Terraform Pre-Commit Hooks
2022/04/01
There are many tools that can make sure your Terraform repo remains well-formated and tested. Using Git pre-commit hooks, one can easily incorporate these tools into everyday Terraform workflow.
1. Prerequisite: pre-commit
- Install pre-commit (opens in a new tab)
- Pip:
pip install pre-commit
- Homebrew:
brew install pre-commit
- Apt:
apt install pre-commit
- Conda:
conda install -c conda-forge pre-commit
- Pip:
2. Install third-party tools
- tflint (opens in a new tab): A Pluggable Terraform Linter
- tfsec (opens in a new tab): A static analysis security scanner
- checkov (opens in a new tab): A static code analysis tool for infrastructure-as-code
3. Configuration
In the root of your Terraform repo, add a file called .pre-commit-config.yaml
# .pre-commit-config.yaml
default_stages: [commit]
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.64.1
hooks:
- id: terraform_fmt
- id: terraform_validate
- id: terraform_tflint
- id: terraform_tfsec
- id: checkov
- id: terraform_docs_replace
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.1.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml
- id: check-added-large-files
4. Test
Manually run hooks:
pre-commit run -a
5. Install
To install the pre-commit hook, simply run:
pre-commit install
That's it! You're good to go locally.
5. Run in CI
Local pre-commits are super useful but they're even better in CI. With Terrateam (opens in a new tab) you get all of these tests out of the box. No configuration required.
Native Terraform checks and trusted third-party tools run directly from the Terrateam GitHub Action to make sure your code is formatted properly, validated, and secure.
Sign up free here (opens in a new tab)