Hooks
Hooks are an Enterprise-only feature.
Hooks are how you extend a Pipelines run with your own tooling. If you have used Terragrunt's before and after hooks, the model will feel familiar: you declare a hook and Pipelines runs your command at a defined point in the run.
This unblocks the kinds of integrations teams reach for most when running infrastructure changes at scale, such as cost estimation, security scanning, policy enforcement, auditing, and notifications.
Hooks are configured in your Pipelines HCL configuration. Each hook declares whether it runs after plan and/or apply, and the command to execute.
Pipelines passes each hook context about the run through environment variables (for example the actor, repository, and action). After hooks additionally receive the run's OpenTofu/Terraform plan. In turn, a hook can write outputs that Pipelines reflects back in the pull/merge request comment, so its results show up alongside the plan or apply summary. See Hooks API for the full contract.
Hooks are under active development, and new capabilities will continue to roll out over time. Expect this documentation to expand alongside them.
In this section
- Setup & Prerequisites - what you need before configuring a hook.
- Configuring Hooks - how to declare a hook and how hooks execute.
- Hooks API - the environment variables and files exchanged with a hook.
- Writing a Hook - a step-by-step guide to authoring your own hook.
- Authentication & Secrets - giving a hook cloud credentials and secrets when it runs.
- Slack Deploy Notification - a worked example.
Related documentation
after_hookblock reference - the full list of configurable fields.