diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index d84ca6d..6944a0a 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,21 +1,61 @@
repos:
-- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.62.1
- hooks:
- - id: terraform_validate
- - id: terraform_fmt
- - id: terraform_docs
- args:
- - --args=--config=.terraform-docs.yml
- # exclude: version.tf
- exclude: examples/
- - id: terraform_tflint
- args: [ "--args=--config=__GIT_WORKING_DIR__/.tflint.hcl"]
- exclude: examples/
-
- repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v4.0.1
+ rev: v4.6.0
hooks:
- - id: check-symlinks
+ # Git style
+ - id: check-added-large-files
+ - id: check-merge-conflict
+ - id: check-vcs-permalinks
+ - id: forbid-new-submodules
+ - id: no-commit-to-branch
+
+ # Common errors
+ - id: end-of-file-fixer
+ - id: trailing-whitespace
+ args: [--markdown-linebreak-ext=md]
+ exclude: CHANGELOG.md
+ - id: check-yaml
+ - id: check-merge-conflict
+ - id: check-executables-have-shebangs
+
+ # Cross platform
+ - id: check-case-conflict
+ - id: mixed-line-ending
+ args: [--fix=lf]
+
+ # Security
- id: detect-aws-credentials
+ args: ['--allow-missing-credentials']
- id: detect-private-key
+
+
+- repo: https://github.com/jumanjihouse/pre-commit-hooks
+ rev: 3.0.0
+ hooks:
+ - id: shfmt
+ args: ['-l', '-i', '2', '-ci', '-sr', '-w']
+ - id: shellcheck
+
+# Dockerfile linter
+- repo: https://github.com/hadolint/hadolint
+ rev: v2.12.1-beta
+ hooks:
+ - id: hadolint
+ args: [
+ '--ignore', 'DL3007', # Using latest
+ '--ignore', 'DL3013', # Pin versions in pip
+ '--ignore', 'DL3027', # Do not use apt
+ '--ignore', 'DL3059', # Docker `RUN`s shouldn't be consolidated here
+ '--ignore', 'DL4006', # Not related to alpine
+ '--ignore', 'SC1091', # Useless check
+ '--ignore', 'SC2015', # Useless check
+ '--ignore', 'SC3037', # Not related to alpine
+ ]
+
+# JSON5 Linter
+- repo: https://github.com/pre-commit/mirrors-prettier
+ rev: v3.1.0
+ hooks:
+ - id: prettier
+ # https://prettier.io/docs/en/options.html#parser
+ files: '.json5$'
diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml
new file mode 100644
index 0000000..520c3f0
--- /dev/null
+++ b/.pre-commit-hooks.yaml
@@ -0,0 +1,169 @@
+- id: infracost_breakdown
+ name: Infracost breakdown
+ description: Check terraform infrastructure cost
+ entry: hooks/infracost_breakdown.sh
+ language: script
+ require_serial: true
+ files: \.(tf(vars)?|hcl)$
+ exclude: \.terraform/.*$
+
+- id: terraform_fmt
+ name: Terraform fmt
+ description: Rewrites all Terraform configuration files to a canonical format.
+ entry: hooks/terraform_fmt.sh
+ language: script
+ files: (\.tf|\.tfvars)$
+ exclude: \.terraform/.*$
+
+- id: terraform_docs
+ name: Terraform docs
+ description: Inserts input and output documentation into README.md (using terraform-docs).
+ require_serial: true
+ entry: hooks/terraform_docs.sh
+ language: script
+ files: (\.tf|\.terraform\.lock\.hcl)$
+ exclude: \.terraform/.*$
+
+- id: terraform_docs_without_aggregate_type_defaults
+ name: Terraform docs (without aggregate type defaults)
+ description: Inserts input and output documentation into README.md (using terraform-docs). Identical to terraform_docs.
+ require_serial: true
+ entry: hooks/terraform_docs.sh
+ language: script
+ files: (\.tf)$
+ exclude: \.terraform/.*$
+
+- id: terraform_docs_replace
+ name: Terraform docs (overwrite README.md)
+ description: Overwrite content of README.md with terraform-docs.
+ require_serial: true
+ entry: terraform_docs_replace
+ language: python
+ files: (\.tf)$
+ exclude: \.terraform/.*$
+
+- id: terraform_validate
+ name: Terraform validate
+ description: Validates all Terraform configuration files.
+ require_serial: true
+ entry: hooks/terraform_validate.sh
+ language: script
+ files: \.(tf(vars)?|terraform\.lock\.hcl)$
+ exclude: \.terraform/.*$
+
+- id: terraform_providers_lock
+ name: Lock terraform provider versions
+ description: Updates provider signatures in dependency lock files.
+ require_serial: true
+ entry: hooks/terraform_providers_lock.sh
+ language: script
+ files: (\.terraform\.lock\.hcl)$
+ exclude: \.terraform/.*$
+
+- id: terraform_tflint
+ name: Terraform validate with tflint
+ description: Validates all Terraform configuration files with TFLint.
+ require_serial: true
+ entry: hooks/terraform_tflint.sh
+ language: script
+ files: (\.tf|\.tfvars)$
+ exclude: \.terraform/.*$
+
+- id: terragrunt_fmt
+ name: Terragrunt fmt
+ description: Rewrites all Terragrunt configuration files to a canonical format.
+ entry: hooks/terragrunt_fmt.sh
+ language: script
+ files: (\.hcl)$
+ exclude: \.terraform/.*$
+
+- id: terragrunt_validate
+ name: Terragrunt validate
+ description: Validates all Terragrunt configuration files.
+ entry: hooks/terragrunt_validate.sh
+ language: script
+ files: (\.hcl)$
+ exclude: \.terraform/.*$
+
+- id: terragrunt_validate_inputs
+ name: Terragrunt validate inputs
+ description: Validates Terragrunt unused and undefined inputs.
+ entry: hooks/terragrunt_validate_inputs.sh
+ language: script
+ files: (\.hcl)$
+ exclude: \.terraform/.*$
+
+- id: terragrunt_providers_lock
+ name: Terragrunt providers lock
+ description: Updates provider signatures in dependency lock files using terragrunt.
+ entry: hooks/terragrunt_providers_lock.sh
+ language: script
+ files: (terragrunt|\.terraform\.lock)\.hcl$
+ exclude: \.(terraform/.*|terragrunt-cache)$
+
+- id: terraform_tfsec
+ name: Terraform validate with tfsec (deprecated, use "terraform_trivy")
+ description: Static analysis of Terraform templates to spot potential security issues.
+ require_serial: true
+ entry: hooks/terraform_tfsec.sh
+ files: \.tf(vars)?$
+ language: script
+
+- id: terraform_trivy
+ name: Terraform validate with trivy
+ description: Static analysis of Terraform templates to spot potential security issues.
+ require_serial: true
+ entry: hooks/terraform_trivy.sh
+ files: \.tf(vars)?$
+ language: script
+
+- id: checkov
+ name: checkov (deprecated, use "terraform_checkov")
+ description: Runs checkov on Terraform templates.
+ entry: checkov -d .
+ language: python
+ pass_filenames: false
+ always_run: false
+ files: \.tf$
+ exclude: \.terraform/.*$
+ require_serial: true
+
+- id: terraform_checkov
+ name: Checkov
+ description: Runs checkov on Terraform templates.
+ entry: hooks/terraform_checkov.sh
+ language: script
+ always_run: false
+ files: \.tf$
+ exclude: \.terraform/.*$
+ require_serial: true
+
+- id: terraform_wrapper_module_for_each
+ name: Terraform wrapper with for_each in module
+ description: Generate Terraform wrappers with for_each in module.
+ entry: hooks/terraform_wrapper_module_for_each.sh
+ language: script
+ pass_filenames: false
+ always_run: false
+ require_serial: true
+ files: \.tf$
+ exclude: \.terraform/.*$
+
+- id: terrascan
+ name: terrascan
+ description: Runs terrascan on Terraform templates.
+ language: script
+ entry: hooks/terrascan.sh
+ files: \.tf$
+ exclude: \.terraform/.*$
+ require_serial: true
+
+- id: tfupdate
+ name: tfupdate
+ description: Runs tfupdate on Terraform templates.
+ language: script
+ entry: hooks/tfupdate.sh
+ args:
+ - --args=terraform
+ files: \.tf$
+ require_serial: true
diff --git a/.terraform-docs.yml b/.terraform-docs.yml
index b79e5b5..fabfb8d 100644
--- a/.terraform-docs.yml
+++ b/.terraform-docs.yml
@@ -5,7 +5,7 @@ footer-from: ""
sections:
## hide: []
- show:
+ show:
- data-sources
- header
- footer
@@ -15,31 +15,30 @@ sections:
- providers
- requirements
- resources
-
+
output:
file: README.md
- # mode: replace
mode: inject
template: |-
{{ .Content }}
-## output-values:
-## enabled: false
-## from: ""
-##
-## sort:
-## enabled: true
-## by: name
-##
-## settings:
-## anchor: true
-## color: true
-## default: true
-## description: false
-## escape: true
-## indent: 2
-## required: true
-## sensitive: true
-## type: true
+output-values:
+ enabled: false
+ from: ""
+
+sort:
+ enabled: true
+ by: name
+
+settings:
+ anchor: true
+ color: true
+ default: true
+ description: true
+ escape: true
+ indent: 2
+ required: true
+ sensitive: true
+ type: true
diff --git a/.tflint.hcl b/.tflint.hcl
index fcc2fa8..a4029d7 100644
--- a/.tflint.hcl
+++ b/.tflint.hcl
@@ -1,15 +1,15 @@
config {
- module = true
- force = false
+ module = true
+ force = false
disabled_by_default = false
-# ignore_module = {
-# "terraform-aws-modules/vpc/aws" = true
-# "terraform-aws-modules/security-group/aws" = true
-# }
+ # ignore_module = {
+ # "terraform-aws-modules/vpc/aws" = true
+ # "terraform-aws-modules/security-group/aws" = true
+ # }
-# varfile = ["example1.tfvars", "example2.tfvars"]
-# variables = ["foo=bar", "bar=[\"baz\"]"]
+ # varfile = ["example1.tfvars", "example2.tfvars"]
+ # variables = ["foo=bar", "bar=[\"baz\"]"]
}
rule "aws_instance_invalid_type" {
diff --git a/README.md b/README.md
index 4a9a60b..4acdc5f 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ kube-proxy
- update upstream cluster module to 20.20.0
- created changelog
-
+
## Requirements
| Name | Version |
@@ -43,12 +43,12 @@ kube-proxy
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.14.0 |
-| [aws.route53\_main\_east](#provider\_aws.route53\_main\_east) | >= 5.14.0 |
-| [aws.route53\_main\_west](#provider\_aws.route53\_main\_west) | >= 5.14.0 |
-| [aws.self](#provider\_aws.self) | >= 5.14.0 |
-| [kubernetes](#provider\_kubernetes) | n/a |
-| [null](#provider\_null) | >= 3.2.1 |
+| [aws](#provider\_aws) | 5.60.0 |
+| [aws.route53\_main\_east](#provider\_aws.route53\_main\_east) | 5.60.0 |
+| [aws.route53\_main\_west](#provider\_aws.route53\_main\_west) | 5.60.0 |
+| [aws.self](#provider\_aws.self) | 5.60.0 |
+| [kubernetes](#provider\_kubernetes) | 2.31.0 |
+| [null](#provider\_null) | 3.2.2 |
## Modules