diff --git a/hooks/provider-pinned-versions/README.md b/hooks/provider-pinned-versions/README.md new file mode 100644 index 0000000..7364f1e --- /dev/null +++ b/hooks/provider-pinned-versions/README.md @@ -0,0 +1,77 @@ +# Provider Pinned Versions Hook + +This hook validates that all providers under the `required_providers` block of a Terraform configuration file have a pinned version. + +## Usage + +### cli + +```bash +pre-commit run provider-pinned-versions --all-files +``` + +### pre-commit config + +```yaml +repos: + - repo: https://github.com/open-turo/standards-terraform + hooks: + - id: provider-pinned-versions + files: ^terraform.tf$ +``` + +## Examples of supported configurations + +### Standard pinned version + +```hcl +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "3.40.0" + } + } +} +``` + +### Pre-release version + +```hcl +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "3.41.0-beta1" + } + } +} +``` + +## Examples of unsupported configurations + +### Version constraints + +If the version contains any of the following constraint characters, `!~><`, the hook will fail. + +```hcl +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.40.0" + } + } +} +``` + +```hcl +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 3.40.0" + } + } +} +``` diff --git a/hooks/provider-pinned-versions/required_providers.awk b/hooks/provider-pinned-versions/required_providers.awk index 2bc326e..3bc5da6 100644 --- a/hooks/provider-pinned-versions/required_providers.awk +++ b/hooks/provider-pinned-versions/required_providers.awk @@ -5,7 +5,6 @@ BEGIN { brace_count = 0; version_prefix_regex = ".*version[[:space:]]+=[[:space:]]+"; provider_prefix_regex = "[a-z_-]+[[:space:]]+=[[:space:]]+\{"; - pinned_version_regex = "[0-9]+\.[0-9]+\.[0-9]+"; version_constraints_regex = "[!~><]+"; }