-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
170 additions
and
169 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,169 +1,170 @@ | ||
| - id: infracost_breakdown | ||
| name: Infracost breakdown | ||
| description: Check terraform infrastructure cost | ||
| entry: hooks/infracost_breakdown.sh | ||
| language: script | ||
| require_serial: true | ||
| files: \.(tf(vars)?|hcl)$ | ||
| exclude: \.terraform/.*$ | ||
|
|
||
| - id: terraform_fmt | ||
| name: Terraform fmt | ||
| description: Rewrites all Terraform configuration files to a canonical format. | ||
| entry: hooks/terraform_fmt.sh | ||
| language: script | ||
| files: (\.tf|\.tfvars)$ | ||
| exclude: \.terraform/.*$ | ||
|
|
||
| - id: terraform_docs | ||
| name: Terraform docs | ||
| description: Inserts input and output documentation into README.md (using terraform-docs). | ||
| require_serial: true | ||
| entry: hooks/terraform_docs.sh | ||
| language: script | ||
| files: (\.tf|\.terraform\.lock\.hcl)$ | ||
| exclude: \.terraform/.*$ | ||
|
|
||
| - id: terraform_docs_without_aggregate_type_defaults | ||
| name: Terraform docs (without aggregate type defaults) | ||
| description: Inserts input and output documentation into README.md (using terraform-docs). Identical to terraform_docs. | ||
| require_serial: true | ||
| entry: hooks/terraform_docs.sh | ||
| language: script | ||
| files: (\.tf)$ | ||
| exclude: \.terraform/.*$ | ||
|
|
||
| - id: terraform_docs_replace | ||
| name: Terraform docs (overwrite README.md) | ||
| description: Overwrite content of README.md with terraform-docs. | ||
| require_serial: true | ||
| entry: terraform_docs_replace | ||
| language: python | ||
| files: (\.tf)$ | ||
| exclude: \.terraform/.*$ | ||
|
|
||
| - id: terraform_validate | ||
| name: Terraform validate | ||
| description: Validates all Terraform configuration files. | ||
| require_serial: true | ||
| entry: hooks/terraform_validate.sh | ||
| language: script | ||
| files: \.(tf(vars)?|terraform\.lock\.hcl)$ | ||
| exclude: \.terraform/.*$ | ||
|
|
||
| - id: terraform_providers_lock | ||
| name: Lock terraform provider versions | ||
| description: Updates provider signatures in dependency lock files. | ||
| require_serial: true | ||
| entry: hooks/terraform_providers_lock.sh | ||
| language: script | ||
| files: (\.terraform\.lock\.hcl)$ | ||
| exclude: \.terraform/.*$ | ||
|
|
||
| - id: terraform_tflint | ||
| name: Terraform validate with tflint | ||
| description: Validates all Terraform configuration files with TFLint. | ||
| require_serial: true | ||
| entry: hooks/terraform_tflint.sh | ||
| language: script | ||
| files: (\.tf|\.tfvars)$ | ||
| exclude: \.terraform/.*$ | ||
|
|
||
| - id: terragrunt_fmt | ||
| name: Terragrunt fmt | ||
| description: Rewrites all Terragrunt configuration files to a canonical format. | ||
| entry: hooks/terragrunt_fmt.sh | ||
| language: script | ||
| files: (\.hcl)$ | ||
| exclude: \.terraform/.*$ | ||
|
|
||
| - id: terragrunt_validate | ||
| name: Terragrunt validate | ||
| description: Validates all Terragrunt configuration files. | ||
| entry: hooks/terragrunt_validate.sh | ||
| language: script | ||
| files: (\.hcl)$ | ||
| exclude: \.terraform/.*$ | ||
|
|
||
| - id: terragrunt_validate_inputs | ||
| name: Terragrunt validate inputs | ||
| description: Validates Terragrunt unused and undefined inputs. | ||
| entry: hooks/terragrunt_validate_inputs.sh | ||
| language: script | ||
| files: (\.hcl)$ | ||
| exclude: \.terraform/.*$ | ||
|
|
||
| - id: terragrunt_providers_lock | ||
| name: Terragrunt providers lock | ||
| description: Updates provider signatures in dependency lock files using terragrunt. | ||
| entry: hooks/terragrunt_providers_lock.sh | ||
| language: script | ||
| files: (terragrunt|\.terraform\.lock)\.hcl$ | ||
| exclude: \.(terraform/.*|terragrunt-cache)$ | ||
|
|
||
| - id: terraform_tfsec | ||
| name: Terraform validate with tfsec (deprecated, use "terraform_trivy") | ||
| description: Static analysis of Terraform templates to spot potential security issues. | ||
| require_serial: true | ||
| entry: hooks/terraform_tfsec.sh | ||
| files: \.tf(vars)?$ | ||
| language: script | ||
|
|
||
| - id: terraform_trivy | ||
| name: Terraform validate with trivy | ||
| description: Static analysis of Terraform templates to spot potential security issues. | ||
| require_serial: true | ||
| entry: hooks/terraform_trivy.sh | ||
| files: \.tf(vars)?$ | ||
| language: script | ||
|
|
||
| - id: checkov | ||
| name: checkov (deprecated, use "terraform_checkov") | ||
| description: Runs checkov on Terraform templates. | ||
| entry: checkov -d . | ||
| language: python | ||
| pass_filenames: false | ||
| always_run: false | ||
| files: \.tf$ | ||
| exclude: \.terraform/.*$ | ||
| require_serial: true | ||
|
|
||
| - id: terraform_checkov | ||
| name: Checkov | ||
| description: Runs checkov on Terraform templates. | ||
| entry: hooks/terraform_checkov.sh | ||
| language: script | ||
| always_run: false | ||
| files: \.tf$ | ||
| exclude: \.terraform/.*$ | ||
| require_serial: true | ||
|
|
||
| - id: terraform_wrapper_module_for_each | ||
| name: Terraform wrapper with for_each in module | ||
| description: Generate Terraform wrappers with for_each in module. | ||
| entry: hooks/terraform_wrapper_module_for_each.sh | ||
| language: script | ||
| pass_filenames: false | ||
| always_run: false | ||
| require_serial: true | ||
| files: \.tf$ | ||
| exclude: \.terraform/.*$ | ||
|
|
||
| - id: terrascan | ||
| name: terrascan | ||
| description: Runs terrascan on Terraform templates. | ||
| language: script | ||
| entry: hooks/terrascan.sh | ||
| files: \.tf$ | ||
| exclude: \.terraform/.*$ | ||
| require_serial: true | ||
|
|
||
| - id: tfupdate | ||
| name: tfupdate | ||
| description: Runs tfupdate on Terraform templates. | ||
| language: script | ||
| entry: hooks/tfupdate.sh | ||
| args: | ||
| - --args=terraform | ||
| files: \.tf$ | ||
| require_serial: true | ||
| #### THESE ARE NOT ENABLED, THEY ARE FOR REFERENCE | ||
| # - id: infracost_breakdown | ||
| # name: Infracost breakdown | ||
| # description: Check terraform infrastructure cost | ||
| # entry: hooks/infracost_breakdown.sh | ||
| # language: script | ||
| # require_serial: true | ||
| # files: \.(tf(vars)?|hcl)$ | ||
| # exclude: \.terraform/.*$ | ||
|
|
||
| # - id: terraform_fmt | ||
| # name: Terraform fmt | ||
| # description: Rewrites all Terraform configuration files to a canonical format. | ||
| # entry: hooks/terraform_fmt.sh | ||
| # language: script | ||
| # files: (\.tf|\.tfvars)$ | ||
| # exclude: \.terraform/.*$ | ||
|
|
||
| # - id: terraform_docs | ||
| # name: Terraform docs | ||
| # description: Inserts input and output documentation into README.md (using terraform-docs). | ||
| # require_serial: true | ||
| # entry: hooks/terraform_docs.sh | ||
| # language: script | ||
| # files: (\.tf|\.terraform\.lock\.hcl)$ | ||
| # exclude: \.terraform/.*$ | ||
|
|
||
| # - id: terraform_docs_without_aggregate_type_defaults | ||
| # name: Terraform docs (without aggregate type defaults) | ||
| # description: Inserts input and output documentation into README.md (using terraform-docs). Identical to terraform_docs. | ||
| # require_serial: true | ||
| # entry: hooks/terraform_docs.sh | ||
| # language: script | ||
| # files: (\.tf)$ | ||
| # exclude: \.terraform/.*$ | ||
|
|
||
| # - id: terraform_docs_replace | ||
| # name: Terraform docs (overwrite README.md) | ||
| # description: Overwrite content of README.md with terraform-docs. | ||
| # require_serial: true | ||
| # entry: terraform_docs_replace | ||
| # language: python | ||
| # files: (\.tf)$ | ||
| # exclude: \.terraform/.*$ | ||
|
|
||
| # - id: terraform_validate | ||
| # name: Terraform validate | ||
| # description: Validates all Terraform configuration files. | ||
| # require_serial: true | ||
| # entry: hooks/terraform_validate.sh | ||
| # language: script | ||
| # files: \.(tf(vars)?|terraform\.lock\.hcl)$ | ||
| # exclude: \.terraform/.*$ | ||
|
|
||
| # - id: terraform_providers_lock | ||
| # name: Lock terraform provider versions | ||
| # description: Updates provider signatures in dependency lock files. | ||
| # require_serial: true | ||
| # entry: hooks/terraform_providers_lock.sh | ||
| # language: script | ||
| # files: (\.terraform\.lock\.hcl)$ | ||
| # exclude: \.terraform/.*$ | ||
|
|
||
| # - id: terraform_tflint | ||
| # name: Terraform validate with tflint | ||
| # description: Validates all Terraform configuration files with TFLint. | ||
| # require_serial: true | ||
| # entry: hooks/terraform_tflint.sh | ||
| # language: script | ||
| # files: (\.tf|\.tfvars)$ | ||
| # exclude: \.terraform/.*$ | ||
|
|
||
| # - id: terragrunt_fmt | ||
| # name: Terragrunt fmt | ||
| # description: Rewrites all Terragrunt configuration files to a canonical format. | ||
| # entry: hooks/terragrunt_fmt.sh | ||
| # language: script | ||
| # files: (\.hcl)$ | ||
| # exclude: \.terraform/.*$ | ||
|
|
||
| # - id: terragrunt_validate | ||
| # name: Terragrunt validate | ||
| # description: Validates all Terragrunt configuration files. | ||
| # entry: hooks/terragrunt_validate.sh | ||
| # language: script | ||
| # files: (\.hcl)$ | ||
| # exclude: \.terraform/.*$ | ||
|
|
||
| # - id: terragrunt_validate_inputs | ||
| # name: Terragrunt validate inputs | ||
| # description: Validates Terragrunt unused and undefined inputs. | ||
| # entry: hooks/terragrunt_validate_inputs.sh | ||
| # language: script | ||
| # files: (\.hcl)$ | ||
| # exclude: \.terraform/.*$ | ||
|
|
||
| # - id: terragrunt_providers_lock | ||
| # name: Terragrunt providers lock | ||
| # description: Updates provider signatures in dependency lock files using terragrunt. | ||
| # entry: hooks/terragrunt_providers_lock.sh | ||
| # language: script | ||
| # files: (terragrunt|\.terraform\.lock)\.hcl$ | ||
| # exclude: \.(terraform/.*|terragrunt-cache)$ | ||
|
|
||
| # - id: terraform_tfsec | ||
| # name: Terraform validate with tfsec (deprecated, use "terraform_trivy") | ||
| # description: Static analysis of Terraform templates to spot potential security issues. | ||
| # require_serial: true | ||
| # entry: hooks/terraform_tfsec.sh | ||
| # files: \.tf(vars)?$ | ||
| # language: script | ||
|
|
||
| # - id: terraform_trivy | ||
| # name: Terraform validate with trivy | ||
| # description: Static analysis of Terraform templates to spot potential security issues. | ||
| # require_serial: true | ||
| # entry: hooks/terraform_trivy.sh | ||
| # files: \.tf(vars)?$ | ||
| # language: script | ||
|
|
||
| # - id: checkov | ||
| # name: checkov (deprecated, use "terraform_checkov") | ||
| # description: Runs checkov on Terraform templates. | ||
| # entry: checkov -d . | ||
| # language: python | ||
| # pass_filenames: false | ||
| # always_run: false | ||
| # files: \.tf$ | ||
| # exclude: \.terraform/.*$ | ||
| # require_serial: true | ||
|
|
||
| # - id: terraform_checkov | ||
| # name: Checkov | ||
| # description: Runs checkov on Terraform templates. | ||
| # entry: hooks/terraform_checkov.sh | ||
| # language: script | ||
| # always_run: false | ||
| # files: \.tf$ | ||
| # exclude: \.terraform/.*$ | ||
| # require_serial: true | ||
|
|
||
| # - id: terraform_wrapper_module_for_each | ||
| # name: Terraform wrapper with for_each in module | ||
| # description: Generate Terraform wrappers with for_each in module. | ||
| # entry: hooks/terraform_wrapper_module_for_each.sh | ||
| # language: script | ||
| # pass_filenames: false | ||
| # always_run: false | ||
| # require_serial: true | ||
| # files: \.tf$ | ||
| # exclude: \.terraform/.*$ | ||
|
|
||
| # - id: terrascan | ||
| # name: terrascan | ||
| # description: Runs terrascan on Terraform templates. | ||
| # language: script | ||
| # entry: hooks/terrascan.sh | ||
| # files: \.tf$ | ||
| # exclude: \.terraform/.*$ | ||
| # require_serial: true | ||
|
|
||
| # - id: tfupdate | ||
| # name: tfupdate | ||
| # description: Runs tfupdate on Terraform templates. | ||
| # language: script | ||
| # entry: hooks/tfupdate.sh | ||
| # args: | ||
| # - --args=terraform | ||
| # files: \.tf$ | ||
| # require_serial: true |