I am using GitHub Codespaces and try to run pre-commit run --all-files
on its terminal. I have pasted the pre-commit configuration below for reference.
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v2.4.0
hooks:
- id: check-added-large-files
- id: check-yaml
# - id: end-of-file-fixer
- id: mixed-line-ending
args: [--fix=lf]
- id: requirements-txt-fixer
- id: trailing-whitespace
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.74.1
hooks:
- id: terraform_fmt
- id: terraform_checkov
args:
- --args=--quiet
- --args=--skip-check CKV_GCP_83 # We rely on Google-managed encryption keys
- --args=--skip-check CKV_GCP_45 # Extensive privileges are actually required
- --args=--skip-check CKV_GCP_90 # We rely on Google-managed encryption keys
- id: terraform_tflint
- id: terraform_docs
args:
- --hook-config=--path-to-file=README.md
- --hook-config=--add-to-existing-file=true
- --hook-config=--create-file-if-not-exist=true
- id: terraform_tfsec
- id: tfupdate
When I run it initially, there is no github_conf folder in the repository. However, after running the pre-commit command, a folder github_conf is created, and it contains a file branch_protection_rules.json. It looks like this:
{
"message": "Not Found",
"documentation_url": "https://docs.github.com/rest"
}
We have indeed a branch-protection rule enabled, but this is a completely different branch and I am not even trying to commit or push, just running the pre-commit is causing the issue. Basically I don't want to keep the file (branch_protection_rules.json) in my repo as it also interferes with at least one pre-commit hook, which is otherwise required.
At this point, I don't get what is going on, as the "message" is not that descriptive. Can anyone help?
Additional information: After further investigation, this is definitely related to the hook terraform_checkov... Do let me know if you have experienced issues with this hook.
Had the same issue. It turns out that terraform_checkov hook does not set --framework=terrraform
parameter when running checkov (as one might expect). That means it will run all possible checks - also github one.
There are two solutions:
- id: terraform_checkov
args:
- --args=--framework=terraform