Terraform Pre-Commit Hooks

2022/04/01

Name: Josh Pollara

There are many tools that can make sure your Terraform repo remains well-formated and tested. Using Git pre-commit hooks, one can easily incorporate these tools into everyday Terraform workflow.

1. Prerequisite: pre-commit

Install pre-commit (opens in a new tab)
- Pip: pip install pre-commit
- Homebrew: brew install pre-commit
- Apt: apt install pre-commit
- Conda: conda install -c conda-forge pre-commit

2. Install third-party tools

tflint (opens in a new tab): A Pluggable Terraform Linter
tfsec (opens in a new tab): A static analysis security scanner
checkov (opens in a new tab): A static code analysis tool for infrastructure-as-code

3. Configuration

In the root of your Terraform repo, add a file called .pre-commit-config.yaml

# .pre-commit-config.yaml
default_stages: [commit]
repos:
    - repo: https://github.com/antonbabenko/pre-commit-terraform
      rev: v1.64.1
      hooks:
          - id: terraform_fmt
          - id: terraform_validate
          - id: terraform_tflint
          - id: terraform_tfsec
          - id: checkov
          - id: terraform_docs_replace
    - repo: https://github.com/pre-commit/pre-commit-hooks
      rev: v4.1.0
      hooks:
          - id: trailing-whitespace
          - id: end-of-file-fixer
          - id: check-yaml
          - id: check-added-large-files

4. Test

Manually run hooks:

pre-commit run -a

5. Install

To install the pre-commit hook, simply run:

pre-commit install

That's it! You're good to go locally.

5. Run in CI

Local pre-commits are super useful but they're even better in CI. With Terrateam (opens in a new tab) you get all of these tests out of the box. No configuration required.

Native Terraform checks and trusted third-party tools run directly from the Terrateam GitHub Action to make sure your code is formatted properly, validated, and secure.

Sign up free here (opens in a new tab)

Introducing Terrateam Manage GitHub with Terraform