This repository provides a collection of pre-commit Git hooks designed to automate the validation, formatting, and documentation of Terraform, OpenTofu, and Terragrunt configurations. It targets infrastructure engineers and DevOps professionals seeking to enforce code quality and consistency within their IaC workflows.

How It Works

The project leverages the pre-commit framework to integrate various static analysis and formatting tools directly into the Git commit process. It supports Terraform and Terragrunt files, offering hooks for linting (TFLint, TFSec, Trivy, Checkov), formatting (terraform fmt, terragrunt fmt), documentation generation (terraform-docs), and dependency management (terraform_providers_lock, terragrunt_providers_lock). The hooks can be run locally or within CI environments, either as standalone Git hooks or via a Docker image.

Quick Start & Requirements

• Install: Add the repository to your .pre-commit-config.yaml.
• Prerequisites: git, pre-commit, terraform or opentofu, bash 3.2.57+. Many hooks require additional tools like checkov, terraform-docs, tflint, tfsec, trivy, terrascan, infracost, tfupdate, hcledit, and jq.
• Docker: docker pull ghcr.io/antonbabenko/pre-commit-terraform:latest or build from source.
• Setup: Requires installing pre-commit and potentially individual tools or building the Docker image. Configuration involves creating a .pre-commit-config.yaml file.
• Docs: https://github.com/antonbabenko/pre-commit-terraform

Highlighted Details

• Supports Terraform, OpenTofu, and Terragrunt.
• Extensive hook selection for security, formatting, and documentation.
• Customizable hook arguments and environment variables.
• Docker image available for consistent execution.
• Supports custom Terraform binary paths, including OpenTofu.

Maintenance & Community

• Maintained by Anton Babenko.
• Open to contributions and sponsorships.
• Links to issues and contribution notes are provided.

Licensing & Compatibility

• MIT licensed.
• Compatible with commercial use and closed-source linking.

Limitations & Caveats

The terraform_validate hook may error with Terraform 0.15+ provider configuration aliases; workarounds are provided. Some hooks might be slow depending on repository size and machine resources. The README notes that checkov and terraform_tfsec hooks are deprecated in favor of terraform_checkov and terraform_trivy respectively.