.pre-commit-config.yaml

repos:
  - repo: https://github.com/antonbabenko/pre-commit-terraform
    rev: v1.92.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
    hooks:
      - id: terraform_fmt
      - id: terraform_docs
        args: ['--args=--lockfile=false', '--args=--indent=3']
      - id: terraform_tflint
        args: [
          # --args=--module, # TODO enable it after ensuring `terraform init`
          # --args=--only=terraform_comment_syntax,
          --args=--only=terraform_deprecated_interpolation,
          # --args=--only=terraform_deprecated_index,
          # --args=--only=terraform_documented_variables,
          --args=--only=terraform_module_pinned_source,
          --args=--only=terraform_naming_convention,
          --args=--only=terraform_required_providers,
          --args=--only=terraform_required_version,
          # --args=--only=terraform_unused_declarations,
          --args=--only=terraform_workspace_remote,
        ]
  - repo: https://github.com/bridgecrewio/checkov.git
    rev: '3.2.217'
    hooks:
    - id: checkov
      verbose: true
      args: [
        --compact,
        --quiet,
        --soft-fail,
        --skip-check, "CKV_AWS_150,CKV_AWS_18,CKV_AWS_144,CKV2_AWS_19,CKV_AWS_272,CKV_AWS_116,CKV2_AWS_11,CKV2_AWS_28,CKV_AWS_173,CKV2_AWS_5,CKV2_AWS_12,CKV2_AWS_1,CKV_AWS_2,CKV_AWS_126,CKV_AWS_103,CKV_AWS_123,CKV2_AWS_61,CKV2_AWS_62,CKV2_AWS_53,CKV2_AWS_20,CKV_AWS_135,CKV_GHA_7",
        --soft-fail-on, "CKV_AWS_290,CKV_AWS_355",
      ]