Open mtsulek opened 2 years ago
but it sees no diff when its set push and its getting always "skipped".
That is expected, because there is no git diff
on pre-push
stage. And next is redundant:
stages:
- push
https://pre-commit.com/#hooks-stages
You need manually detect differ files (GHA example) if you'd like to run pre-commit only on that files, otherwise, use pre-commit run -a
It would be great to have possibility to have hooks preconfigured with docker image and just run following without worrying about dependencies:
That already can be done via
TAG=latest
docker run -v $(pwd):/lint -w /lint ghcr.io/antonbabenko/pre-commit-terraform:$TAG run
or if you need specific versions use --build-arg
's as specified in 1. Install dependencies -> Docker
Also, it should not be a problem to create a shell or git alias to run the needed docker run
command.
Running all that stuff as many separate containers will slow down hook executions compared to a usage of OS-native env, different teams prefer to use different versions of each tool (and sometimes, their dependencies) so to do what you ask good (and w/o big maintenance effort) will need some time.
Anyway, glad to review your PR that will implement that.
P.S. That may resolve #397 as not needed, if anyone with Mac will switch to docker
.pre-commit-config.yamls
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform rev: v1.70.0 hooks:
- id: terraform_tflint_docker
- id: terraform_checkov_docker
I would also love to have the above functionality and not have to install any dependencies on my CI/CD pipeline.
Below, there is a list of repos that already offer pre-commit hooks using Docker:
Note: TF_PLUGIN_CACHE_DIR
should be exported and set inside most hooks. That may be related to other envs too.
Also, in case of TF_PLUGIN_CACHE_DIR
usage, terraform init
will need to run inside the container OR mount to the same path that is used outside. That need to have the right symlinks to cached dir in .terraform
, if .terrafrom
was generated outside the image.
So, work command is
TAG=latest
docker run \
-e "USERID=$(id -u):$(id -g)" \
-v "$TF_PLUGIN_CACHE_DIR:$TF_PLUGIN_CACHE_DIR" -e TF_PLUGIN_CACHE_DIR="$TF_PLUGIN_CACHE_DIR" \
-v $(pwd):/lint -w /lint \
ghcr.io/antonbabenko/pre-commit-terraform:$TAG run -a
Looks like https://github.com/antonbabenko/pre-commit-terraform/issues/622#issuecomment-1945725749 could be related to this issue
WORKDIR $PRE_COMMIT_CACHE
COPY .pre-commit-config.yaml .
RUN \
git init . && \
pre-commit install --install-hooks \
&& chmod -R a+rwX "$PRE_COMMIT_HOME"
Also, it can be done in slightly different way: https://github.com/StyraInc/regal/blob/4d7cbe19ff5dacc51e957f8811d30e681ddc7ea9/.pre-commit-hooks.yaml#L15-L20 Could be implemented after: https://github.com/antonbabenko/pre-commit-terraform/pull/644
Hello,
I am trying to implement pre-commit-terraform tflint fmt and checkov but I am facing issues when trying to execute it when running everything on docker image.
To be a bit more specific I just build image with dependencies and created .git/hooks/pre-push script manually:
This is how my .pre-commit-config.yamls looks like:
This surprisingly works very well when trying same solution for commit stage, but it sees no diff when its set push and its getting always "skipped". I saw there is a dedicated docker image but if I am correct there is no easy way for implementation in pre-commit-config.yaml to do the same but via docker image to get rid off dependencies.
How could pre-commit-terraform help solve your problem?
It would be great to have possibility to have hooks preconfigured with docker image and just run following without worrying about dependencies: