A collection of pre-commit hooks used by Gruntwork tools
This repo defines Git pre-commit hooks intended for use with pre-commit. The currently supported hooks are:
terraform fmton all Terraform code (
*.tffiles).
terraform validateon all Terraform code (
*.tffiles).
terragrunt hclfmton all Terragrunt configurations.
tflinton all Terraform code (
*.tffiles).
shellcheckto lint files that contain a bash shebang.
gofmton all Golang code (
*.gofiles).
goimportson all Golang code (
*.gofiles).
golinton all Golang code (
*.gofiles).
yapfon all python code (
*.pyfiles).
helm linton your Helm chart files. See caveats here.
In each of your repos, add a file called
.pre-commit-config.yamlwith the following contents:
repos: - repo: https://github.com/gruntwork-io/pre-commit rev: # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases hooks: - id: terraform-fmt - id: terraform-validate - id: tflint - id: shellcheck - id: gofmt - id: golint
Next, have every developer:
brew install pre-commit.
pre-commit installin the repo.
That’s it! Now every time you commit a code change (
.tffile), the hooks in the
hooks:config will execute.
If you'd like to format all of your code at once (rather than one file at a time), you can run:
pre-commit run terraform-fmt --all-files
If you'd like to enforce all your hooks, you can configure your CI build to fail if the code doesn't pass checks by adding the following to your build scripts:
pip install pre-commit pre-commit install pre-commit run --all-files
If all the hooks pass, the last command will exit with an exit code of 0. If any of the hooks make changes (e.g., because files are not formatted), the last command will exit with a code of 1, causing the build to fail.
The
helmlintpre-commit hook runs
helm linton the charts that have been changed by the commit. It will run once per changed chart that it detects.
Note that charts are detected by walking up the directory tree of the changed file and looking for a
Chart.yamlfile that exists on the path.
helm lintrequires input values to look for configuration errors in your helm chart. However, this means that the linter needs a complete values file. Because we want to develop charts that define required values that the operator should provide, we don't want to specify defaults for all the values the chart expects in the default
values.yamlfile.
Therefore, to support this, this pre-commit hook looks for a special
linter_values.yamlfile defined in the chart path. This will be combined with the
values.yamlfile before running
helm lint. In your charts, you should define the required values in
linter_values.yaml.
For example, suppose you had a helm chart that defined two input values:
containerImageand
containerTag. Suppose that your chart required
containerImageto be defined, but not
containerTag. To enforce this, you created the following
values.yamlfile for your chart:
# values.yamlcontainerImage is required and defines which image to use
containerTag specifies the image tag to use. Defaults to latest.
containerTag: latest
If you run
helm linton this chart, it will fail because somewhere in your chart you will reference
.Values.containerImagewhich will be undefined with this
values.yamlfile. To handle this, you can define a
linter_values.yamlfile that defines
containerImage:
# linter_values.yaml containerImage: nginx
Now when the pre-commit hook runs, it will call
helm lintwith both
linter_values.yamland
values.yaml:
helm lint -f values.yaml -f linter_values.yaml .
To enable optional shellcheck features you can use the
--enableflag. Other shellcheck flags can not be passed through.
repos: - repo: https://github.com/gruntwork-io/pre-commit rev: hooks: - id: shellcheck args: ["--enable require-variable-braces,deprecate-which"]
This code is released under the Apache 2.0 License. Please see LICENSE and NOTICE for more details.
Copyright © 2019 Gruntwork, Inc.