feat: tfupdate integration (#328)

Closes #328
antonbabenko · Feb 20, 2022 · 2dd8fcb · 2dd8fcb
1 parent 458fb28
commit 2dd8fcb
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 1 deletion.
diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml
@@ -111,3 +111,13 @@
   files: \.tf$
   exclude: \.terraform\/.*$
   require_serial: true
+
+- id: tfupdate
+  name: tfupdate
+  description: Runs tfupdate on Terraform templates.
+  language: script
+  entry: hooks/tfupdate.sh
+  require_serial: true
+  files: \.tf$
+  pass_filenames: false
+  args: ["terraform"]
diff --git a/README.md b/README.md
@@ -44,6 +44,7 @@ If you are using `pre-commit-terraform` already or want to support its developme
   * [terraform_tfsec](#terraform_tfsec)
   * [terraform_validate](#terraform_validate)
   * [terrascan](#terrascan)
+  * [tfupdate](#tfupdate)
 * [Authors](#authors)
 * [License](#license)
 
@@ -224,7 +225,8 @@ There are several [pre-commit](https://pre-commit.com/) hooks to keep Terraform
 | `terraform_validate`                                   | Validates all Terraform configuration files. [Hook notes](#terraform_validate)                                                                                                                                                               | -                                                                                    |
 | `terragrunt_fmt`                                       | Reformat all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) to a canonical format.                                                                                                                   | `terragrunt`                                                                         |
 | `terragrunt_validate`                                  | Validates all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`)                                                                                                                                         | `terragrunt`                                                                         |
-| `terrascan`                                            | [terrascan](https://github.com/accurics/terrascan) Detect compliance and security violations. [Hook notes](#terrascan)                                                                                                                                               | `terrascan`                                                                          |
+| `terrascan`                                            | [terrascan](https://github.com/accurics/terrascan) Detect compliance and security violations. [Hook notes](#terrascan)                                                                                                                       | `terrascan`                                                                          |
+| `tfupdate`                                             | [tfupdate](https://github.com/minamijoyo/tfupdate) Update version constraints of Terraform core, providers, and modules. [Hook notes](#tfupdate)                                                                                             | `tfupdate`                                                                           |
 <!-- markdownlint-enable no-inline-html -->
 
 Check the [source file](https://github.com/antonbabenko/pre-commit-terraform/blob/master/.pre-commit-hooks.yaml) to know arguments used for each hook.
@@ -617,6 +619,27 @@ Example:
 3. Use `--skip-rules="ruleID1,ruleID2"` parameter to skip one or more rules globally while scanning (e.g.: `--args=--skip-rules="ruleID1,ruleID2"`).
 4. Use the syntax `#ts:skip=RuleID optional_comment` inside a resource to skip the rule for that resource.
 
+### tfupdate
+
+Out of the box tfupdate will pin the terraform version
+
+```yaml
+      - id: tfupdate
+  ```
+
+  But you can pass `tfupdate` custom commands like `provider ${PROVIDER_NAME}` :
+
+```yaml
+    - id: tfupdate
+      name: tfupdate terraform
+    - id: tfupdate
+      name: tfupdate provider vsphere
+      args:
+        - provider
+        - vsphere
+```
+See the `tfupdate --help` command line help for available options. No need to pass `--recursive .` as it is added automatically
+
 ## Authors
 
 This repository is managed by [Anton Babenko](https://github.com/antonbabenko) with help from these awesome contributors:

diff --git a/hooks/tfupdate.sh b/hooks/tfupdate.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+set -eo pipefail
+
+# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines
+readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"
+# shellcheck source=_common.sh
+source "$SCRIPT_DIR/_common.sh"
+
+function main {
+  common::initialize "$SCRIPT_DIR"
+  tfupdate_ "$@"
+}
+
+#######################################################################
+# tfupdate_
+#######################################################################
+function tfupdate_ {
+  local -r args=$*
+  # pass the arguments to hook
+  # shellcheck disable=SC2086 # Double quote to prevent globbing and word splitting.
+  tfupdate ${args} --recursive . 
+  local exit_code=$?
+  return $exit_code
+}
+
+[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@"