Merge branch 'master' into MaxymVlasov-patch-1

Author: MaxymVlasov

.git-blame-ignore-revs

@@ -0,0 +1,70 @@
+# `git blame` master ignore list.
+#
+# This file contains a list of git hashes of revisions to be ignored
+# by `git blame`. These revisions are considered "unimportant" in
+# that they are unlikely to be what you are interested in when blaming.
+# They are typically expected to be formatting-only changes.
+#
+# It can be used for `git blame` using `--ignore-revs-file` or by
+# setting `blame.ignoreRevsFile` in the `git config`[1].
+#
+# Ignore these commits when reporting with blame. Calling
+#
+#   git blame --ignore-revs-file .git-blame-ignore-revs
+#
+# will tell `git blame` to ignore changes made by these revisions when
+# assigning blame, as if the change never happened.
+#
+# You can enable this as a default for your local repository by
+# running
+#
+#   git config blame.ignoreRevsFile .git-blame-ignore-revs
+#
+# This will probably be automatically picked by your IDE
+# (VSCode+GitLens and JetBrains products are confirmed to do this).
+#
+# Important: if you are switching to a branch without this file,
+# `git blame` will fail with an error.
+#
+# GitHub also excludes the commits listed below from its "Blame"
+# views[2][3].
+#
+# [1]: https://git-scm.com/docs/git-blame#Documentation/git-blame.txt-blameignoreRevsFile
+# [2]: https://github.blog/changelog/2022-03-24-ignore-commits-in-the-blame-view-beta/
+# [3]: https://docs.github.com/en/repositories/working-with-files/using-files/viewing-a-file#ignore-commits-in-the-blame-view
+#
+# Guidelines:
+# - Only large (generally automated) reformatting or renaming PRs
+#   should be added to this list. Do not put things here just because
+#   you feel they are trivial or unimportant. If in doubt, do not put
+#   it on this list.
+# - When adding a single revision, use inline comment to link relevant
+#   issue/PR. Alternatively, paste the commit title instead.
+#   Example:
+#     d4a8b7307acc2dc8a8833ccfa65426ad28b3ffc9  # https://github.com/sanitizers/octomachinery/issues/1
+# - When adding multiple revisions (like a bulk of work over many
+#   commits), organize them in blocks. Precede each such block with a
+#   comment starting with the word "START", followed by a link to the
+#   relevant issue or PR. Add a similar comment after the last block
+#   line but use the word "END", followed by the same link.
+#   Alternatively, add or augment the link with a text motivation and
+#   description of work performed in each commit.
+#   After each individual commit in the block, add an inline comment
+#   with the commit title line.
+#   Example:
+#     # START https://github.com/sanitizers/octomachinery/issues/1
+#     6f0bd2d8a1e6cd2e794cd39976e9756e0c85ac66  # Bulk-replace smile emojis with unicorns
+#     d53974df11dbc22cbea9dc7dcbc9896c25979a27  # Replace double with single quotes
+#     ... <rest of the list>
+#     # END https://github.com/sanitizers/octomachinery/issues/1
+# - Only put full 40-character hashes on this list (not short hashes
+#   or any other revision reference).
+# - Append to the bottom of the file, regardless of the chronological
+#   order of the revisions. Revisions within blocks should be in
+#   chronological order from oldest to newest.
+# - Because you must use a hash, you need to append to this list in a
+#   follow-up PR to the actual reformatting PR that you are trying to
+#   ignore. This approach helps avoid issues with arbitrary rebases
+#   and squashes while the pull request is in progress.
+
+23928fbf8511697c915c3231977ee254bd3fa0c2  # chore(linters): Apply ruff-format

.github/CONTRIBUTING.md

@@ -1,5 +1,6 @@
 # Notes for contributors
 
+* [Configure `git blame` to ignore formatting commits](#configure-git-blame-to-ignore-formatting-commits)
 * [Run and debug hooks locally](#run-and-debug-hooks-locally)
 * [Run hook performance test](#run-hook-performance-test)
   * [Run via BASH](#run-via-bash)
@@ -15,6 +16,10 @@
 * [Contributing to Python code](#contributing-to-python-code)
 * [Run tests in your fork](#run-tests-in-your-fork)
 
+## Configure `git blame` to ignore formatting commits
+
+This project uses `.git-blame-ignore-revs` to exclude formatting-related commits from `git blame` history. To configure your local `git blame` to ignore these commits, refer to the [.git-blame-ignore-revs](/.git-blame-ignore-revs) file for details.
+
 ## Run and debug hooks locally
 
 ```bash

.github/workflows/pre-commit.yaml

@@ -47,48 +47,41 @@ jobs:
         )"
         > hadolint
         && chmod +x hadolint && sudo mv hadolint /usr/bin/
-    # Need to success pre-commit fix push
+     # Needed for pre-commit fix push to succeed
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
       with:
         fetch-depth: 0
         ref: ${{ github.event.pull_request.head.sha }}
+        # Needed to trigger pre-commit workflow on autofix commit. Guide:
+        # https://web.archive.org/web/20210731173012/https://github.community/t/required-check-is-expected-after-automated-push/187545/
+        ssh-key: ${{ secrets.GHA_AUTOFIX_COMMIT_KEY }}
     # Skip terraform_tflint which interferes to commit pre-commit auto-fixes
     - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38  # v5.4.0
       with:
         python-version: '3.13'
+
     - name: Execute pre-commit
-      uses: pre-commit/action@9b88afc9cd57fd75b655d5c71bd38146d07135fe  # v2.0.3
+      uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd  # v3.0.1
       env:
-        SKIP: no-commit-to-branch,hadolint
+        SKIP: no-commit-to-branch
       with:
-        token: ${{ secrets.GITHUB_TOKEN }}
         extra_args: >-
           --color=always
           --show-diff-on-failure
-          --files ${{ steps.file_changes.outputs.files }}
-    # Run only skipped checks
-    - name: Execute pre-commit check that have no auto-fixes
-      if: always()
-      uses: pre-commit/action@9b88afc9cd57fd75b655d5c71bd38146d07135fe  # v2.0.3
-      env:
-        SKIP: >-
-          check-added-large-files,
-          check-merge-conflict,
-          check-vcs-permalinks,
-          forbid-new-submodules,
-          no-commit-to-branch,
-          end-of-file-fixer,
-          trailing-whitespace,
-          check-yaml,
-          check-merge-conflict,
-          check-executables-have-shebangs,
-          check-case-conflict,mixed-line-ending,
-          detect-aws-credentials,
-          detect-private-key,
-          shfmt,
-          shellcheck,
+          --files ${{ steps.file_changes.outputs.files}}
+
+    # Needed to trigger pre-commit workflow on autofix commit
+    - name: Push fixes
+      if: failure()
+      uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5  # v9.1.4
       with:
-        extra_args: >-
-          --color=always
-          --show-diff-on-failure
-          --files ${{ steps.file_changes.outputs.files }}
+        # Determines the way the action fills missing author name and email.
+        # Three options are available:
+        # - github_actor -> UserName <[email protected]>
+        # - user_info -> Your Display Name <[email protected]>
+        # - github_actions -> github-actions <email associated with the github logo>
+        # Default: github_actor
+        default_author: github_actor
+        # The message for the commit.
+        # Default: 'Commit from GitHub Actions (name of the workflow)'
+        message: '[pre-commit] Autofix violations'

.pre-commit-config.yaml

@@ -43,13 +43,13 @@ repos:
 
   # Detect hardcoded secrets
 - repo: https://github.com/gitleaks/gitleaks
-  rev: v8.24.0
+  rev: v8.24.2
   hooks:
   - id: gitleaks
 
 # Dockerfile
 - repo: https://github.com/hadolint/hadolint
-  rev: v2.12.1-beta
+  rev: v2.13.1-beta
   hooks:
   - id: hadolint
 
@@ -66,7 +66,7 @@ repos:
     - --implicit_start
 
 - repo: https://github.com/adrienverge/yamllint.git
-  rev: v1.36.2
+  rev: v1.37.0
   hooks:
   - id: yamllint
     types:
@@ -77,7 +77,7 @@ repos:
 
 # JSON5
 - repo: https://github.com/pre-commit/mirrors-prettier
-  rev: v3.1.0
+  rev: v4.0.0-alpha.8
   hooks:
   - id: prettier
     # https://prettier.io/docs/en/options.html#parser
@@ -98,6 +98,14 @@ repos:
   - id: shellcheck
 
 # Python
+- repo: https://github.com/astral-sh/ruff-pre-commit
+  rev: v0.11.4
+  hooks:
+  - id: ruff
+    args:
+    - --fix
+  - id: ruff-format
+
 - repo: https://github.com/pre-commit/mirrors-mypy.git
   rev: v1.15.0
   hooks:

.pre-commit-hooks.yaml

@@ -4,7 +4,7 @@
   entry: hooks/infracost_breakdown.sh
   language: script
   require_serial: true
-  files: \.(tf(vars)?|hcl)$
+  files: \.(tf|tofu|tfvars|hcl)$
   exclude: \.terraform/.*$
 
 - id: terraform_fmt
@@ -13,7 +13,7 @@
     Rewrites all Terraform configuration files to a canonical format.
   entry: hooks/terraform_fmt.sh
   language: script
-  files: (\.tf|\.tfvars)$
+  files: \.(tf|tofu|tfvars)$
   exclude: \.terraform/.*$
 
 - id: terraform_docs
@@ -24,7 +24,7 @@
   require_serial: true
   entry: hooks/terraform_docs.sh
   language: script
-  files: (\.tf|\.terraform\.lock\.hcl)$
+  files: \.(tf|tofu|terraform\.lock\.hcl)$
   exclude: \.terraform/.*$
 
 - id: terraform_docs_without_aggregate_type_defaults
@@ -35,7 +35,7 @@
   require_serial: true
   entry: hooks/terraform_docs.sh
   language: script
-  files: (\.tf)$
+  files: \.(tf|tofu)$
   exclude: \.terraform/.*$
 
 - id: terraform_docs_replace
@@ -44,7 +44,7 @@
   require_serial: true
   entry: python -Im pre_commit_terraform replace-docs
   language: python
-  files: (\.tf)$
+  files: \.(tf|tofu)$
   exclude: \.terraform/.*$
 
 - id: terraform_validate
@@ -53,7 +53,7 @@
   require_serial: true
   entry: hooks/terraform_validate.sh
   language: script
-  files: \.(tf(vars)?|terraform\.lock\.hcl)$
+  files: \.(tf|tofu|tfvars|terraform\.lock\.hcl)$
   exclude: \.terraform/.*$
 
 - id: terraform_providers_lock
@@ -71,7 +71,7 @@
   require_serial: true
   entry: hooks/terraform_tflint.sh
   language: script
-  files: (\.tf|\.tfvars)$
+  files: \.(tf|tofu|tfvars)$
   exclude: \.terraform/.*$
 
 - id: terragrunt_fmt
@@ -114,7 +114,7 @@
     Static analysis of Terraform templates to spot potential security issues.
   require_serial: true
   entry: hooks/terraform_tfsec.sh
-  files: \.tf(vars)?$
+  files: \.(tf|tofu|tfvars)$
   language: script
 
 - id: terraform_trivy
@@ -123,7 +123,7 @@
     Static analysis of Terraform templates to spot potential security issues.
   require_serial: true
   entry: hooks/terraform_trivy.sh
-  files: \.tf(vars)?$
+  files: \.(tf|tofu|tfvars)$
   language: script
 
 - id: checkov
@@ -133,7 +133,7 @@
   language: python
   pass_filenames: false
   always_run: false
-  files: \.tf$
+  files: \.(tf|tofu)$
   exclude: \.terraform/.*$
   require_serial: true
 
@@ -143,7 +143,7 @@
   entry: hooks/terraform_checkov.sh
   language: script
   always_run: false
-  files: \.tf$
+  files: \.(tf|tofu)$
   exclude: \.terraform/.*$
   require_serial: true
 
@@ -155,15 +155,15 @@
   pass_filenames: false
   always_run: false
   require_serial: true
-  files: \.tf$
+  files: \.(tf|tofu)$
   exclude: \.terraform/.*$
 
 - id: terrascan
   name: terrascan
   description: Runs terrascan on Terraform templates.
   language: script
   entry: hooks/terrascan.sh
-  files: \.tf$
+  files: \.(tf|tofu)$
   exclude: \.terraform/.*$
   require_serial: true
 
@@ -174,5 +174,5 @@
   entry: hooks/tfupdate.sh
   args:
   - --args=terraform
-  files: \.tf$
+  files: \.(tf|tofu)$
   require_serial: true

.vscode/settings.json

@@ -7,4 +7,8 @@
     "code-block-style": false
   },
   "markdown.validate.enabled": true,
+  "python.analysis.extraPaths": [
+    "./src",
+    "./tests/pytest"
+  ],
 }

CHANGELOG.md

@@ -2,6 +2,20 @@
 
 All notable changes to this project will be documented in this file.
 
+# [1.99.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.98.1...v1.99.0) (2025-04-14)
+
+
+### Features
+
+* Add support for running hooks on `.tofu` files by default ([#875](https://github.com/antonbabenko/pre-commit-terraform/issues/875)) ([fe1f62f](https://github.com/antonbabenko/pre-commit-terraform/commit/fe1f62f3aecadbc22f8ab5e1f8cb02c2821cf5c2))
+
+## [1.98.1](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.98.0...v1.98.1) (2025-04-06)
+
+
+### Bug Fixes
+
+* **WSL:** Fix parallelism support for WSL systems with enabled systemd ([#872](https://github.com/antonbabenko/pre-commit-terraform/issues/872)) ([da2e9a8](https://github.com/antonbabenko/pre-commit-terraform/commit/da2e9a874ac61f94fe0a05e9d952ffb3c7c7639c))
+
 # [1.98.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.97.4...v1.98.0) (2025-03-25)
 
 

README.md

@@ -349,10 +349,10 @@ Config example:
 - id: terraform_tflint
   args:
   - --args=--config=${CONFIG_NAME}.${CONFIG_EXT}
-  - --args=--module
+  - --args=--call-module-type="all"
 ```
 
-If for config above set up `export CONFIG_NAME=.tflint; export CONFIG_EXT=hcl` before `pre-commit run`, args will be expanded to `--config=.tflint.hcl --module`.
+If for config above set up `export CONFIG_NAME=.tflint; export CONFIG_EXT=hcl` before `pre-commit run`, args will be expanded to `--config=.tflint.hcl --call-module-type="all"`.
 
 ### All hooks: Set env vars inside hook at runtime
 

hooks/_common.sh

@@ -206,8 +206,10 @@ function common::get_cpu_num {
 
   local cpu_quota cpu_period cpu_num
 
+  local -r wslinterop_path="/proc/sys/fs/binfmt_misc/WSLInterop"
+
   if [[ -f /sys/fs/cgroup/cpu/cpu.cfs_quota_us &&
-    ! -f /proc/sys/fs/binfmt_misc/WSLInterop ]]; then # WSL have cfs_quota_us, but WSL should be checked as usual Linux host
+    (! -f "${wslinterop_path}" && ! -f "${wslinterop_path}-late" && ! -f "/run/WSL") ]]; then # WSL has cfs_quota_us, but WSL should be checked as usual Linux host
     # Inside K8s pod or DinD in K8s
     cpu_quota=$(< /sys/fs/cgroup/cpu/cpu.cfs_quota_us)
     cpu_period=$(cat /sys/fs/cgroup/cpu/cpu.cfs_period_us 2> /dev/null || echo "$cpu_quota")