform/.*$
- id: terragrunt_fmt
name: Terragrunt fmt
description: Rewrites all Terragrunt configuration files to a canonical format.
entry: hooks/terragrunt_fmt.sh
language: script
files: (\.hcl)$
exclude: \.terraform/.*$
- id: terragrunt_validate
name: Terragrunt validate
description: Validates all Terragrunt configuration files.
entry: hooks/terragrunt_validate.sh
language: script
files: (\.hcl)$
exclude: \.terraform/.*$
- id: terragrunt_validate_inputs
name: Terragrunt validate inputs
description: Validates Terragrunt unused and undefined inputs.
entry: hooks/terragrunt_validate_inputs.sh
language: script
files: (\.hcl)$
exclude: \.terraform/.*$
- id: terragrunt_providers_lock
name: Terragrunt providers lock
description: Updates provider signatures in dependency lock files using terragrunt.
entry: hooks/terragrunt_providers_lock.sh
language: script
files: (terragrunt|\.terraform\.lock)\.hcl$
exclude: \.(terraform/.*|terragrunt-cache)$
- id: terraform_tfsec
name: Terraform validate with tfsec (deprecated, use "terraform_trivy")
description: Static analysis of Terraform templates to spot potential security issues.
require_serial: true
entry: hooks/terraform_tfsec.sh
files: \.tf(vars)?$
language: script
- id: terraform_trivy
name: Terraform validate with trivy
description: Static analysis of Terraform templates to spot potential security issues.
require_serial: true
entry: hooks/terraform_trivy.sh
files: \.tf(vars)?$
language: script
- id: checkov
name: checkov (deprecated, use "terraform_checkov")
description: Runs checkov on Terraform templates.
entry: checkov -d .
language: python
pass_filenames: false
always_run: false
files: \.tf$
exclude: \.terraform/.*$
require_serial: true
- id: terraform_checkov
name: Checkov
description: Runs checkov on Terraform templates.
entry: hooks/terraform_checkov.sh
language: script
always_run: false
files: \.tf$
exclude: \.terraform/.*$
require_serial: true
- id: terraform_wrapper_module_for_each
name: Terraform wrapper with for_each in module
description: Generate Terraform wrappers with for_each in module.
entry: hooks/terraform_wrapper_module_for_each.sh
language: script
pass_filenames: false
always_run: false
require_serial: true
files: \.tf$
exclude: \.terraform/.*$
- id: terrascan
name: terrascan
description: Runs terrascan on Terraform templates.
language: script
entry: hooks/terrascan.sh
files: \.tf$
exclude: \.terraform/.*$
require_serial: true
- id: tfupdate
name: tfupdate
description: Runs tfupdate on Terraform templates.
language: script
entry: hooks/tfupdate.sh
args:
- --args=terraform
files: \.tf$
require_serial: true