feat: add pre-commit workflow for automated code quality (#203)

lgallard · web-flow · commit 102c1c6ba613 · 2025-08-10T00:24:24.000+02:00
* feat: add pre-commit workflow for code quality automation

Add comprehensive pre-commit GitHub Actions workflow including:
- Terraform formatting and validation
- Documentation generation with terraform-docs
- TFLint analysis for best practices
- File formatting and consistency checks
- Optimized caching and parallel execution

* docs: add pre-commit workflow documentation to CLAUDE.md

Add comprehensive documentation for the new pre-commit GitHub Actions workflow including:
- Automated code quality checks and formatting
- Tool installation and caching configuration
- Local setup instructions for pre-commit hooks
- CI/CD integration details and workflow triggers
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -0,0 +1,138 @@
+name: Pre-commit
+
+on:
+  pull_request:
+    branches: [master]
+    paths:
+      - '**.tf'
+      - '**.tfvars'
+      - '**.md'
+      - '.pre-commit-config.yaml'
+  push:
+    branches: [master]
+    paths:
+      - '**.tf'
+      - '**.tfvars'
+      - '**.md'
+      - '.pre-commit-config.yaml'
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: read
+      pull-requests: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: '1.3.0'
+
+      - name: Cache terraform tools
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.local/bin/terraform-docs
+            ~/.local/bin/tflint
+          key: terraform-tools-${{ runner.os }}-v1
+          restore-keys: |
+            terraform-tools-${{ runner.os }}-
+
+      - name: Install terraform-docs
+        run: |
+          if [ ! -f ~/.local/bin/terraform-docs ]; then
+            echo "Installing terraform-docs..."
+            mkdir -p ~/.local/bin
+            curl -sSLo ./terraform-docs.tar.gz https://terraform-docs.io/dl/v0.16.0/terraform-docs-v0.16.0-$(uname)-amd64.tar.gz
+            tar -xzf terraform-docs.tar.gz
+            chmod +x terraform-docs
+            mv terraform-docs ~/.local/bin/
+            rm terraform-docs.tar.gz
+          fi
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+      - name: Install tflint
+        run: |
+          if ! command -v tflint &> /dev/null; then
+            echo "Installing tflint..."
+            curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
+          fi
+
+      - name: Install pre-commit
+        run: |
+          python -m pip install --upgrade pip
+          pip install pre-commit
+
+      - name: Cache pre-commit hooks
+        uses: actions/cache@v3
+        with:
+          path: ~/.cache/pre-commit
+          key: pre-commit-${{ runner.os }}-${{ hashFiles('.pre-commit-config.yaml') }}
+          restore-keys: |
+            pre-commit-${{ runner.os }}-
+
+      - name: Install pre-commit hooks
+        run: pre-commit install-hooks
+
+      - name: Run pre-commit on all files (push to master)
+        if: github.event_name == 'push' && github.ref == 'refs/heads/master'
+        run: pre-commit run --all-files
+
+      - name: Run pre-commit on changed files (pull request)
+        if: github.event_name == 'pull_request'
+        run: |
+          # Get the list of changed files
+          git fetch origin ${{ github.base_ref }}
+          CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD -- '*.tf' '*.tfvars' '*.md')
+
+          if [ -n "$CHANGED_FILES" ]; then
+            echo "Running pre-commit on changed files:"
+            echo "$CHANGED_FILES"
+            pre-commit run --files $CHANGED_FILES
+          else
+            echo "No relevant files changed, skipping pre-commit checks"
+          fi
+
+      - name: Pre-commit summary
+        if: always()
+        run: |
+          echo "## 🔍 Pre-commit Results" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+
+          if [ "${{ job.status }}" == "success" ]; then
+            echo "✅ All pre-commit checks passed!" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "**Tools verified:**" >> $GITHUB_STEP_SUMMARY
+            echo "- 🔧 Terraform formatting" >> $GITHUB_STEP_SUMMARY
+            echo "- ✅ Terraform validation" >> $GITHUB_STEP_SUMMARY
+            echo "- 📚 Documentation generation" >> $GITHUB_STEP_SUMMARY
+            echo "- 🔍 TFLint analysis" >> $GITHUB_STEP_SUMMARY
+            echo "- 🧹 File formatting" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "❌ Pre-commit checks failed" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "Please check the logs above for specific failures." >> $GITHUB_STEP_SUMMARY
+            echo "You can run \`pre-commit run --all-files\` locally to fix issues." >> $GITHUB_STEP_SUMMARY
+          fi
+
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "**Configured hooks:**" >> $GITHUB_STEP_SUMMARY
+          echo "- trailing-whitespace" >> $GITHUB_STEP_SUMMARY
+          echo "- end-of-file-fixer" >> $GITHUB_STEP_SUMMARY
+          echo "- check-yaml" >> $GITHUB_STEP_SUMMARY
+          echo "- terraform_fmt" >> $GITHUB_STEP_SUMMARY
+          echo "- terraform_validate" >> $GITHUB_STEP_SUMMARY
+          echo "- terraform_docs" >> $GITHUB_STEP_SUMMARY
+          echo "- terraform_tflint" >> $GITHUB_STEP_SUMMARY
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -196,6 +196,170 @@ export AWS_BACKUP_ENABLE_LONG_RUNNING_TESTS=false
 - Test audit framework compliance
 - Validate organization policy enforcement
 
+## Pre-commit Configuration & Automation
+
+### Automated Code Quality with GitHub Actions
+
+This module includes a comprehensive pre-commit GitHub Actions workflow (`.github/workflows/pre-commit.yml`) that automatically validates code quality and formatting. The workflow runs on:
+
+- **Pull requests** targeting the master branch with changes to `.tf`, `.tfvars`, `.md`, or `.pre-commit-config.yaml` files
+- **Pushes** to the master branch with changes to the same file types
+
+#### Pre-commit Workflow Features
+
+**Automated Tools & Checks:**
+- 🔧 **Terraform formatting** (`terraform fmt`)
+- ✅ **Terraform validation** (`terraform validate`) 
+- 📚 **Documentation generation** (`terraform-docs`)
+- 🔍 **TFLint analysis** for best practices and errors
+- 🧹 **File formatting** (trailing whitespace, end-of-file fixes)
+- 📋 **YAML validation** for configuration files
+
+**Performance Optimizations:**
+- **Smart caching** of terraform-docs and tflint binaries
+- **Pre-commit hook caching** for faster subsequent runs
+- **Incremental checking** on pull requests (only changed files)
+- **Full validation** on master branch pushes
+- **15-minute timeout** to prevent hung jobs
+
+**Workflow Intelligence:**
+- **Changed file detection** - Only runs pre-commit on relevant changed files in PRs
+- **Comprehensive summary** - Provides detailed results in GitHub Actions summary
+- **Tool installation verification** - Automatically installs and caches required tools
+- **Cross-platform compatibility** - Optimized for Ubuntu runners
+
+#### Local Pre-commit Setup
+
+**Install pre-commit locally for development:**
+
+```bash
+# Install pre-commit (requires Python)
+pip install pre-commit
+
+# Install pre-commit hooks for this repository
+pre-commit install
+
+# Run pre-commit on all files manually
+pre-commit run --all-files
+
+# Run pre-commit on specific files
+pre-commit run --files main.tf variables.tf
+```
+
+**Required Tools for Local Development:**
+```bash
+# Terraform (version 1.3.0+ recommended)
+terraform --version
+
+# terraform-docs for README generation
+curl -sSLo ./terraform-docs.tar.gz https://terraform-docs.io/dl/v0.16.0/terraform-docs-v0.16.0-$(uname)-amd64.tar.gz
+tar -xzf terraform-docs.tar.gz
+sudo mv terraform-docs /usr/local/bin/
+
+# TFLint for Terraform linting
+curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
+```
+
+#### Pre-commit Configuration
+
+The module uses `.pre-commit-config.yaml` with the following hooks:
+
+**Basic File Quality:**
+- `trailing-whitespace` - Remove trailing whitespace
+- `end-of-file-fixer` - Ensure files end with newline
+- `check-yaml` - Validate YAML syntax
+
+**Terraform Quality:**
+- `terraform_fmt` - Format Terraform files
+- `terraform_validate` - Validate Terraform syntax and logic
+- `terraform_docs` - Generate documentation
+- `terraform_tflint` - Advanced Terraform linting
+
+#### CI/CD Integration Benefits
+
+**Pull Request Automation:**
+- **Instant feedback** on code quality issues
+- **Prevents merge** of poorly formatted code
+- **Reduces review time** by catching common issues
+- **Maintains consistency** across contributors
+
+**Master Branch Protection:**
+- **Comprehensive validation** on all files after merge
+- **Documentation updates** automatically generated
+- **Quality gate** for production code
+
+**Development Experience:**
+- **Fast feedback loop** with incremental checking
+- **Clear error messages** with actionable guidance
+- **Automated fixes** for many formatting issues
+- **Consistent development environment** across team
+
+### Pre-commit Best Practices
+
+#### Local Development Workflow
+```bash
+# Before committing changes
+git add .
+pre-commit run --files $(git diff --cached --name-only)
+
+# If pre-commit fixes issues, add them and commit
+git add .
+git commit -m "feat: add backup vault lock configuration"
+```
+
+#### Troubleshooting Pre-commit Issues
+
+**Common Issues & Solutions:**
+
+**Terraform Formatting Errors:**
+```bash
+# Fix formatting automatically
+terraform fmt -recursive .
+
+# Check specific file
+terraform fmt -check main.tf
+```
+
+**Documentation Generation Errors:**
+```bash
+# Regenerate documentation
+terraform-docs markdown table . > README.md
+
+# Check terraform-docs configuration
+terraform-docs --version
+```
+
+**TFLint Errors:**
+```bash
+# Run TFLint locally to see detailed errors
+tflint
+
+# Initialize TFLint if needed
+tflint --init
+```
+
+**Pre-commit Hook Installation Issues:**
+```bash
+# Reinstall pre-commit hooks
+pre-commit uninstall
+pre-commit install
+
+# Clear pre-commit cache if needed
+pre-commit clean
+```
+
+#### Performance Considerations
+
+**Large Repositories:**
+- Pre-commit runs only on changed files in PRs (faster feedback)
+- Tool binaries are cached between runs
+- Pre-commit hooks are cached based on configuration hash
+
+**Network Issues:**
+- Tools are installed once and cached
+- Fallback installation methods for corporate networks
+- Offline capability after initial tool installation
+
 ## Security Considerations
 
 ### AWS Backup-Specific Security Practices
