Terraform Pre-Commit Hooks
There are many tools that can make sure your Terraform repo remains well-formated and tested. Using Git pre-commit hooks, one can easily incorporate these tools into everyday Terraform workflow.
- Install pre-commit
pip install pre-commit
brew install pre-commit
apt install pre-commit
conda install -c conda-forge pre-commit
- tflint: A Pluggable Terraform Linter
- tfsec: A static analysis security scanner
- checkov: A static code analysis tool for infrastructure-as-code
In the root of your Terraform repo, add a file called
# .pre-commit-config.yaml default_stages: [commit] repos: - repo: https://github.com/antonbabenko/pre-commit-terraform rev: v1.64.1 hooks: - id: terraform_fmt - id: terraform_validate - id: terraform_tflint - id: terraform_tfsec - id: checkov - id: terraform_docs_replace - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.1.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer - id: check-yaml - id: check-added-large-files
Manually run hooks:
pre-commit run -a
To install the pre-commit hook, simply run:
That's it! You're good to go locally.
Local pre-commits are super useful but they're even better in CI. With Terrateam you get all of these tests out of the box. No configuration required.
Native Terraform checks and trusted third-party tools run directly from the Terrateam GitHub Action to make sure your code is formatted properly, validated, and secure.
Sign up free here