Using Pre-commit framework with Terraform
Or: Etiquette and table manners for pinging other people's servers.
The pre-commit stage is an important part of the CI/CD story. Clean/2022/12/getting-started-pre-commit-frameworkSample files
Fixing common issues
default_stages: [commit,push]
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.3.0
hooks:
- id: check-merge-conflict
- id: detect-aws-credentials
args: ['--allow-missing-credentials']
- id: detect-private-key
- id: end-of-file-fixer
- id: trailing-whitespace
check for merge conflicts................................................Passed
detect aws credentials...................................................Passed
detect private key.......................................................Passed
fix end of files.........................................................Failed
- hook id: end-of-file-fixer
- exit code: 1
- files were modified by this hook
Fixing main.tf
Fixing outputs.tf
Fixing variables.tf
trim trailing whitespace.................................................Passed
A quick look at git diff will show EOF fixes in all 3 files.
Fixing Terraform issues
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.76.0
hooks:
- id: terraform_fmt
- id: terraform_tflint
Output
check for merge conflicts................................................Passed
detect aws credentials...................................................Passed
detect private key.......................................................Passed
fix end of files.........................................................Passed
trim trailing whitespace.................................................Passed
Terraform fmt............................................................Failed
- hook id: terraform_fmt
- files were modified by this hook
main.tf
Terraform validate with tflint...........................................Passed
git diff
diff --git a/main.tf b/main.tf
index fb5f02f..70bec92 100644
--- a/main.tf
+++ b/main.tf
@@ -66,9 +66,9 @@ resource "aws_lb" "example" {
resource "aws_lb_listener" "http" {
load_balancer_arn = aws_lb.example.arn
- port = local.http_port
+ port = local.http_port
- protocol = "HTTP"
+ protocol = "HTTP"
# By default, return a simple 404 page
Checkov
- id: terraform_checkov
Output (truncated):
check for merge conflicts................................................Passed
detect aws credentials...................................................Passed
detect private key.......................................................Passed
fix end of files.........................................................Passed
trim trailing whitespace.................................................Passed
Terraform fmt............................................................Passed
Terraform validate with tflint...........................................Passed
Checkov..................................................................Failed
- hook id: terraform_checkov
- exit code: 1
[ terraform framework ]: 100% 3/3 [00:00<00:00, 232.52it/s, Current File Scanned=variables.tf]ma/dev/tmp/outputs.tf]
[ secrets framework ]: 100% 3/3 [00:00<00:00, 10.63it/s, Current File Scanned=/Users/ayushsharma/dev/tmp/variables.tf]
_ _
___| |__ ___ ___| | _______ __
/ __| '_ \ / _ \/ __| |/ / _ \ \ / /
| (__| | | | __/ (__| < (_) \ V /
\___|_| |_|\___|\___|_|\_\___/ \_/
By bridgecrew.io | version: 2.2.150
Update available 2.2.150 -> 2.2.155
Run pip3 install -U checkov to update
terraform scan results:
Passed checks: 19, Failed checks: 15, Skipped checks: 0
Complete file
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.3.0
hooks:
- id: check-merge-conflict
- id: detect-aws-credentials
args: ['--allow-missing-credentials']
- id: detect-private-key
- id: end-of-file-fixer
- id: trailing-whitespace
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.76.0
hooks:
- id: terraform_fmt
- id: terraform_tflint
- id: terraform_checkov
Enjoyed the article?
Help me fuel up so I can keep typing typing typing...
&emoji=โ&slug=ayushsharma&button_colour=FFDD00&font_colour=000000&font_family=Cookie&outline_colour=000000&coffee_colour=ffffff)
