Skip to content

feat: add pre-commit workflow for automated code quality #203

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Aug 9, 2025
Merged

feat: add pre-commit workflow for automated code quality #203

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6772f19
feat: add pre-commit workflow for code quality automation
lgallard Aug 9, 2025
0c7a1d9
docs: add pre-commit workflow documentation to CLAUDE.md
lgallard Aug 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
138 changes: 138 additions & 0 deletions .github/workflows/pre-commit.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
name: Pre-commit

on:
pull_request:
branches: [master]
paths:
- '**.tf'
- '**.tfvars'
- '**.md'
- '.pre-commit-config.yaml'
push:
branches: [master]
paths:
- '**.tf'
- '**.tfvars'
- '**.md'
- '.pre-commit-config.yaml'

jobs:
pre-commit:
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
contents: read
pull-requests: read

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'

- name: Set up Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: '1.3.0'

- name: Cache terraform tools
uses: actions/cache@v3
with:
path: |
~/.local/bin/terraform-docs
~/.local/bin/tflint
key: terraform-tools-${{ runner.os }}-v1
restore-keys: |
terraform-tools-${{ runner.os }}-

- name: Install terraform-docs
run: |
if [ ! -f ~/.local/bin/terraform-docs ]; then
echo "Installing terraform-docs..."
mkdir -p ~/.local/bin
curl -sSLo ./terraform-docs.tar.gz https://terraform-docs.io/dl/v0.16.0/terraform-docs-v0.16.0-$(uname)-amd64.tar.gz
tar -xzf terraform-docs.tar.gz
chmod +x terraform-docs
mv terraform-docs ~/.local/bin/
rm terraform-docs.tar.gz
fi
echo "$HOME/.local/bin" >> $GITHUB_PATH

- name: Install tflint
run: |
if ! command -v tflint &> /dev/null; then
echo "Installing tflint..."
curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
fi

- name: Install pre-commit
run: |
python -m pip install --upgrade pip
pip install pre-commit

- name: Cache pre-commit hooks
uses: actions/cache@v3
with:
path: ~/.cache/pre-commit
key: pre-commit-${{ runner.os }}-${{ hashFiles('.pre-commit-config.yaml') }}
restore-keys: |
pre-commit-${{ runner.os }}-

- name: Install pre-commit hooks
run: pre-commit install-hooks

- name: Run pre-commit on all files (push to master)
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
run: pre-commit run --all-files

- name: Run pre-commit on changed files (pull request)
if: github.event_name == 'pull_request'
run: |
# Get the list of changed files
git fetch origin ${{ github.base_ref }}
CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD -- '*.tf' '*.tfvars' '*.md')

if [ -n "$CHANGED_FILES" ]; then
echo "Running pre-commit on changed files:"
echo "$CHANGED_FILES"
pre-commit run --files $CHANGED_FILES
else
echo "No relevant files changed, skipping pre-commit checks"
fi

- name: Pre-commit summary
if: always()
run: |
echo "## 🔍 Pre-commit Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY

if [ "${{ job.status }}" == "success" ]; then
echo "✅ All pre-commit checks passed!" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Tools verified:**" >> $GITHUB_STEP_SUMMARY
echo "- 🔧 Terraform formatting" >> $GITHUB_STEP_SUMMARY
echo "- ✅ Terraform validation" >> $GITHUB_STEP_SUMMARY
echo "- 📚 Documentation generation" >> $GITHUB_STEP_SUMMARY
echo "- 🔍 TFLint analysis" >> $GITHUB_STEP_SUMMARY
echo "- 🧹 File formatting" >> $GITHUB_STEP_SUMMARY
else
echo "❌ Pre-commit checks failed" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Please check the logs above for specific failures." >> $GITHUB_STEP_SUMMARY
echo "You can run \`pre-commit run --all-files\` locally to fix issues." >> $GITHUB_STEP_SUMMARY
fi

echo "" >> $GITHUB_STEP_SUMMARY
echo "**Configured hooks:**" >> $GITHUB_STEP_SUMMARY
echo "- trailing-whitespace" >> $GITHUB_STEP_SUMMARY
echo "- end-of-file-fixer" >> $GITHUB_STEP_SUMMARY
echo "- check-yaml" >> $GITHUB_STEP_SUMMARY
echo "- terraform_fmt" >> $GITHUB_STEP_SUMMARY
echo "- terraform_validate" >> $GITHUB_STEP_SUMMARY
echo "- terraform_docs" >> $GITHUB_STEP_SUMMARY
echo "- terraform_tflint" >> $GITHUB_STEP_SUMMARY
164 changes: 164 additions & 0 deletions CLAUDE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,170 @@ export AWS_BACKUP_ENABLE_LONG_RUNNING_TESTS=false
- Test audit framework compliance
- Validate organization policy enforcement

## Pre-commit Configuration & Automation

### Automated Code Quality with GitHub Actions

This module includes a comprehensive pre-commit GitHub Actions workflow (`.github/workflows/pre-commit.yml`) that automatically validates code quality and formatting. The workflow runs on:

- **Pull requests** targeting the master branch with changes to `.tf`, `.tfvars`, `.md`, or `.pre-commit-config.yaml` files
- **Pushes** to the master branch with changes to the same file types

#### Pre-commit Workflow Features

**Automated Tools & Checks:**
- 🔧 **Terraform formatting** (`terraform fmt`)
- ✅ **Terraform validation** (`terraform validate`)
- 📚 **Documentation generation** (`terraform-docs`)
- 🔍 **TFLint analysis** for best practices and errors
- 🧹 **File formatting** (trailing whitespace, end-of-file fixes)
- 📋 **YAML validation** for configuration files

**Performance Optimizations:**
- **Smart caching** of terraform-docs and tflint binaries
- **Pre-commit hook caching** for faster subsequent runs
- **Incremental checking** on pull requests (only changed files)
- **Full validation** on master branch pushes
- **15-minute timeout** to prevent hung jobs

**Workflow Intelligence:**
- **Changed file detection** - Only runs pre-commit on relevant changed files in PRs
- **Comprehensive summary** - Provides detailed results in GitHub Actions summary
- **Tool installation verification** - Automatically installs and caches required tools
- **Cross-platform compatibility** - Optimized for Ubuntu runners

#### Local Pre-commit Setup

**Install pre-commit locally for development:**

```bash
# Install pre-commit (requires Python)
pip install pre-commit

# Install pre-commit hooks for this repository
pre-commit install

# Run pre-commit on all files manually
pre-commit run --all-files

# Run pre-commit on specific files
pre-commit run --files main.tf variables.tf
```

**Required Tools for Local Development:**
```bash
# Terraform (version 1.3.0+ recommended)
terraform --version

# terraform-docs for README generation
curl -sSLo ./terraform-docs.tar.gz https://terraform-docs.io/dl/v0.16.0/terraform-docs-v0.16.0-$(uname)-amd64.tar.gz
tar -xzf terraform-docs.tar.gz
sudo mv terraform-docs /usr/local/bin/

# TFLint for Terraform linting
curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
```

#### Pre-commit Configuration

The module uses `.pre-commit-config.yaml` with the following hooks:

**Basic File Quality:**
- `trailing-whitespace` - Remove trailing whitespace
- `end-of-file-fixer` - Ensure files end with newline
- `check-yaml` - Validate YAML syntax

**Terraform Quality:**
- `terraform_fmt` - Format Terraform files
- `terraform_validate` - Validate Terraform syntax and logic
- `terraform_docs` - Generate documentation
- `terraform_tflint` - Advanced Terraform linting

#### CI/CD Integration Benefits

**Pull Request Automation:**
- **Instant feedback** on code quality issues
- **Prevents merge** of poorly formatted code
- **Reduces review time** by catching common issues
- **Maintains consistency** across contributors

**Master Branch Protection:**
- **Comprehensive validation** on all files after merge
- **Documentation updates** automatically generated
- **Quality gate** for production code

**Development Experience:**
- **Fast feedback loop** with incremental checking
- **Clear error messages** with actionable guidance
- **Automated fixes** for many formatting issues
- **Consistent development environment** across team

### Pre-commit Best Practices

#### Local Development Workflow
```bash
# Before committing changes
git add .
pre-commit run --files $(git diff --cached --name-only)

# If pre-commit fixes issues, add them and commit
git add .
git commit -m "feat: add backup vault lock configuration"
```

#### Troubleshooting Pre-commit Issues

**Common Issues & Solutions:**

**Terraform Formatting Errors:**
```bash
# Fix formatting automatically
terraform fmt -recursive .

# Check specific file
terraform fmt -check main.tf
```

**Documentation Generation Errors:**
```bash
# Regenerate documentation
terraform-docs markdown table . > README.md

# Check terraform-docs configuration
terraform-docs --version
```

**TFLint Errors:**
```bash
# Run TFLint locally to see detailed errors
tflint

# Initialize TFLint if needed
tflint --init
```

**Pre-commit Hook Installation Issues:**
```bash
# Reinstall pre-commit hooks
pre-commit uninstall
pre-commit install

# Clear pre-commit cache if needed
pre-commit clean
```

#### Performance Considerations

**Large Repositories:**
- Pre-commit runs only on changed files in PRs (faster feedback)
- Tool binaries are cached between runs
- Pre-commit hooks are cached based on configuration hash

**Network Issues:**
- Tools are installed once and cached
- Fallback installation methods for corporate networks
- Offline capability after initial tool installation

## Security Considerations

### AWS Backup-Specific Security Practices
Expand Down
Loading