Merge pull request #482 from pjrm/add-terraform-validate

feat: add terraform-validate

Author: domenkozar

README.md

@@ -7,13 +7,12 @@
 - **Trivial integration for Nix projects** (wires up a few things behind the scenes)
 
 - Provide a low-overhead build of all the tooling available for the hooks to use
-   (naive implementation of calling nix-shell does bring some latency when committing)
+  (naive implementation of calling nix-shell does bring some latency when committing)
 
 - **Common hooks for languages** like Python, Haskell, Elm, etc. [see all hook options](https://devenv.sh/?q=pre-commit.hooks)
 
 - Run hooks **as part of development** and **on during CI**
 
-
 ## Getting started
 
 ### devenv.sh
@@ -299,6 +298,7 @@ clang-format supports.
 ### Terraform
 
 - `terraform-format`: built-in formatter (using [OpenTofu](https://opentofu.org/)'s [`fmt`](https://opentofu.org/docs/cli/commands/fmt/))
+- `terraform-validate`: built-in validator (using [OpenTofu](https://opentofu.org/)'s [`validate`](https://opentofu.org/docs/cli/commands/validate/))
 - [tflint](https://github.com/terraform-linters/tflint)
 
 ### YAML
@@ -435,12 +435,12 @@ Example configuration:
 Custom hooks are defined with the same schema as [pre-defined
 hooks](modules/pre-commit.nix).
 
-
 ## Contributing hooks
 
 Everyone is encouraged to add new hooks.
 
 <!-- TODO generate option docs -->
+
 Have a look at the [existing hooks](modules/hooks.nix) and the [options](modules/pre-commit.nix).
 
 There's no guarantee the hook will be accepted, but the general guidelines are:

modules/hooks.nix

@@ -3369,6 +3369,16 @@ lib.escapeShellArgs (lib.concatMap (ext: [ "--ghc-opt" "-X${ext}" ]) hooks.ormol
           entry = "${hooks.terraform-format.package}/bin/terraform-fmt";
           files = "\\.tf$";
         };
+      terraform-validate =
+        {
+          name = "terraform-validate";
+          description = "Validates terraform configuration files (`.tf`).";
+          package = tools.terraform-validate;
+          entry = "${hooks.terraform-validate.package}/bin/terraform-validate";
+          files = "\\.(tf(vars)?|terraform\\.lock\\.hcl)$";
+          excludes = [ "\\.terraform/.*$" ];
+          require_serial = true;
+        };
       tflint =
         {
           name = "tflint";

nix/terraform-validate/default.nix

@@ -0,0 +1,13 @@
+{ writeScriptBin, opentofu }:
+
+writeScriptBin "terraform-validate" ''#!/usr/bin/env bash
+set -x
+  for arg in "$@"; do
+    dirname "$arg"
+  done \
+    | sort \
+    | uniq \
+    | while read dir; do
+        ${opentofu}/bin/tofu validate "$dir"
+      done
+''

nix/tools.nix

@@ -181,6 +181,7 @@ in
   hunspell = callPackage ./hunspell { };
   purty = callPackage ./purty { purty = nodePackages.purty; };
   terraform-fmt = callPackage ./terraform-fmt { };
+  terraform-validate = callPackage ./terraform-validate { };
   tflint = callPackage ./tflint { };
   dune-build-opam-files = callPackage ./dune-build-opam-files { dune = dune_3; inherit (pkgsBuildBuild) ocaml; };
   dune-fmt = callPackage ./dune-fmt { dune = dune_3; inherit (pkgsBuildBuild) ocaml; };