diff --git a/modules/private_repository/README.md b/modules/private_repository/README.md
index e75ed40..f810a54 100644
--- a/modules/private_repository/README.md
+++ b/modules/private_repository/README.md
@@ -37,6 +37,7 @@ No resources.
| [name](#input\_name) | The name of the repository to create/import. | `string` | n/a | yes |
| [protected\_branches](#input\_protected\_branches) | A list of ref names or patterns that should be protected. Defaults `["main"]` | `list(string)` | [
"main"
]
| no |
| [repository\_team\_permissions](#input\_repository\_team\_permissions) | A map where the keys are github team slugs and the value is the permissions the team should have in the repository | `map(string)` | n/a | yes |
+| [template\_repository](#input\_template\_repository) | A list of template repositories to use for the repository | object({
owner = string
repository = string
include_all_branches = bool
}) | `null` | no |
| [topics](#input\_topics) | The topics to apply to the repository | `list(string)` | `[]` | no |
## Outputs
diff --git a/modules/private_repository/repository.tf b/modules/private_repository/repository.tf
index 7b587ba..b1d6310 100644
--- a/modules/private_repository/repository.tf
+++ b/modules/private_repository/repository.tf
@@ -30,4 +30,6 @@ module "repository_base" {
action_secrets = var.action_secrets
environments = var.environments
+
+ template_repository = var.template_repository
}
diff --git a/modules/private_repository/variables.tf b/modules/private_repository/variables.tf
index 4eeebbb..f566d3e 100644
--- a/modules/private_repository/variables.tf
+++ b/modules/private_repository/variables.tf
@@ -86,4 +86,14 @@ variable "environments" {
action_secrets = optional(map(string))
}))
default = {}
+}
+
+variable "template_repository" {
+ description = "A list of template repositories to use for the repository"
+ type = object({
+ owner = string
+ repository = string
+ include_all_branches = bool
+ })
+ default = null
}
\ No newline at end of file
diff --git a/modules/public_repository/README.md b/modules/public_repository/README.md
index b687276..a5909d7 100644
--- a/modules/public_repository/README.md
+++ b/modules/public_repository/README.md
@@ -37,6 +37,7 @@ No resources.
| [name](#input\_name) | The name of the repository to create/import. | `string` | n/a | yes |
| [protected\_branches](#input\_protected\_branches) | A list of ref names or patterns that should be protected. Defaults `["main"]` | `list(string)` | [
"main"
]
| no |
| [repository\_team\_permissions](#input\_repository\_team\_permissions) | A map where the keys are github team slugs and the value is the permissions the team should have in the repository | `map(string)` | n/a | yes |
+| [template\_repository](#input\_template\_repository) | A list of template repositories to use for the repository | object({
owner = string
repository = string
include_all_branches = bool
}) | `null` | no |
| [topics](#input\_topics) | The topics to apply to the repository | `list(string)` | `[]` | no |
## Outputs
diff --git a/modules/public_repository/repository.tf b/modules/public_repository/repository.tf
index 009d792..9ee5630 100644
--- a/modules/public_repository/repository.tf
+++ b/modules/public_repository/repository.tf
@@ -30,4 +30,6 @@ module "repository_base" {
action_secrets = var.action_secrets
environments = var.environments
+
+ template_repository = var.template_repository
}
\ No newline at end of file
diff --git a/modules/public_repository/variables.tf b/modules/public_repository/variables.tf
index 51c850b..7920be8 100644
--- a/modules/public_repository/variables.tf
+++ b/modules/public_repository/variables.tf
@@ -86,4 +86,14 @@ variable "environments" {
action_secrets = optional(map(string))
}))
default = {}
+}
+
+variable "template_repository" {
+ description = "A list of template repositories to use for the repository"
+ type = object({
+ owner = string
+ repository = string
+ include_all_branches = bool
+ })
+ default = null
}
\ No newline at end of file
diff --git a/modules/repository_base/README.md b/modules/repository_base/README.md
index 98a674d..721e0b1 100644
--- a/modules/repository_base/README.md
+++ b/modules/repository_base/README.md
@@ -56,6 +56,7 @@ No modules.
| [repository\_team\_permissions](#input\_repository\_team\_permissions) | A map where the keys are github team slugs and the value is the permissions the team should have in the repository | `map(string)` | n/a | yes |
| [secret\_scanning](#input\_secret\_scanning) | Enables secret scanning for the repository. If repository is private `advance_security` must also be enabled. | `bool` | `true` | no |
| [secret\_scanning\_on\_push](#input\_secret\_scanning\_on\_push) | Enables secret scanning push protection for the repository. If repository is private `advance_security` must also be enabled. | `bool` | `true` | no |
+| [template\_repository](#input\_template\_repository) | A list of template repositories to use for the repository | object({
owner = string
repository = string
include_all_branches = bool
}) | `null` | no |
| [topics](#input\_topics) | The topics to apply to the repository | `list(string)` | `[]` | no |
| [visibility](#input\_visibility) | Sets the visibility property of a repository. Defaults to "private" | `string` | `"private"` | no |
diff --git a/modules/repository_base/environments.tf b/modules/repository_base/environments.tf
index b6a18f7..90c9211 100644
--- a/modules/repository_base/environments.tf
+++ b/modules/repository_base/environments.tf
@@ -1,5 +1,5 @@
resource "github_repository_environment" "environemnt" {
- for_each = keys(var.environments)
+ for_each = toset(keys(var.environments))
repository = github_repository.repository.name
environment = each.value
}
diff --git a/modules/repository_base/repository.tf b/modules/repository_base/repository.tf
index bedc2e1..c2cac64 100644
--- a/modules/repository_base/repository.tf
+++ b/modules/repository_base/repository.tf
@@ -41,6 +41,17 @@ resource "github_repository" "repository" {
}
}
}
+
+ # Use a template repo if one is specified
+ dynamic "template" {
+ for_each = var.template_repository == null ? [] : [1]
+ content {
+ owner = var.template_repository.owner
+ repository = var.template_repository.name
+ include_all_branches = var.template_repository.include_all_branches
+ }
+ }
+
}
resource "github_repository_dependabot_security_updates" "automated_security_fixes" {
diff --git a/modules/repository_base/secrets.tf b/modules/repository_base/secrets.tf
index 6f6741b..9f75449 100644
--- a/modules/repository_base/secrets.tf
+++ b/modules/repository_base/secrets.tf
@@ -1,11 +1,11 @@
locals {
- environment_actions_secrets = concat(values({
+ environment_actions_secrets = try(concat(values({
for env_name, env in var.environments : env_name => [for secret_name, secret in env.action_secrets : {
name = secret_name
encrypted_value = secret
environment = env_name
- }] if env.action_secrets != null
- }))
+ }] if env.action_secrets != null
+ })), [])
}
resource "github_actions_secret" "actions_secret" {
diff --git a/modules/repository_base/variables.tf b/modules/repository_base/variables.tf
index df0efad..dc33685 100644
--- a/modules/repository_base/variables.tf
+++ b/modules/repository_base/variables.tf
@@ -140,4 +140,14 @@ variable "environments" {
action_secrets = optional(map(string))
}))
default = {}
+}
+
+variable "template_repository" {
+ description = "A list of template repositories to use for the repository"
+ type = object({
+ owner = string
+ repository = string
+ include_all_branches = bool
+ })
+ default = null
}
\ No newline at end of file
diff --git a/modules/repository_set/README.md b/modules/repository_set/README.md
index 8960c18..0584132 100644
--- a/modules/repository_set/README.md
+++ b/modules/repository_set/README.md
@@ -25,8 +25,8 @@ No resources.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [default\_repository\_team\_permissions](#input\_default\_repository\_team\_permissions) | A map where the keys are github team slugs and the value is the permissions the team should have by default for every repository. If an entry exists in `repository_team_permissions_override` for a repository then that will take precedence over this default. | `map(string)` | n/a | yes |
-| [private\_repositories](#input\_private\_repositories) | A map of private repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
repository_team_permissions_override = map(string)
protected_branches = list(string)
advance_security = bool
has_vulnerability_alerts = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
allow_auto_merge = bool
dependabot_security_updates = bool
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environemnts = optional(map(object({
action_secrets = optional(map(string))
})))
})) | n/a | yes |
-| [public\_repositories](#input\_public\_repositories) | A map of public repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
repository_team_permissions_override = map(string)
protected_branches = list(string)
advance_security = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
allow_auto_merge = bool
dependabot_security_updates = bool
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environemnts = optional(map(object({
action_secrets = optional(map(string))
})))
})) | n/a | yes |
+| [private\_repositories](#input\_private\_repositories) | A map of private repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
repository_team_permissions_override = map(string)
protected_branches = list(string)
advance_security = bool
has_vulnerability_alerts = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
allow_auto_merge = bool
dependabot_security_updates = bool
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
action_secrets = optional(map(string))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
})) | n/a | yes |
+| [public\_repositories](#input\_public\_repositories) | A map of public repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
repository_team_permissions_override = map(string)
protected_branches = list(string)
advance_security = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
allow_auto_merge = bool
dependabot_security_updates = bool
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
action_secrets = optional(map(string))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
})) | n/a | yes |
## Outputs
diff --git a/modules/repository_set/repositories.tf b/modules/repository_set/repositories.tf
index e488b10..6b15ea1 100644
--- a/modules/repository_set/repositories.tf
+++ b/modules/repository_set/repositories.tf
@@ -18,6 +18,7 @@ module "public_repositories" {
codespace_secrets = each.value.codespace_secrets
dependabot_secrets = each.value.dependabot_secrets
environments = each.value.environments
+ template_repository = each.value.template_repository
}
module "private_repositories" {
@@ -40,4 +41,5 @@ module "private_repositories" {
codespace_secrets = each.value.codespace_secrets
dependabot_secrets = each.value.dependabot_secrets
environments = each.value.environments
+ template_repository = each.value.template_repository
}
diff --git a/modules/repository_set/variables.tf b/modules/repository_set/variables.tf
index 3ab4ac4..692ee9f 100644
--- a/modules/repository_set/variables.tf
+++ b/modules/repository_set/variables.tf
@@ -14,9 +14,14 @@ variable "private_repositories" {
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
- environemnts = optional(map(object({
+ environments = optional(map(object({
action_secrets = optional(map(string))
})))
+ template_repository = optional(object({
+ owner = string
+ repository = string
+ include_all_branches = bool
+ }))
}))
description = "A map of private repositories where the key is the repository name and the value is the configuration"
}
@@ -36,9 +41,14 @@ variable "public_repositories" {
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
- environemnts = optional(map(object({
+ environments = optional(map(object({
action_secrets = optional(map(string))
})))
+ template_repository = optional(object({
+ owner = string
+ repository = string
+ include_all_branches = bool
+ }))
}))
description = "A map of public repositories where the key is the repository name and the value is the configuration"
}