chore: move canonical pre-commit config from images repo

xnoto · xnoto · commit 23e0fbfba110 · 2026-02-19T20:44:35.000-07:00
diff --git a/.github/workflows/opentofu.yml b/.github/workflows/opentofu.yml
@@ -59,7 +59,7 @@ jobs:
       - name: Fetch canonical pre-commit config
         run: |
           curl -sSL -o .pre-commit-config.yaml \
-            https://raw.githubusercontent.com/makeitworkcloud/images/main/tfroot-runner/pre-commit-config.yaml
+            https://raw.githubusercontent.com/makeitworkcloud/shared-workflows/main/tfroot-pre-commit-config.yaml
 
       - name: Initialize OpenTofu
         run: tofu init -backend=false
diff --git a/AGENTS.md b/AGENTS.md
@@ -14,12 +14,12 @@ Agents are authorized to push directly to `main` in this repository.
 
 Reusable workflow for OpenTofu/Terraform root module repositories (`tfroot-*`). It:
 
-1. Fetches canonical pre-commit config from `makeitworkcloud/images` repo
+1. Fetches canonical pre-commit config from `tfroot-pre-commit-config.yaml` in this repo
 2. Runs pre-commit tests using the `tfroot-runner` container image
 3. Posts plan output as PR comments
 4. Applies on merge to main
 
-**Pre-commit configuration is centralized** in `makeitworkcloud/images/tfroot-runner/pre-commit-config.yaml`. Do not add `.pre-commit-config.yaml` to individual tfroot repos.
+**Pre-commit configuration is centralized** in `tfroot-pre-commit-config.yaml`. Do not add `.pre-commit-config.yaml` to individual tfroot repos.
 
 ### Workflow Inputs
 
diff --git a/tfroot-pre-commit-config.yaml b/tfroot-pre-commit-config.yaml
@@ -0,0 +1,49 @@
+# Canonical pre-commit configuration for tfroot-* repositories.
+# This file is bundled into the tfroot-runner container image to pre-cache hooks.
+# It is also fetched by the shared OpenTofu workflow at CI time.
+#
+# To update hooks for all tfroot repos, modify this file and rebuild the image.
+repos:
+  - repo: https://github.com/compilerla/conventional-pre-commit
+    rev: v4.3.0
+    hooks:
+      - id: conventional-pre-commit
+        stages: [commit-msg]
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.105.0
+    hooks:
+      - id: terraform_validate
+        args:
+          - --hook-config=--retry-once-with-cleanup=true
+          - --args=-no-color
+          - --tf-init-args=-reconfigure
+          - --tf-init-args=-upgrade
+          - --tf-init-args=-backend=false
+      - id: terraform_tflint
+        args:
+          - --args=--minimum-failure-severity=error
+          - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
+      - id: terraform_checkov
+        args:
+          - --args=--config-file __GIT_WORKING_DIR__/.checkov.yml
+      - id: terraform_fmt
+        args:
+          - --args=-no-color
+          - --args=-diff
+          - --args=-recursive
+      - id: terraform_docs
+        args:
+          - --args=--config=.terraform-docs.yml
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v6.0.0
+    hooks:
+      - id: check-case-conflict
+      - id: check-merge-conflict
+      - id: check-symlinks
+      - id: check-vcs-permalinks
+      - id: destroyed-symlinks
+      - id: detect-private-key
+      - id: end-of-file-fixer
+        exclude: README.md
+      - id: mixed-line-ending
+      - id: trailing-whitespace
