diff --git a/repositories/main.tf b/repositories/main.tf index c9b84a3..ef81066 100644 --- a/repositories/main.tf +++ b/repositories/main.tf @@ -18,30 +18,14 @@ module "xk6-mongo" { source = "./templates" github_repository = { - name = "xk6-mongo" - visibility = "public" + name = "xk6-mongo" + default_branch = "master" + visibility = "public" } github_repository_topics = ["load-testing", "golang", "mongo", "atlas"] } -module "actions" { - source = "./templates" - - github_repository = { - name = "actions" - description = "A collection of GitHub actions to use in our organization" - visibility = "public" - } - - github_teams_repository = [{ - team_id = var.teams-name.team-actions - permission = "maintain" - }] - - github_repository_topics = ["github", "automations", "pipeline"] -} - module "morning-slackbot" { source = "./templates" @@ -63,9 +47,10 @@ module "rascal" { source = "./templates" github_repository = { - name = "rascal" - description = "A config driven wrapper for amqp.node supporting multi-host connections, automatic error recovery, redelivery flood protection, transparent encryption / decryption and channel pooling." - visibility = "public" + name = "rascal" + default_branch = "master" + description = "A config driven wrapper for amqp.node supporting multi-host connections, automatic error recovery, redelivery flood protection, transparent encryption / decryption and channel pooling." + visibility = "public" pages = { source = { branch = "master" @@ -75,6 +60,7 @@ module "rascal" { } github_branch_protection = { + pull_request_bypassers = ["/cressie176"] required_pull_request_reviews = { required_approving_review_count = 1 } @@ -138,6 +124,7 @@ module "systemic" { github_repository = { name = "systemic" + default_branch = "master" description = "📦 A minimal dependency injection framework." visibility = "public" homepage_url = "https://onebeyond.github.io/systemic" diff --git a/repositories/templates/github_branch_protection.tf b/repositories/templates/github_branch_protection.tf index 1d9722e..910d5b7 100644 --- a/repositories/templates/github_branch_protection.tf +++ b/repositories/templates/github_branch_protection.tf @@ -7,6 +7,12 @@ locals { var.github_branch_protection_defaults.required_pull_request_reviews, var.github_branch_protection.required_pull_request_reviews ) + }, + { + pull_request_bypassers = setunion( + var.github_branch_protection_defaults.pull_request_bypassers, + var.github_branch_protection.pull_request_bypassers + ) } ) } @@ -15,7 +21,7 @@ resource "github_branch_protection" "main" { depends_on = [github_repository.repo] repository_id = github_repository.repo.node_id - pattern = github_repository.repo.default_branch + pattern = local.github_repository.default_branch enforce_admins = local.github_branch_protection.enforce_admins allows_deletions = local.github_branch_protection.allows_deletions allows_force_pushes = local.github_branch_protection.allows_force_pushes @@ -31,7 +37,6 @@ resource "github_branch_protection" "main" { restrict_dismissals = local.github_branch_protection.required_pull_request_reviews.restrict_dismissals required_approving_review_count = local.github_branch_protection.required_pull_request_reviews.required_approving_review_count require_last_push_approval = local.github_branch_protection.required_pull_request_reviews.require_last_push_approval - pull_request_bypassers = ["/Bounteous17"] - + pull_request_bypassers = local.github_branch_protection.pull_request_bypassers } } diff --git a/repositories/templates/github_repository.tf b/repositories/templates/github_repository.tf index 8347f20..e35b7ee 100644 --- a/repositories/templates/github_repository.tf +++ b/repositories/templates/github_repository.tf @@ -1,7 +1,7 @@ locals { github_repository = merge( var.github_repository_defaults, - var.github_repository + var.github_repository, ) } diff --git a/repositories/templates/variables.tf b/repositories/templates/variables.tf index 383a46b..355ae8d 100644 --- a/repositories/templates/variables.tf +++ b/repositories/templates/variables.tf @@ -3,6 +3,7 @@ variable "github_repository_defaults" { type = object({ name = optional(string), + default_branch = string, description = string archive_on_destroy = bool, allow_auto_merge = bool, @@ -21,7 +22,6 @@ variable "github_repository_defaults" { is_template = bool, vulnerability_alerts = bool, visibility = string, - pattern = string, enforce_admins = bool, allows_deletions = bool, allows_force_pushes = bool, @@ -33,6 +33,7 @@ variable "github_repository_defaults" { }) default = { + default_branch = "main", archive_on_destroy = true, description = "" allow_auto_merge = false, @@ -51,7 +52,6 @@ variable "github_repository_defaults" { is_template = false, vulnerability_alerts = false, visibility = "public", - pattern = "main", enforce_admins = true, allows_deletions = false, allows_force_pushes = false, @@ -79,6 +79,7 @@ variable "github_branch_protection_defaults" { require_signed_commits = bool, require_conversation_resolution = bool, required_pull_request_reviews = map(string) + pull_request_bypassers = set(string) }) default = { @@ -93,16 +94,20 @@ variable "github_branch_protection_defaults" { required_approving_review_count = 2 require_last_push_approval = true } + pull_request_bypassers = ["/Bounteous17"] } } variable "github_branch_protection" { type = object({ required_pull_request_reviews = optional(map(string), {}) + pull_request_bypassers = optional(set(string), []) }) default = { + default_branch = "main" required_pull_request_reviews = {} + pull_request_bypassers = [] } }