infrastructure-aws-template/.pre-commit-config.yaml at main · hoverkraft-tech/infrastructure-aws-template · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
      - id: check-merge-conflict
      - id: end-of-file-fixer
        exclude: ^.*/\.infracost/terraform_modules/manifest\.json$
      - id: check-added-large-files
      - id: check-case-conflict
      - id: check-json
      - id: check-executables-have-shebangs
      - id: check-symlinks
      - id: check-yaml
      - id: detect-aws-credentials
      - id: mixed-line-ending
      - id: trailing-whitespace

  - repo: https://github.com/antonbabenko/pre-commit-terraform
    rev: v1.88.0
    hooks:
      #
      # NOTE: this is very slow you might want to enable it
      # from time to time but not on every commit
      # - id: terraform_providers_lock
      #   args:
      #     - --tf-init-args=-upgrade
      #     - --args=-platform=windows_amd64
      #     - --args=-platform=darwin_amd64
      #     - --args=-platform=darwin_arm64
      #     - --args=-platform=linux_amd64
      - id: terraform_validate
      - id: tfupdate
        name: Autoupdate Terraform versions (terraform)
        args:
          - --args=terraform
          - --args=--version '~> 1.3'
      - id: tfupdate
        name: Autoupdate Terraform versions (aws provider)
        args:
          - --args=provider aws
          - --args=--version '~> 4.30'
      - id: terraform_fmt
      - id: terraform_docs
        args:
          - "--args=--lockfile=false"
          - --hook-config=--path-to-file=README.md
          - --hook-config=--add-to-existing-file=true
          - --hook-config=--create-file-if-not-exist=true
      - id: terraform_tflint
        args:
          - "--args=--module"
          - "--args=--config=.tflint.hcl"
      - id: terraform_trivy
        args:
          - --args="--skip-dirs='**/.terragrunt-cache'"
      - id: terraform_checkov
        args:
          - --args=--config-file __GIT_WORKING_DIR__/.checkov.yaml
      - id: infracost_breakdown
        args:
          - --args="--path=envs --exclude-path='./envs/*/eks/secrets/*'"
          - --hook-config='.totalMonthlyCost | tonumber < 900'
          - --hook-config='.currency == "USD"'
        verbose: false # Always show costs

  - repo: https://github.com/gruntwork-io/pre-commit
    rev: v0.1.23
    hooks:
      - id: terragrunt-hclfmt