fmt

SCT-Engineering · Jul 31, 2024 · 720439a · 720439a
1 parent e3c904b
commit 720439a
Show file tree

Hide file tree

Showing 5 changed files with 260 additions and 52 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,21 +1,61 @@
 repos:
-- repo: https://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.62.1
-  hooks:
-    - id: terraform_validate
-    - id: terraform_fmt
-    - id: terraform_docs
-      args:
-        - --args=--config=.terraform-docs.yml
-      # exclude: version.tf
-      exclude: examples/
-    - id: terraform_tflint 
-      args:  [ "--args=--config=__GIT_WORKING_DIR__/.tflint.hcl"]
-      exclude: examples/
-
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.0.1
+  rev: v4.6.0
   hooks:
-    - id: check-symlinks
+    # Git style
+    - id: check-added-large-files
+    - id: check-merge-conflict
+    - id: check-vcs-permalinks
+    - id: forbid-new-submodules
+    - id: no-commit-to-branch
+
+    # Common errors
+    - id: end-of-file-fixer
+    - id: trailing-whitespace
+      args: [--markdown-linebreak-ext=md]
+      exclude: CHANGELOG.md
+    - id: check-yaml
+    - id: check-merge-conflict
+    - id: check-executables-have-shebangs
+
+    # Cross platform
+    - id: check-case-conflict
+    - id: mixed-line-ending
+      args: [--fix=lf]
+
+    # Security
     - id: detect-aws-credentials
+      args: ['--allow-missing-credentials']
     - id: detect-private-key
+
+
+- repo: https://github.com/jumanjihouse/pre-commit-hooks
+  rev: 3.0.0
+  hooks:
+    - id: shfmt
+      args: ['-l', '-i', '2', '-ci', '-sr', '-w']
+    - id: shellcheck
+
+# Dockerfile linter
+- repo: https://github.com/hadolint/hadolint
+  rev: v2.12.1-beta
+  hooks:
+    - id: hadolint
+      args: [
+        '--ignore', 'DL3007', # Using latest
+        '--ignore', 'DL3013', # Pin versions in pip
+        '--ignore', 'DL3027', # Do not use apt
+        '--ignore', 'DL3059', # Docker `RUN`s shouldn't be consolidated here
+        '--ignore', 'DL4006', # Not related to alpine
+        '--ignore', 'SC1091', # Useless check
+        '--ignore', 'SC2015', # Useless check
+        '--ignore', 'SC3037', # Not related to alpine
+      ]
+
+# JSON5 Linter
+- repo: https://github.com/pre-commit/mirrors-prettier
+  rev: v3.1.0
+  hooks:
+  - id: prettier
+    # https://prettier.io/docs/en/options.html#parser
+    files: '.json5$'
diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml
@@ -0,0 +1,169 @@
+- id: infracost_breakdown
+  name: Infracost breakdown
+  description: Check terraform infrastructure cost
+  entry: hooks/infracost_breakdown.sh
+  language: script
+  require_serial: true
+  files: \.(tf(vars)?|hcl)$
+  exclude: \.terraform/.*$
+
+- id: terraform_fmt
+  name: Terraform fmt
+  description: Rewrites all Terraform configuration files to a canonical format.
+  entry: hooks/terraform_fmt.sh
+  language: script
+  files: (\.tf|\.tfvars)$
+  exclude: \.terraform/.*$
+
+- id: terraform_docs
+  name: Terraform docs
+  description: Inserts input and output documentation into README.md (using terraform-docs).
+  require_serial: true
+  entry: hooks/terraform_docs.sh
+  language: script
+  files: (\.tf|\.terraform\.lock\.hcl)$
+  exclude: \.terraform/.*$
+
+- id: terraform_docs_without_aggregate_type_defaults
+  name: Terraform docs (without aggregate type defaults)
+  description: Inserts input and output documentation into README.md (using terraform-docs). Identical to terraform_docs.
+  require_serial: true
+  entry: hooks/terraform_docs.sh
+  language: script
+  files: (\.tf)$
+  exclude: \.terraform/.*$
+
+- id: terraform_docs_replace
+  name: Terraform docs (overwrite README.md)
+  description: Overwrite content of README.md with terraform-docs.
+  require_serial: true
+  entry: terraform_docs_replace
+  language: python
+  files: (\.tf)$
+  exclude: \.terraform/.*$
+
+- id: terraform_validate
+  name: Terraform validate
+  description: Validates all Terraform configuration files.
+  require_serial: true
+  entry: hooks/terraform_validate.sh
+  language: script
+  files: \.(tf(vars)?|terraform\.lock\.hcl)$
+  exclude: \.terraform/.*$
+
+- id: terraform_providers_lock
+  name: Lock terraform provider versions
+  description: Updates provider signatures in dependency lock files.
+  require_serial: true
+  entry: hooks/terraform_providers_lock.sh
+  language: script
+  files: (\.terraform\.lock\.hcl)$
+  exclude: \.terraform/.*$
+
+- id: terraform_tflint
+  name: Terraform validate with tflint
+  description: Validates all Terraform configuration files with TFLint.
+  require_serial: true
+  entry: hooks/terraform_tflint.sh
+  language: script
+  files: (\.tf|\.tfvars)$
+  exclude: \.terraform/.*$
+
+- id: terragrunt_fmt
+  name: Terragrunt fmt
+  description: Rewrites all Terragrunt configuration files to a canonical format.
+  entry: hooks/terragrunt_fmt.sh
+  language: script
+  files: (\.hcl)$
+  exclude: \.terraform/.*$
+
+- id: terragrunt_validate
+  name: Terragrunt validate
+  description: Validates all Terragrunt configuration files.
+  entry: hooks/terragrunt_validate.sh
+  language: script
+  files: (\.hcl)$
+  exclude: \.terraform/.*$
+
+- id: terragrunt_validate_inputs
+  name: Terragrunt validate inputs
+  description: Validates Terragrunt unused and undefined inputs.
+  entry: hooks/terragrunt_validate_inputs.sh
+  language: script
+  files: (\.hcl)$
+  exclude: \.terraform/.*$
+
+- id: terragrunt_providers_lock
+  name: Terragrunt providers lock
+  description: Updates provider signatures in dependency lock files using terragrunt.
+  entry: hooks/terragrunt_providers_lock.sh
+  language: script
+  files: (terragrunt|\.terraform\.lock)\.hcl$
+  exclude: \.(terraform/.*|terragrunt-cache)$
+
+- id: terraform_tfsec
+  name: Terraform validate with tfsec (deprecated, use "terraform_trivy")
+  description: Static analysis of Terraform templates to spot potential security issues.
+  require_serial: true
+  entry: hooks/terraform_tfsec.sh
+  files: \.tf(vars)?$
+  language: script
+
+- id: terraform_trivy
+  name: Terraform validate with trivy
+  description: Static analysis of Terraform templates to spot potential security issues.
+  require_serial: true
+  entry: hooks/terraform_trivy.sh
+  files: \.tf(vars)?$
+  language: script
+
+- id: checkov
+  name: checkov (deprecated, use "terraform_checkov")
+  description: Runs checkov on Terraform templates.
+  entry: checkov -d .
+  language: python
+  pass_filenames: false
+  always_run: false
+  files: \.tf$
+  exclude: \.terraform/.*$
+  require_serial: true
+
+- id: terraform_checkov
+  name: Checkov
+  description: Runs checkov on Terraform templates.
+  entry: hooks/terraform_checkov.sh
+  language: script
+  always_run: false
+  files: \.tf$
+  exclude: \.terraform/.*$
+  require_serial: true
+
+- id: terraform_wrapper_module_for_each
+  name: Terraform wrapper with for_each in module
+  description: Generate Terraform wrappers with for_each in module.
+  entry: hooks/terraform_wrapper_module_for_each.sh
+  language: script
+  pass_filenames: false
+  always_run: false
+  require_serial: true
+  files: \.tf$
+  exclude: \.terraform/.*$
+
+- id: terrascan
+  name: terrascan
+  description: Runs terrascan on Terraform templates.
+  language: script
+  entry: hooks/terrascan.sh
+  files: \.tf$
+  exclude: \.terraform/.*$
+  require_serial: true
+
+- id: tfupdate
+  name: tfupdate
+  description: Runs tfupdate on Terraform templates.
+  language: script
+  entry: hooks/tfupdate.sh
+  args:
+    - --args=terraform
+  files: \.tf$
+  require_serial: true
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
@@ -5,7 +5,7 @@ footer-from: ""
 
 sections:
 ##  hide: []
-  show: 
+  show:
     - data-sources
     - header
     - footer
@@ -15,31 +15,30 @@ sections:
     - providers
     - requirements
     - resources
-    
+
 output:
   file: README.md
-  # mode: replace
   mode: inject
   template: |-
     <!-- BEGIN_TF_DOCS -->
     {{ .Content }}
     <!-- END_TF_DOCS -->
 
-## output-values:
-##   enabled: false
-##   from: ""
-## 
-## sort:
-##   enabled: true
-##   by: name
-## 
-## settings:
-##   anchor: true
-##   color: true
-##   default: true
-##   description: false
-##   escape: true
-##   indent: 2
-##   required: true
-##   sensitive: true
-##   type: true
+output-values:
+  enabled: false
+  from: ""
+
+sort:
+  enabled: true
+  by: name
+
+settings:
+  anchor: true
+  color: true
+  default: true
+  description: true
+  escape: true
+  indent: 2
+  required: true
+  sensitive: true
+  type: true
diff --git a/.tflint.hcl b/.tflint.hcl
@@ -1,15 +1,15 @@
 config {
-  module = true
-  force = false
+  module              = true
+  force               = false
   disabled_by_default = false
 
-#  ignore_module = {
-#    "terraform-aws-modules/vpc/aws"            = true
-#    "terraform-aws-modules/security-group/aws" = true
-#  }
+  #  ignore_module = {
+  #    "terraform-aws-modules/vpc/aws"            = true
+  #    "terraform-aws-modules/security-group/aws" = true
+  #  }
 
-#  varfile = ["example1.tfvars", "example2.tfvars"]
-#  variables = ["foo=bar", "bar=[\"baz\"]"]
+  #  varfile = ["example1.tfvars", "example2.tfvars"]
+  #  variables = ["foo=bar", "bar=[\"baz\"]"]
 }
 
 rule "aws_instance_invalid_type" {

diff --git a/README.md b/README.md
@@ -26,7 +26,7 @@ kube-proxy
   - update upstream cluster module to 20.20.0
   - created changelog
 
-<!--BEGIN-TF-DOCS-->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -43,12 +43,12 @@ kube-proxy
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.14.0 |
-| <a name="provider_aws.route53_main_east"></a> [aws.route53\_main\_east](#provider\_aws.route53\_main\_east) | >= 5.14.0 |
-| <a name="provider_aws.route53_main_west"></a> [aws.route53\_main\_west](#provider\_aws.route53\_main\_west) | >= 5.14.0 |
-| <a name="provider_aws.self"></a> [aws.self](#provider\_aws.self) | >= 5.14.0 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | n/a |
-| <a name="provider_null"></a> [null](#provider\_null) | >= 3.2.1 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.60.0 |
+| <a name="provider_aws.route53_main_east"></a> [aws.route53\_main\_east](#provider\_aws.route53\_main\_east) | 5.60.0 |
+| <a name="provider_aws.route53_main_west"></a> [aws.route53\_main\_west](#provider\_aws.route53\_main\_west) | 5.60.0 |
+| <a name="provider_aws.self"></a> [aws.self](#provider\_aws.self) | 5.60.0 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.31.0 |
+| <a name="provider_null"></a> [null](#provider\_null) | 3.2.2 |
 
 ## Modules