diff --git a/modules/organization/README.md b/modules/organization/README.md
index e2169e5..7166a13 100644
--- a/modules/organization/README.md
+++ b/modules/organization/README.md
@@ -13,14 +13,15 @@
## Modules
-| Name | Source | Version |
-|------|--------|---------|
-| [organization\_secrets](#module\_organization\_secrets) | ../organization_secrets | n/a |
+No modules.
## Resources
| Name | Type |
|------|------|
+| [github_actions_organization_secret.action_secret](https://registry.terraform.io/providers/integrations/github/5.42.0/docs/resources/actions_organization_secret) | resource |
+| [github_codespaces_organization_secret.codespace_secret](https://registry.terraform.io/providers/integrations/github/5.42.0/docs/resources/codespaces_organization_secret) | resource |
+| [github_dependabot_organization_secret.dependabot_secret](https://registry.terraform.io/providers/integrations/github/5.42.0/docs/resources/dependabot_organization_secret) | resource |
| [github_membership.membership_for_user](https://registry.terraform.io/providers/integrations/github/5.42.0/docs/resources/membership) | resource |
| [github_organization_block.blocked_user](https://registry.terraform.io/providers/integrations/github/5.42.0/docs/resources/organization_block) | resource |
| [github_organization_custom_role.community_manager_role](https://registry.terraform.io/providers/integrations/github/5.42.0/docs/resources/organization_custom_role) | resource |
@@ -33,10 +34,10 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [actions\_secrets](#input\_actions\_secrets) | A map of organization-level GitHub Actions secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. If visibility is set to `selected` then `selected_repositories` must be set to a list of repository names to make the secret available. | map(object({
encrypted_value = string
visibility = string
selected_repositories = optional(list(string))
})) | `{}` | no |
-| [codespaces\_secrets](#input\_codespaces\_secrets) | A map of organization-level GitHub Codespaces secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. If visibility is set to `selected` then `selected_repositories` must be set to a list of repository names to make the secret available. | map(object({
encrypted_value = string
visibility = string
selected_repositories = optional(list(string))
})) | `{}` | no |
+| [actions\_secrets](#input\_actions\_secrets) | A map of organization-level GitHub Actions secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. | map(object({
encrypted_value = string
visibility = string
})) | `{}` | no |
+| [codespaces\_secrets](#input\_codespaces\_secrets) | A map of organization-level GitHub Codespaces secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. | map(object({
encrypted_value = string
visibility = string
})) | `{}` | no |
| [custom\_repository\_roles](#input\_custom\_repository\_roles) | A map of custom repository roles to create. The key is the name of the role and the value is the role configurations. | map(object({
description = string
base_role = string
permissions = list(string)
})) | n/a | yes |
-| [dependabot\_secrets](#input\_dependabot\_secrets) | A map of organization-level Dependabot secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. If visibility is set to `selected` then `selected_repositories` must be set to a list of repository names to make the secret available. | map(object({
encrypted_value = string
visibility = string
selected_repositories = optional(list(string))
})) | `{}` | no |
+| [dependabot\_secrets](#input\_dependabot\_secrets) | A map of organization-level Dependabot secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. | map(object({
encrypted_value = string
visibility = string
})) | `{}` | no |
| [enable\_community\_manager\_role](#input\_enable\_community\_manager\_role) | If `true` will create a custom repository role for community managers. Defaults to `false`. If `true` the maximum number of `custom_repository_roles` that can be defined will be reduced by one. | `bool` | `false` | no |
| [enable\_contractor\_role](#input\_enable\_contractor\_role) | If `true` will create a custom repository role for contractors. Defaults to `false`. If `true` the maximum number of `custom_repository_roles` that can be defined will be reduced by one. | `bool` | `false` | no |
| [enable\_security\_engineer\_role](#input\_enable\_security\_engineer\_role) | If `true` will create a custom repository role for security engineers. Defaults to `false`. If `true` the maximum number of `custom_repository_roles` that can be defined will be reduced by one. | `bool` | `false` | no |
diff --git a/modules/organization/secrets.tf b/modules/organization/secrets.tf
index e4bad94..864c9ff 100644
--- a/modules/organization/secrets.tf
+++ b/modules/organization/secrets.tf
@@ -1,7 +1,37 @@
-module "organization_secrets" {
- source = "../organization_secrets"
+resource "github_actions_organization_secret" "action_secret" {
+ for_each = var.actions_secrets
- organization_action_secrets = var.actions_secrets
- organization_codespace_secrets = var.codespaces_secrets
- organization_dependabot_secrets = var.dependabot_secrets
-}
\ No newline at end of file
+ secret_name = each.key
+ encrypted_value = each.value.encrypted_value
+ visibility = each.value.visibility
+ selected_repository_ids = []
+
+ lifecycle {
+ ignore_changes = [selected_repository_ids]
+ }
+}
+
+resource "github_codespaces_organization_secret" "codespace_secret" {
+ for_each = var.codespaces_secrets
+
+ secret_name = each.key
+ encrypted_value = each.value.encrypted_value
+ visibility = each.value.visibility
+ selected_repository_ids = []
+
+ lifecycle {
+ ignore_changes = [selected_repository_ids]
+ }
+}
+
+resource "github_dependabot_organization_secret" "dependabot_secret" {
+ for_each = var.dependabot_secrets
+ secret_name = each.key
+ encrypted_value = each.value.encrypted_value
+ visibility = each.value.visibility
+ selected_repository_ids = []
+
+ lifecycle {
+ ignore_changes = [selected_repository_ids]
+ }
+}
diff --git a/modules/organization/variables.tf b/modules/organization/variables.tf
index 06ed294..271739b 100644
--- a/modules/organization/variables.tf
+++ b/modules/organization/variables.tf
@@ -137,9 +137,8 @@ variable "actions_secrets" {
type = map(object({
encrypted_value = string
visibility = string
- selected_repositories = optional(list(string))
}))
- description = "A map of organization-level GitHub Actions secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. If visibility is set to `selected` then `selected_repositories` must be set to a list of repository names to make the secret available."
+ description = "A map of organization-level GitHub Actions secrets to create. The key is the name of the secret and the value is an object describing how to create the secret."
default = {}
}
@@ -147,9 +146,8 @@ variable "codespaces_secrets" {
type = map(object({
encrypted_value = string
visibility = string
- selected_repositories = optional(list(string))
}))
- description = "A map of organization-level GitHub Codespaces secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. If visibility is set to `selected` then `selected_repositories` must be set to a list of repository names to make the secret available."
+ description = "A map of organization-level GitHub Codespaces secrets to create. The key is the name of the secret and the value is an object describing how to create the secret."
default = {}
}
@@ -157,9 +155,8 @@ variable "dependabot_secrets" {
type = map(object({
encrypted_value = string
visibility = string
- selected_repositories = optional(list(string))
}))
- description = "A map of organization-level Dependabot secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. If visibility is set to `selected` then `selected_repositories` must be set to a list of repository names to make the secret available."
+ description = "A map of organization-level Dependabot secrets to create. The key is the name of the secret and the value is an object describing how to create the secret."
default = {}
}
diff --git a/modules/organization_secrets/README.md b/modules/organization_secrets/README.md
deleted file mode 100644
index 87330a1..0000000
--- a/modules/organization_secrets/README.md
+++ /dev/null
@@ -1,37 +0,0 @@
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.7.1 |
-| [github](#requirement\_github) | 5.42.0 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [github](#provider\_github) | 5.42.0 |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [github_actions_organization_secret.action_secret](https://registry.terraform.io/providers/integrations/github/5.42.0/docs/resources/actions_organization_secret) | resource |
-| [github_codespaces_organization_secret.codespace_secret](https://registry.terraform.io/providers/integrations/github/5.42.0/docs/resources/codespaces_organization_secret) | resource |
-| [github_dependabot_organization_secret.dependabot_secret](https://registry.terraform.io/providers/integrations/github/5.42.0/docs/resources/dependabot_organization_secret) | resource |
-| [github_repository.selected_repositories](https://registry.terraform.io/providers/integrations/github/5.42.0/docs/data-sources/repository) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [organization\_action\_secrets](#input\_organization\_action\_secrets) | A map of organization-level GitHub action secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. If visibility is set to `selected` then `selected_repositories` must be set to a list of repository names to make the secret available. | map(object({
encrypted_value = string
visibility = string
selected_repositories = optional(list(string))
})) | `{}` | no |
-| [organization\_codespace\_secrets](#input\_organization\_codespace\_secrets) | A map of organization-level GitHub codespace secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. If visibility is set to `selected` then `selected_repositories` must be set to a list of repository names to make the secret available. | map(object({
encrypted_value = string
visibility = string
selected_repositories = optional(list(string))
})) | `{}` | no |
-| [organization\_dependabot\_secrets](#input\_organization\_dependabot\_secrets) | A map of organization-level dependabot secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. If visibility is set to `selected` then `selected_repositories` must be set to a list of repository names to make the secret available. | map(object({
encrypted_value = string
visibility = string
selected_repositories = optional(list(string))
})) | `{}` | no |
-
-## Outputs
-
-No outputs.
\ No newline at end of file
diff --git a/modules/organization_secrets/secrets.tf b/modules/organization_secrets/secrets.tf
deleted file mode 100644
index e00e9fb..0000000
--- a/modules/organization_secrets/secrets.tf
+++ /dev/null
@@ -1,74 +0,0 @@
-locals {
- # If no selected repositories are set then sets the field to an empty list
- sanitized_action_secrets = merge(
- var.organization_action_secrets,
- {
- for k, v in var.organization_action_secrets : k => {
- encrypted_value = v.encrypted_value
- visibility = v.visibility
- selected_repositories = coalesce(v.selected_repositories, [])
- } if v.visibility == "selected"
- }
- )
- sanitized_codespace_secrets = merge(
- var.organization_codespace_secrets,
- {
- for k, v in var.organization_codespace_secrets : k => {
- encrypted_value = v.encrypted_value
- visibility = v.visibility
- selected_repositories = coalesce(v.selected_repositories, [])
- } if v.visibility == "selected"
- }
- )
- sanitized_dependabot_secrets = merge(
- var.organization_dependabot_secrets,
- {
- for k, v in var.organization_dependabot_secrets : k => {
- encrypted_value = v.encrypted_value
- visibility = v.visibility
- selected_repositories = coalesce(v.selected_repositories, [])
- } if v.visibility == "selected"
- }
- )
-
-
- all_selected_repositories = {
- for repo in concat(
- flatten([for secret in values(var.organization_action_secrets) : secret.selected_repositories if secret.visibility == "selected" && secret.selected_repositories != null]),
- flatten([for secret in values(var.organization_codespace_secrets) : secret.selected_repositories if secret.visibility == "selected" && secret.selected_repositories != null]),
- flatten([for secret in values(var.organization_dependabot_secrets) : secret.selected_repositories if secret.visibility == "selected" && secret.selected_repositories != null])
- ) : repo => repo
- }
-}
-
-data "github_repository" "selected_repositories" {
- for_each = local.all_selected_repositories
- name = each.value
-}
-
-resource "github_actions_organization_secret" "action_secret" {
- for_each = local.sanitized_action_secrets
-
- secret_name = each.key
- encrypted_value = each.value.encrypted_value
- visibility = each.value.visibility
- selected_repository_ids = [for repo in toset(each.value.selected_repositories) : data.github_repository.selected_repositories["${repo}"].repo_id]
-}
-
-resource "github_codespaces_organization_secret" "codespace_secret" {
- for_each = local.sanitized_codespace_secrets
-
- secret_name = each.key
- encrypted_value = each.value.encrypted_value
- visibility = each.value.visibility
- selected_repository_ids = [for repo in toset(each.value.selected_repositories) : data.github_repository.selected_repositories["${repo}"].repo_id]
-}
-
-resource "github_dependabot_organization_secret" "dependabot_secret" {
- for_each = local.sanitized_dependabot_secrets
- secret_name = each.key
- encrypted_value = each.value.encrypted_value
- visibility = each.value.visibility
- selected_repository_ids = [for repo in toset(each.value.selected_repositories) : data.github_repository.selected_repositories["${repo}"].repo_id]
-}
-
diff --git a/modules/organization_secrets/variables.tf b/modules/organization_secrets/variables.tf
deleted file mode 100644
index dbc5082..0000000
--- a/modules/organization_secrets/variables.tf
+++ /dev/null
@@ -1,29 +0,0 @@
-variable "organization_action_secrets" {
- type = map(object({
- encrypted_value = string
- visibility = string
- selected_repositories = optional(list(string))
- }))
- description = "A map of organization-level GitHub action secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. If visibility is set to `selected` then `selected_repositories` must be set to a list of repository names to make the secret available."
- default = {}
-}
-
-variable "organization_codespace_secrets" {
- type = map(object({
- encrypted_value = string
- visibility = string
- selected_repositories = optional(list(string))
- }))
- description = "A map of organization-level GitHub codespace secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. If visibility is set to `selected` then `selected_repositories` must be set to a list of repository names to make the secret available."
- default = {}
-}
-
-variable "organization_dependabot_secrets" {
- type = map(object({
- encrypted_value = string
- visibility = string
- selected_repositories = optional(list(string))
- }))
- description = "A map of organization-level dependabot secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. If visibility is set to `selected` then `selected_repositories` must be set to a list of repository names to make the secret available."
- default = {}
-}
diff --git a/modules/organization_secrets/versions.tf b/modules/organization_secrets/versions.tf
deleted file mode 100644
index d6e8a27..0000000
--- a/modules/organization_secrets/versions.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-terraform {
- required_version = ">= 1.7.1"
- required_providers {
- github = {
- source = "integrations/github"
- version = "5.42.0"
- }
- }
-}
\ No newline at end of file
diff --git a/modules/private_repository/README.md b/modules/private_repository/README.md
index f76df21..f516dee 100644
--- a/modules/private_repository/README.md
+++ b/modules/private_repository/README.md
@@ -43,4 +43,6 @@ No resources.
## Outputs
-No outputs.
\ No newline at end of file
+| Name | Description |
+|------|-------------|
+| [id](#output\_id) | The ID of the repository |
\ No newline at end of file
diff --git a/modules/private_repository/outputs.tf b/modules/private_repository/outputs.tf
new file mode 100644
index 0000000..0d1a523
--- /dev/null
+++ b/modules/private_repository/outputs.tf
@@ -0,0 +1,4 @@
+output "id" {
+ value = module.repository_base.id
+ description = "The ID of the repository"
+}
\ No newline at end of file
diff --git a/modules/public_repository/README.md b/modules/public_repository/README.md
index 2b1af93..038a54e 100644
--- a/modules/public_repository/README.md
+++ b/modules/public_repository/README.md
@@ -43,4 +43,6 @@ No resources.
## Outputs
-No outputs.
\ No newline at end of file
+| Name | Description |
+|------|-------------|
+| [id](#output\_id) | The ID of the repository |
\ No newline at end of file
diff --git a/modules/public_repository/outputs.tf b/modules/public_repository/outputs.tf
new file mode 100644
index 0000000..0d1a523
--- /dev/null
+++ b/modules/public_repository/outputs.tf
@@ -0,0 +1,4 @@
+output "id" {
+ value = module.repository_base.id
+ description = "The ID of the repository"
+}
\ No newline at end of file
diff --git a/modules/repository_base/README.md b/modules/repository_base/README.md
index c5d93de..f357a5d 100644
--- a/modules/repository_base/README.md
+++ b/modules/repository_base/README.md
@@ -63,4 +63,6 @@ No modules.
## Outputs
-No outputs.
\ No newline at end of file
+| Name | Description |
+|------|-------------|
+| [id](#output\_id) | The ID of the repository |
\ No newline at end of file
diff --git a/modules/repository_base/outputs.tf b/modules/repository_base/outputs.tf
new file mode 100644
index 0000000..33078a8
--- /dev/null
+++ b/modules/repository_base/outputs.tf
@@ -0,0 +1,4 @@
+output "id" {
+ value = github_repository.repository.repo_id
+ description = "The ID of the repository"
+}
\ No newline at end of file
diff --git a/modules/repository_set/README.md b/modules/repository_set/README.md
index ae5af00..534a87f 100644
--- a/modules/repository_set/README.md
+++ b/modules/repository_set/README.md
@@ -7,7 +7,9 @@
## Providers
-No providers.
+| Name | Version |
+|------|---------|
+| [github](#provider\_github) | 5.42.0 |
## Modules
@@ -18,15 +20,19 @@ No providers.
## Resources
-No resources.
+| Name | Type |
+|------|------|
+| [github_actions_organization_secret_repositories.org__action_secret_repo_access](https://registry.terraform.io/providers/integrations/github/5.42.0/docs/resources/actions_organization_secret_repositories) | resource |
+| [github_codespaces_organization_secret_repositories.org__codespace_secret_repo_access](https://registry.terraform.io/providers/integrations/github/5.42.0/docs/resources/codespaces_organization_secret_repositories) | resource |
+| [github_dependabot_organization_secret_repositories.org__dependabot_secret_repo_access](https://registry.terraform.io/providers/integrations/github/5.42.0/docs/resources/dependabot_organization_secret_repositories) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [default\_repository\_team\_permissions](#input\_default\_repository\_team\_permissions) | A map where the keys are github team slugs and the value is the permissions the team should have by default for every repository. If an entry exists in `repository_team_permissions_override` for a repository then that will take precedence over this default. | `map(string)` | n/a | yes |
-| [private\_repositories](#input\_private\_repositories) | A map of private repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
repository_team_permissions_override = map(string)
protected_branches = list(string)
advance_security = bool
has_vulnerability_alerts = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
allow_auto_merge = bool
dependabot_security_updates = bool
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
action_secrets = optional(map(string))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
})) | n/a | yes |
-| [public\_repositories](#input\_public\_repositories) | A map of public repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
repository_team_permissions_override = map(string)
protected_branches = list(string)
advance_security = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
allow_auto_merge = bool
dependabot_security_updates = bool
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
action_secrets = optional(map(string))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
})) | n/a | yes |
+| [private\_repositories](#input\_private\_repositories) | A map of private repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
repository_team_permissions_override = map(string)
protected_branches = list(string)
advance_security = bool
has_vulnerability_alerts = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
allow_auto_merge = bool
dependabot_security_updates = bool
organization_action_secrets = optional(list(string))
organization_codespace_secrets = optional(list(string))
organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
action_secrets = optional(map(string))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
})) | n/a | yes |
+| [public\_repositories](#input\_public\_repositories) | A map of public repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
repository_team_permissions_override = map(string)
protected_branches = list(string)
advance_security = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
allow_auto_merge = bool
dependabot_security_updates = bool
organization_action_secrets = optional(list(string))
organization_codespace_secrets = optional(list(string))
organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
action_secrets = optional(map(string))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
})) | n/a | yes |
## Outputs
diff --git a/modules/repository_set/organization-secrets.tf b/modules/repository_set/organization-secrets.tf
new file mode 100644
index 0000000..12c0127
--- /dev/null
+++ b/modules/repository_set/organization-secrets.tf
@@ -0,0 +1,61 @@
+locals {
+ coalesced_public_repositories = coalesce(var.public_repositories, {})
+ coalesced_private_repositories = coalesce(var.private_repositories, {})
+
+ organization_action_secrets = distinct(flatten(concat(
+ [for _, repo in local.coalesced_public_repositories : repo.organization_action_secrets if repo.organization_action_secrets != null],
+ [for _, repo in local.coalesced_private_repositories : repo.organization_action_secrets if repo.organization_action_secrets != null]
+ )))
+
+ organization_action_secrets_repository_id_list = {
+ for secret in local.organization_action_secrets : secret => toset(distinct(concat(
+ [for repo_name, repo in local.coalesced_public_repositories : module.public_repositories["${repo_name}"].id if contains(coalesce(repo.organization_action_secrets, []), secret)],
+ [for repo_name, repo in local.coalesced_private_repositories : module.private_repositories["${repo_name}"].id if contains(coalesce(repo.organization_action_secrets, []), secret)]
+ )))
+ }
+
+ codespace_secrets = distinct(flatten(concat(
+ [for _, repo in local.coalesced_public_repositories : repo.organization_codespace_secrets if repo.organization_codespace_secrets != null],
+ [for _, repo in local.coalesced_private_repositories : repo.organization_codespace_secrets if repo.organization_codespace_secrets != null]
+ )))
+
+ codespace_secrets_repository_id_list = {
+ for secret in local.codespace_secrets : secret => toset(distinct(concat(
+ [for repo_name, repo in local.coalesced_public_repositories : module.public_repositories["${repo_name}"].id if contains(coalesce(repo.organization_codespace_secrets, []), secret)],
+ [for repo_name, repo in local.coalesced_private_repositories : module.private_repositories["${repo_name}"].id if contains(coalesce(repo.organization_codespace_secrets, []), secret)]
+ )))
+ }
+
+ dependabot_secrets = distinct(flatten(concat(
+ [for _, repo in local.coalesced_public_repositories : repo.organization_dependabot_secrets if repo.organization_dependabot_secrets != null],
+ [for _, repo in local.coalesced_private_repositories : repo.organization_dependabot_secrets if repo.organization_dependabot_secrets != null]
+ )))
+
+ dependabot_secrets_id_list = {
+ for secret in local.dependabot_secrets : secret => toset(distinct(concat(
+ [for repo_name, repo in local.coalesced_public_repositories : module.public_repositories["${repo_name}"].id if contains(coalesce(repo.organization_dependabot_secrets, []), secret)],
+ [for repo_name, repo in local.coalesced_private_repositories : module.private_repositories["${repo_name}"].id if contains(coalesce(repo.organization_dependabot_secrets, []), secret)]
+ )))
+ }
+}
+
+resource "github_actions_organization_secret_repositories" "org__action_secret_repo_access" {
+ for_each = local.organization_action_secrets_repository_id_list
+
+ secret_name = each.key
+ selected_repository_ids = each.value
+}
+
+resource "github_codespaces_organization_secret_repositories" "org__codespace_secret_repo_access" {
+ for_each = local.codespace_secrets_repository_id_list
+
+ secret_name = each.key
+ selected_repository_ids = each.value
+}
+
+resource "github_dependabot_organization_secret_repositories" "org__dependabot_secret_repo_access" {
+ for_each = local.dependabot_secrets_id_list
+
+ secret_name = each.key
+ selected_repository_ids = each.value
+}
\ No newline at end of file
diff --git a/modules/repository_set/variables.tf b/modules/repository_set/variables.tf
index 6bf4bb2..aac97f7 100644
--- a/modules/repository_set/variables.tf
+++ b/modules/repository_set/variables.tf
@@ -11,18 +11,21 @@ variable "private_repositories" {
delete_head_on_merge = bool
allow_auto_merge = bool
dependabot_security_updates = bool
+ organization_action_secrets = optional(list(string))
+ organization_codespace_secrets = optional(list(string))
+ organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
- environments = optional(map(object({
+ environments = optional(map(object({
action_secrets = optional(map(string))
})))
- template_repository = optional(object({
+ template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
- license_template = optional(string)
+ license_template = optional(string)
}))
description = "A map of private repositories where the key is the repository name and the value is the configuration"
}
@@ -39,18 +42,21 @@ variable "public_repositories" {
delete_head_on_merge = bool
allow_auto_merge = bool
dependabot_security_updates = bool
+ organization_action_secrets = optional(list(string))
+ organization_codespace_secrets = optional(list(string))
+ organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
- environments = optional(map(object({
+ environments = optional(map(object({
action_secrets = optional(map(string))
})))
- template_repository = optional(object({
+ template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
- license_template = optional(string)
+ license_template = optional(string)
}))
description = "A map of public repositories where the key is the repository name and the value is the configuration"
}