pre-commit git hooks to take care of Terraform configurations
Easier execution via docker image #418

I am trying to implement pre-commit-terraform tflint fmt and checkov but I am facing issues when trying to execute it when running everything on docker image.

To be a bit more specific I just build image with dependencies and created .git/hooks/pre-push script manually:

# Dockerfile
WORKDIR /pre-commit
CMD ["pre-commit", "run", "--hook-stage", "push"]
# .git/hooks/pre-push
docker run -t -v "$(pwd)":/pre-commit --name "$NAME" my-image:latest

This is how my .pre-commit-config.yamls looks like:

# .pre-commit-config.yaml
  - repo:
    rev: v1.70.0
      - id: terraform_tflint
          - push
      - id: terraform_checkov
          - push

This surprisingly works very well when trying same solution for commit stage, but it sees no diff when its set push and its getting always "skipped". I saw there is a dedicated docker image but if I am correct there is no easy way for implementation in pre-commit-config.yaml to do the same but via docker image to get rid off dependencies.

How could pre-commit-terraform help solve your problem?

It would be great to have possibility to have hooks preconfigured with docker image and just run following without worrying about dependencies:

  - repo:
    rev: v1.70.0
      - id: terraform_tflint_docker
      - id: terraform_checkov_docker
but it sees no diff when its set push and its getting always "skipped".

That is expected, because there is no git diff on pre-push stage. And next is redundant:

          - push

You need manually detect differ files (GHA example) if you'd like to run pre-commit only on that files, otherwise, use pre-commit run -a

It would be great to have possibility to have hooks preconfigured with docker image and just run following without worrying about dependencies:

That already can be done via

docker run -v $(pwd):/lint -w /lint$TAG run

or if you need specific versions use --build-arg's as specified in 1. Install dependencies -> Docker

Also, it should not be a problem to create a shell or git alias to run the needed docker run command.

Running all that stuff as many separate containers will slow down hook executions compared to a usage of OS-native env, different teams prefer to use different versions of each tool (and sometimes, their dependencies) so to do what you ask good (and w/o big maintenance effort) will need some time.

Anyway, glad to review your PR that will implement that.

P.S. That may resolve #397 as not needed, if anyone with Mac will switch to docker

I would also love to have the above functionality and not have to install any dependencies on my CI/CD pipeline.

Below, there is a list of repos that already offer pre-commit hooks using Docker:

Note: TF_PLUGIN_CACHE_DIR should be exported and set inside most hooks. That may be related to other envs too.

Also, in case of TF_PLUGIN_CACHE_DIR usage, terraform init will need to run inside the container OR mount to the same path that is used outside. That need to have the right symlinks to cached dir in .terraform, if .terrafrom was generated outside the image.

Example on host machine ```bash ➜ pwd /home/vm/code/Oslo/modules/aws-environment/.terraform/providers/ ➜ ls -lah lrwxrwxrwx 1 vm vm 91 Oct 3 17:59 linux_amd64 -> /home/vm/.terraform.d/plugin-cache/ in container: ```bash bash-5.1# pwd /lint/modules/aws-environment/.terraform/providers/ bash-5.1# ls -lah lrwxrwxrwx 1 root root 68 Oct 3 14:55 linux_amd64 -> /tf_plugins/ ```

So, work command is

docker run \
    -e "USERID=$(id -u):$(id -g)" \
    -v $(pwd):/lint -w /lint \$TAG run -a
Looks like could be related to this issue


COPY .pre-commit-config.yaml .

  git init . && \
  pre-commit install --install-hooks \
  && chmod -R a+rwX "$PRE_COMMIT_HOME" 
