Fix terraform_fmt hook and drop useless stuff

Author: MaxymVlasov

.github/workflows/release.yml

@@ -10,10 +10,13 @@ on:
  - .github/workflows/release.yml
  - '**/*.py'
  - '**/*.sh'
- - Dockerfile*
+ - Dockerfile
  - .pre-commit-hooks.yaml
+ # Ignore paths
  - '!tests/**'
 
+permissions:
+ contents: read
 
 jobs:
  release:

.pre-commit-hooks.yaml

@@ -18,6 +18,17 @@
  files: \.(tf|tofu|tfvars|tftest\.hcl|tfmock\.hcl)$
  exclude: \.terraform/.*$
 
+- id: terraform_fmt_docker
+ name: Terraform fmt
+ description: >-
+ Rewrites all Terraform configuration files to a canonical format using Docker.
+ # TODO: There will be ghcr.io/antonbabenko/pre-commit-terraform:latest.
+ # TODO: pre-commit-terraform:latest is build locally from this branch
+ entry: --entrypoint terraform_fmt.sh pre-commit-terraform:latest
+ language: docker_image
+ files: \.(tf|tofu|tfvars|tftest\.hcl|tfmock\.hcl)$
+ exclude: \.terraform/.*$
+
 - id: terraform_docs
  name: Terraform docs
  description: >-
@@ -180,18 +191,6 @@
  require_serial: true
 
 # Docker-based versions of hooks (non-breaking additions)
-- id: terraform_fmt_docker
- name: Terraform fmt (Docker)
- description: >-
- Rewrites all Terraform configuration files to a canonical format using Docker.
- NOTE: Requires Docker to be available. Use 'skip' in .pre-commit-config.yaml
- if running on pre-commit.ci or other environments without Docker.
- entry: ghcr.io/antonbabenko/pre-commit-terraform-tools:latest
- language: docker_image
- args: [terraform, fmt]
- files: \.(tf|tofu|tfvars|tftest\.hcl|tfmock\.hcl)$
- exclude: \.terraform/.*$
-
 - id: terraform_validate_docker
  name: Terraform validate (Docker)
  description: >-

Dockerfile

@@ -23,7 +23,7 @@ COPY tools/install/ /install/
 ARG PRE_COMMIT_VERSION=${PRE_COMMIT_VERSION:-latest}
 RUN touch /.env && \
  if [ "$PRE_COMMIT_VERSION" = "false" ]; then \
- echo "Vital software can't be skipped" && exit 1; \
+ echo "ERROR: PRE_COMMIT_VERSION cannot be 'false' - pre-commit is required" >&2 && exit 1; \
  fi
 RUN /install/pre-commit.sh
 
@@ -136,10 +136,10 @@ COPY --from=builder /usr/local/lib/python3.12/site-packages/ /usr/local/lib/pyth
 COPY --from=builder /root/ /root/
 
 # Install hooks extra deps
-RUN if [ "$(grep -o '^terraform-docs SKIPPED$' /usr/bin/tools_versions_info)" = "" ]; then \
+RUN if ! grep -q '^terraform-docs SKIPPED$' /usr/bin/tools_versions_info; then \
  apk add --no-cache perl=~5 \
  ; fi && \
- if [ "$(grep -o '^infracost SKIPPED$' /usr/bin/tools_versions_info)" = "" ]; then \
+ if ! grep -q '^infracost SKIPPED$' /usr/bin/tools_versions_info; then \
  apk add --no-cache jq=~1 \
  ; fi && \
  # Fix git runtime fatal:
@@ -148,6 +148,11 @@ RUN if [ "$(grep -o '^terraform-docs SKIPPED$' /usr/bin/tools_versions_info)" =
 
 COPY tools/entrypoint.sh /entrypoint.sh
 
+# Copy hook scripts for Docker-based hooks
+COPY hooks/ /usr/local/bin/
+COPY lib_getopt /usr/local/
+COPY src/pre_commit_terraform/ /usr/local/lib/python3.12/site-packages/pre_commit_terraform/
+
 ENV PRE_COMMIT_COLOR=${PRE_COMMIT_COLOR:-always}
 
 ENV INFRACOST_API_KEY=${INFRACOST_API_KEY:-}

Dockerfile.tools

@@ -343,10 +343,14 @@ Check the [source file](https://github.com/antonbabenko/pre-commit-terraform/blo
 
 ### Docker-based hooks (no local tool installation required)
 
-For users who prefer not to install tools locally, Docker-based versions are available for most hooks. These hooks use a Docker image with all tools pre-installed and provide the same functionality as their script-based counterparts.
-Note: These hooks are defined with pre-commit `language: docker_image` and reference the Docker image via the `entry` field in `.pre-commit-hooks.yaml`.
-These hooks run inside the tools image defined by the hook itself (no image configuration needed in your `.pre-commit-config.yaml`). The image is published at `ghcr.io/antonbabenko/pre-commit-terraform-tools` and can be pinned by tag (e.g., `entry: ghcr.io/antonbabenko/pre-commit-terraform-tools:latest`) or by digest (e.g., `entry: ghcr.io/antonbabenko/pre-commit-terraform-tools@sha256:...`).
-Tip: `ghcr.io/antonbabenko/pre-commit-terraform` is the container image for running pre-commit itself, whereas `...-tools` is the image used by the Docker-based hooks.
+For users who prefer not to install tools locally, Docker-based versions are
+available for most hooks. These hooks use a Docker image with all tools
+pre-installed and provide the same functionality as their script-based
+counterparts.
+
+> [!NOTE]
+> These hooks run inside the Docker image defined by the hook itself. By default, it set to
+`entry: ghcr.io/antonbabenko/pre-commit-terraform:latest` which is **NOT WHAT WE WANT**. Better to figure out how to pin it # TODO
 
 
 | Docker Hook ID | Equivalent Script Hook | Description |
@@ -359,9 +363,6 @@ Tip: `ghcr.io/antonbabenko/pre-commit-terraform` is the container image for runn
 | `terraform_trivy_docker` | `terraform_trivy` | Security analysis with Trivy using Docker |
 | `infracost_breakdown_docker` | `infracost_breakdown` | Infrastructure cost analysis using Docker |
 
-> **Note:**
-> By default, `terraform_docs_docker` is configured with `pass_filenames: false` and an explicit `.` target. This documents only the root module, which is the most common use case. If you want to generate documentation for multiple modules in a monorepo, you can customize the `args` in your own `.pre-commit-config.yaml` (for example, add `--recursive` to the arguments).
-
 
 **Benefits of Docker hooks:**
 
@@ -1354,7 +1355,7 @@ jobs:
  run:
  shell: bash
  steps:
- - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+ - uses: actions/checkout@v5
  with:
  fetch-depth: 0
  ref: ${{ github.event.pull_request.head.sha }}