From c2f6ace9d7f9d583aa0f32eea1ed77f4359c7987 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pedro=20Magalh=C3=A3es?= <pedrojrmagalhaes@gmail.com>
Date: Fri, 9 Aug 2024 12:15:36 +0100
Subject: [PATCH] feat: add terraform-validate hook

---
 README.md                          |  6 +++---
 modules/hooks.nix                  | 10 ++++++++++
 nix/terraform-validate/default.nix | 13 +++++++++++++
 nix/tools.nix                      |  1 +
 4 files changed, 27 insertions(+), 3 deletions(-)
 create mode 100644 nix/terraform-validate/default.nix

diff --git a/README.md b/README.md
index 4bdc2409..3c11ef1b 100644
--- a/README.md
+++ b/README.md
@@ -7,13 +7,12 @@
 - **Trivial integration for Nix projects** (wires up a few things behind the scenes)
 
 - Provide a low-overhead build of all the tooling available for the hooks to use
-   (naive implementation of calling nix-shell does bring some latency when committing)
+  (naive implementation of calling nix-shell does bring some latency when committing)
 
 - **Common hooks for languages** like Python, Haskell, Elm, etc. [see all hook options](https://devenv.sh/?q=pre-commit.hooks)
 
 - Run hooks **as part of development** and **on during CI**
 
-
 ## Getting started
 
 ### devenv.sh
@@ -299,6 +298,7 @@ clang-format supports.
 ### Terraform
 
 - `terraform-format`: built-in formatter (using [OpenTofu](https://opentofu.org/)'s [`fmt`](https://opentofu.org/docs/cli/commands/fmt/))
+- `terraform-validate`: built-in validator (using [OpenTofu](https://opentofu.org/)'s [`validate`](https://opentofu.org/docs/cli/commands/validate/))
 - [tflint](https://github.com/terraform-linters/tflint)
 
 ### YAML
@@ -435,12 +435,12 @@ Example configuration:
 Custom hooks are defined with the same schema as [pre-defined
 hooks](modules/pre-commit.nix).
 
-
 ## Contributing hooks
 
 Everyone is encouraged to add new hooks.
 
 <!-- TODO generate option docs -->
+
 Have a look at the [existing hooks](modules/hooks.nix) and the [options](modules/pre-commit.nix).
 
 There's no guarantee the hook will be accepted, but the general guidelines are:
diff --git a/modules/hooks.nix b/modules/hooks.nix
index 9ba18065..480f0262 100644
--- a/modules/hooks.nix
+++ b/modules/hooks.nix
@@ -3369,6 +3369,16 @@ lib.escapeShellArgs (lib.concatMap (ext: [ "--ghc-opt" "-X${ext}" ]) hooks.ormol
           entry = "${hooks.terraform-format.package}/bin/terraform-fmt";
           files = "\\.tf$";
         };
+      terraform-validate =
+        {
+          name = "terraform-validate";
+          description = "Validates terraform configuration files (`.tf`).";
+          package = tools.terraform-validate;
+          entry = "${hooks.terraform-validate.package}/bin/terraform-validate";
+          files = "\\.(tf(vars)?|terraform\\.lock\\.hcl)$";
+          excludes = [ "\\.terraform/.*$" ];
+          require_serial = true;
+        };
       tflint =
         {
           name = "tflint";
diff --git a/nix/terraform-validate/default.nix b/nix/terraform-validate/default.nix
new file mode 100644
index 00000000..abf37dc6
--- /dev/null
+++ b/nix/terraform-validate/default.nix
@@ -0,0 +1,13 @@
+{ writeScriptBin, opentofu }:
+
+writeScriptBin "terraform-validate" ''#!/usr/bin/env bash
+set -x
+  for arg in "$@"; do
+    dirname "$arg"
+  done \
+    | sort \
+    | uniq \
+    | while read dir; do
+        ${opentofu}/bin/tofu validate "$dir"
+      done
+''
diff --git a/nix/tools.nix b/nix/tools.nix
index 9bcc89d5..83528ae0 100644
--- a/nix/tools.nix
+++ b/nix/tools.nix
@@ -181,6 +181,7 @@ in
   hunspell = callPackage ./hunspell { };
   purty = callPackage ./purty { purty = nodePackages.purty; };
   terraform-fmt = callPackage ./terraform-fmt { };
+  terraform-validate = callPackage ./terraform-validate { };
   tflint = callPackage ./tflint { };
   dune-build-opam-files = callPackage ./dune-build-opam-files { dune = dune_3; inherit (pkgsBuildBuild) ocaml; };
   dune-fmt = callPackage ./dune-fmt { dune = dune_3; inherit (pkgsBuildBuild) ocaml; };