diff --git a/modules/enterprise-organization/README.md b/modules/enterprise-organization/README.md
new file mode 100644
index 0000000..b413c5c
--- /dev/null
+++ b/modules/enterprise-organization/README.md
@@ -0,0 +1,40 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.3 |
+| [github](#requirement\_github) | ~> 6.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [github](#provider\_github) | ~> 6.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [github_enterprise_organization.organization](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/enterprise_organization) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [admin\_logins](#input\_admin\_logins) | List of organization owner usernames. | `list(string)` | n/a | yes |
+| [billing\_email](#input\_billing\_email) | The email to use for the organizations billing. | `string` | n/a | yes |
+| [description](#input\_description) | The description of the organization. | `string` | `""` | no |
+| [display\_name](#input\_display\_name) | The display name of the organization. If set to an empty string then `name` will be used instead | `string` | `""` | no |
+| [enterprise\_id](#input\_enterprise\_id) | The id of the enterprise account to create the organization under. | `string` | n/a | yes |
+| [name](#input\_name) | The name of the organization to create. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [id](#output\_id) | n/a |
+| [name](#output\_name) | n/a |
\ No newline at end of file
diff --git a/modules/enterprise-organization/organization.tf b/modules/enterprise-organization/organization.tf
new file mode 100644
index 0000000..4560f80
--- /dev/null
+++ b/modules/enterprise-organization/organization.tf
@@ -0,0 +1,9 @@
+resource "github_enterprise_organization" "organization" {
+ enterprise_id = var.enterprise_id
+ name = var.name
+ display_name = length(var.display_name) > 0 ? var.display_name : var.name
+ description = var.description
+ billing_email = var.billing_email
+ admin_logins = var.admin_logins
+}
+
diff --git a/modules/enterprise-organization/outputs.tf b/modules/enterprise-organization/outputs.tf
new file mode 100644
index 0000000..937fb55
--- /dev/null
+++ b/modules/enterprise-organization/outputs.tf
@@ -0,0 +1,7 @@
+output "id" {
+ value = github_enterprise_organization.organization.id
+}
+
+output "name" {
+ value = github_enterprise_organization.organization.name
+}
\ No newline at end of file
diff --git a/modules/enterprise-organization/variables.tf b/modules/enterprise-organization/variables.tf
new file mode 100644
index 0000000..1be3d95
--- /dev/null
+++ b/modules/enterprise-organization/variables.tf
@@ -0,0 +1,31 @@
+variable "enterprise_id" {
+ type = string
+ description = "The id of the enterprise account to create the organization under."
+}
+
+variable "name" {
+ type = string
+ description = "The name of the organization to create."
+}
+
+variable "display_name" {
+ type = string
+ description = "The display name of the organization. If set to an empty string then `name` will be used instead"
+ default = ""
+}
+
+variable "description" {
+ type = string
+ description = "The description of the organization."
+ default = ""
+}
+
+variable "billing_email" {
+ type = string
+ description = "The email to use for the organizations billing."
+}
+
+variable "admin_logins" {
+ type = list(string)
+ description = "List of organization owner usernames."
+}
diff --git a/modules/enterprise-organization/versions.tf b/modules/enterprise-organization/versions.tf
new file mode 100644
index 0000000..bb0a0bb
--- /dev/null
+++ b/modules/enterprise-organization/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+ required_version = ">= 1.3"
+ required_providers {
+ github = {
+ source = "integrations/github"
+ version = "~> 6.0"
+ }
+ }
+}
diff --git a/modules/foundations-github-organization/organization.tf b/modules/foundations-github-organization/organization.tf
deleted file mode 100644
index c5a710e..0000000
--- a/modules/foundations-github-organization/organization.tf
+++ /dev/null
@@ -1,11 +0,0 @@
-resource "github_enterprise_organization" "github-foundations" {
- provider = github.enterprise_scoped
-
- enterprise_id = var.enterprise_id
- name = var.github_foundations_organization_name
- display_name = "Github Foundations"
- description = "Organization created to host github foundation toolkit repositories"
- billing_email = var.billing_email
- admin_logins = var.admin_logins
-}
-
diff --git a/modules/foundations-github-organization/versions.tf b/modules/foundations-github-organization/versions.tf
deleted file mode 100644
index ac486db..0000000
--- a/modules/foundations-github-organization/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
- required_version = ">= 1.3"
- required_providers {
- github = {
- source = "hashicorp/github"
- version = "5.44.0"
- configuration_aliases = [github.enterprise_scoped, github.foundation_org_scoped]
- }
- }
-}
diff --git a/modules/foundations-github-organization/README.md b/modules/github-foundations/README.md
similarity index 52%
rename from modules/foundations-github-organization/README.md
rename to modules/github-foundations/README.md
index 97e355f..890204b 100644
--- a/modules/foundations-github-organization/README.md
+++ b/modules/github-foundations/README.md
@@ -3,57 +3,53 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
-| [github](#requirement\_github) | 5.44.0 |
+| [github](#requirement\_github) | ~> 6.0 |
## Providers
| Name | Version |
|------|---------|
-| [github](#provider\_github) | 5.44.0 |
-| [github.enterprise\_scoped](#provider\_github.enterprise\_scoped) | 5.44.0 |
-| [github.foundation\_org\_scoped](#provider\_github.foundation\_org\_scoped) | 5.44.0 |
+| [github](#provider\_github) | ~> 6.0 |
| [local](#provider\_local) | n/a |
## Modules
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| [base\_ruleset](#module\_base\_ruleset) | ../ruleset | n/a |
## Resources
| Name | Type |
|------|------|
-| [github_actions_organization_secret.workload_identity_provider](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_secret) | resource |
-| [github_actions_organization_variable.tf_state_bucket_location](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_variable) | resource |
-| [github_actions_organization_variable.tf_state_bucket_name](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_variable) | resource |
-| [github_actions_organization_variable.tf_state_bucket_project_id](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_variable) | resource |
-| [github_actions_secret.organization_workload_identity_sa](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_secret) | resource |
-| [github_actions_variable.gcp_secret_manager_project_id](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_variable) | resource |
-| [github_branch_protection.protect_bootstrap_main](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/branch_protection) | resource |
-| [github_branch_protection.protect_organization_main](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/branch_protection) | resource |
-| [github_enterprise_organization.github-foundations](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/enterprise_organization) | resource |
-| [github_issue_labels.drift_labels](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/issue_labels) | resource |
-| [github_repository.bootstrap_repo](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/repository) | resource |
-| [github_repository.organizations_repo](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/repository) | resource |
-| [github_repository_collaborators.bootstrap_repo_collaborators](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/repository_collaborators) | resource |
-| [github_repository_collaborators.organization_repo_collaborators](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/repository_collaborators) | resource |
-| [github_repository_file.main_readme](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/repository_file) | resource |
-| [github_team.foundation_devs](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/team) | resource |
+| [github_actions_organization_secret.workload_identity_provider](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_secret) | resource |
+| [github_actions_organization_variable.tf_state_bucket_location](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_variable) | resource |
+| [github_actions_organization_variable.tf_state_bucket_name](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_variable) | resource |
+| [github_actions_organization_variable.tf_state_bucket_project_id](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_variable) | resource |
+| [github_actions_secret.organization_workload_identity_sa](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource |
+| [github_actions_variable.gcp_secret_manager_project_id](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_variable) | resource |
+| [github_issue_labels.drift_labels](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/issue_labels) | resource |
+| [github_repository.bootstrap_repo](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository) | resource |
+| [github_repository.organizations_repo](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository) | resource |
+| [github_repository_collaborators.bootstrap_repo_collaborators](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_collaborators) | resource |
+| [github_repository_collaborators.organization_repo_collaborators](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_collaborators) | resource |
+| [github_repository_file.main_readme](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource |
+| [github_team.foundation_devs](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team) | resource |
| [local_file.main_readme](https://registry.terraform.io/providers/hashicorp/local/latest/docs/data-sources/file) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [admin\_logins](#input\_admin\_logins) | List of organization owner usernames. | `list(string)` | n/a | yes |
-| [billing\_email](#input\_billing\_email) | The email to use for the organizations billing. | `string` | n/a | yes |
+| [bootstrap\_repository\_name](#input\_bootstrap\_repository\_name) | The name of the bootstrap repository. | `string` | `"bootstrap"` | no |
| [bootstrap\_workload\_identity\_sa](#input\_bootstrap\_workload\_identity\_sa) | The service account to use for the bootstrap repository oidc. | `string` | n/a | yes |
| [bucket\_location](#input\_bucket\_location) | The location of the tf state bucket. | `string` | n/a | yes |
| [bucket\_name](#input\_bucket\_name) | The name of the tf state bucket. | `string` | n/a | yes |
-| [enterprise\_id](#input\_enterprise\_id) | The id of the enterprise account to create the organization under. | `string` | n/a | yes |
+| [foundation\_devs\_team\_name](#input\_foundation\_devs\_team\_name) | The name of the foundation developers team. | `string` | `"foundation-devs"` | no |
| [gcp\_project\_id](#input\_gcp\_project\_id) | The id of the gcp project where secret manager was setup. | `string` | n/a | yes |
| [gcp\_tf\_state\_bucket\_project\_id](#input\_gcp\_tf\_state\_bucket\_project\_id) | The id of the gcp project where the tf state bucket was setup. | `string` | n/a | yes |
-| [github\_foundations\_organization\_name](#input\_github\_foundations\_organization\_name) | The name of the organization to create. | `string` | n/a | yes |
| [organization\_workload\_identity\_sa](#input\_organization\_workload\_identity\_sa) | The service account to use for the organization repository oidc. | `string` | n/a | yes |
+| [organizations\_repository\_name](#input\_organizations\_repository\_name) | The name of the organizations repository. | `string` | `"organizations"` | no |
| [readme\_path](#input\_readme\_path) | Local Path to the README file in your current codebase. Pushed to the github foundation repository. | `string` | `""` | no |
| [workload\_identity\_provider\_name](#input\_workload\_identity\_provider\_name) | The name of the workload identity provider to use for the oidc of the github foundation repositories. | `string` | n/a | yes |
diff --git a/modules/foundations-github-organization/action-variables.tf b/modules/github-foundations/action-variables.tf
similarity index 87%
rename from modules/foundations-github-organization/action-variables.tf
rename to modules/github-foundations/action-variables.tf
index c34eee7..ad39345 100644
--- a/modules/foundations-github-organization/action-variables.tf
+++ b/modules/github-foundations/action-variables.tf
@@ -1,22 +1,16 @@
resource "github_actions_secret" "organization_workload_identity_sa" {
- provider = github.foundation_org_scoped
-
repository = github_repository.organizations_repo.name
secret_name = "GCP_SERVICE_ACCOUNT"
plaintext_value = var.organization_workload_identity_sa
}
resource "github_actions_variable" "gcp_secret_manager_project_id" {
- provider = github.foundation_org_scoped
-
repository = github_repository.organizations_repo.name
variable_name = "GCP_SECRET_MANAGER_PROJECT"
value = var.gcp_project_id
}
resource "github_actions_organization_secret" "workload_identity_provider" {
- provider = github.foundation_org_scoped
-
secret_name = "WORKLOAD_IDENTITY_PROVIDER"
plaintext_value = var.workload_identity_provider_name
visibility = "selected"
@@ -27,8 +21,6 @@ resource "github_actions_organization_secret" "workload_identity_provider" {
}
resource "github_actions_organization_variable" "tf_state_bucket_project_id" {
- provider = github.foundation_org_scoped
-
variable_name = "TF_STATE_BUCKET_PROJECT_ID"
value = var.gcp_tf_state_bucket_project_id
visibility = "selected"
@@ -39,8 +31,6 @@ resource "github_actions_organization_variable" "tf_state_bucket_project_id" {
}
resource "github_actions_organization_variable" "tf_state_bucket_name" {
- provider = github.foundation_org_scoped
-
variable_name = "TF_STATE_BUCKET_NAME"
value = var.bucket_name
visibility = "selected"
@@ -51,8 +41,6 @@ resource "github_actions_organization_variable" "tf_state_bucket_name" {
}
resource "github_actions_organization_variable" "tf_state_bucket_location" {
- provider = github.foundation_org_scoped
-
variable_name = "TF_STATE_BUCKET_LOCATION"
value = var.bucket_location
visibility = "selected"
diff --git a/modules/foundations-github-organization/outputs.tf b/modules/github-foundations/outputs.tf
similarity index 100%
rename from modules/foundations-github-organization/outputs.tf
rename to modules/github-foundations/outputs.tf
diff --git a/modules/foundations-github-organization/repo_readme.tf b/modules/github-foundations/repo_readme.tf
similarity index 78%
rename from modules/foundations-github-organization/repo_readme.tf
rename to modules/github-foundations/repo_readme.tf
index 66b5b79..9210ca5 100644
--- a/modules/foundations-github-organization/repo_readme.tf
+++ b/modules/github-foundations/repo_readme.tf
@@ -1,12 +1,13 @@
data "local_file" "main_readme" {
+ count = var.readme_path != "" ? 1 : 0
filename = var.readme_path
}
resource "github_repository_file" "main_readme" {
# Only create this when the readme filename is not empty
count = var.readme_path != "" ? 1 : 0
+ depends_on = [github_repository.organizations_repo]
repository = github_repository.organizations_repo.name
file = "README.md"
- content = data.local_file.main_readme.content
- depends_on = [github_repository.organizations_repo]
+ content = data.local_file.main_readme[0].content
}
\ No newline at end of file
diff --git a/modules/foundations-github-organization/repositories.tf b/modules/github-foundations/repositories.tf
similarity index 51%
rename from modules/foundations-github-organization/repositories.tf
rename to modules/github-foundations/repositories.tf
index 1dbf92c..7a3e95e 100644
--- a/modules/foundations-github-organization/repositories.tf
+++ b/modules/github-foundations/repositories.tf
@@ -4,11 +4,7 @@ locals {
#Creates the repository for the bootstrap layer
resource "github_repository" "bootstrap_repo" {
- provider = github.foundation_org_scoped
- #TODO: figure out what seems to be a race condition between repository creation and organization creation
- depends_on = [github_enterprise_organization.github-foundations]
-
- name = "bootstrap"
+ name = var.bootstrap_repository_name
description = "The repository for the bootstrap layer of the foundations. This repository contains the Terraform code to setup the github organization for the foundation repositories, create the GCP project, the GCP service account, the GCP secret manager secrets, and the GCP storage bucket for the state files."
visibility = "private"
@@ -16,46 +12,26 @@ resource "github_repository" "bootstrap_repo" {
auto_init = true
delete_branch_on_merge = true
vulnerability_alerts = true
+
+ lifecycle {
+ ignore_changes = [
+ auto_init
+ ]
+ }
}
resource "github_repository_collaborators" "bootstrap_repo_collaborators" {
- provider = github.foundation_org_scoped
repository = github_repository.bootstrap_repo.name
team {
permission = "push"
- team_id = github_team.foundation_devs.id
- }
-}
-
-resource "github_branch_protection" "protect_bootstrap_main" {
- provider = github.foundation_org_scoped
-
- repository_id = github_repository.bootstrap_repo.id
-
- pattern = "main"
- enforce_admins = true
- allows_deletions = false
-
- # TODO: Add a required check for the terrafom apply workflow
- required_status_checks {
- strict = true
- }
-
- required_pull_request_reviews {
- dismiss_stale_reviews = true
- restrict_dismissals = true
- required_approving_review_count = 1
- require_last_push_approval = true
+ team_id = github_team.foundation_devs.name
}
}
#Creates the repository for the organizations layer
resource "github_repository" "organizations_repo" {
- provider = github.foundation_org_scoped
- depends_on = [github_enterprise_organization.github-foundations]
-
- name = "organizations"
+ name = var.organizations_repository_name
description = "The repository for the organizations layer of the foundations. This repository contains the Terraform code to manage github organizations under the enterprise account and their repositories, teams, and members."
visibility = "private"
@@ -64,43 +40,25 @@ resource "github_repository" "organizations_repo" {
delete_branch_on_merge = true
vulnerability_alerts = true
has_issues = true
+
+ lifecycle {
+ ignore_changes = [
+ auto_init
+ ]
+ }
}
resource "github_repository_collaborators" "organization_repo_collaborators" {
- provider = github.foundation_org_scoped
repository = github_repository.organizations_repo.name
team {
permission = "push"
- team_id = github_team.foundation_devs.id
- }
-}
-
-
-resource "github_branch_protection" "protect_organization_main" {
- provider = github.foundation_org_scoped
-
- repository_id = github_repository.organizations_repo.id
-
- pattern = "main"
- enforce_admins = true
- allows_deletions = false
-
- required_status_checks {
- strict = true
- }
-
- required_pull_request_reviews {
- dismiss_stale_reviews = true
- restrict_dismissals = true
- required_approving_review_count = 1
- require_last_push_approval = true
+ team_id = github_team.foundation_devs.name
}
}
resource "github_issue_labels" "drift_labels" {
for_each = { for idx, val in local.repos_with_drift_detection : idx => val }
- provider = github.foundation_org_scoped
repository = each.value.name
@@ -113,4 +71,9 @@ resource "github_issue_labels" "drift_labels" {
name = "Re-Apply"
color = "0800FF"
}
+
+ label {
+ color = "ededed"
+ name = "Drift"
+ }
}
diff --git a/modules/github-foundations/rulesets.tf b/modules/github-foundations/rulesets.tf
new file mode 100644
index 0000000..22fbadf
--- /dev/null
+++ b/modules/github-foundations/rulesets.tf
@@ -0,0 +1,19 @@
+module "base_ruleset" {
+ source = "../ruleset"
+
+ name = "Foundation Repositories Base Ruleset"
+ enforcement = "active"
+ target = "branch"
+ ruleset_type = "organization"
+
+ rules = {
+ pull_request = {
+ dismiss_stale_reviews_on_push = true
+ require_last_push_approval = true
+ required_approving_review_count = 1
+ }
+ }
+
+ ref_name_inclusions = ["~DEFAULT_BRANCH"]
+ repository_name_inclusions = [github_repository.bootstrap_repo.name, github_repository.organizations_repo.name]
+}
\ No newline at end of file
diff --git a/modules/foundations-github-organization/teams.tf b/modules/github-foundations/teams.tf
similarity index 66%
rename from modules/foundations-github-organization/teams.tf
rename to modules/github-foundations/teams.tf
index 9511724..4954898 100644
--- a/modules/foundations-github-organization/teams.tf
+++ b/modules/github-foundations/teams.tf
@@ -1,7 +1,5 @@
resource "github_team" "foundation_devs" {
- provider = github.foundation_org_scoped
-
- name = "foundation-devs"
+ name = var.foundation_devs_team_name
description = "Team members with write access to the foundation repositories"
privacy = "closed"
}
diff --git a/modules/foundations-github-organization/variables.tf b/modules/github-foundations/variables.tf
similarity index 74%
rename from modules/foundations-github-organization/variables.tf
rename to modules/github-foundations/variables.tf
index deb508f..9a82faf 100644
--- a/modules/foundations-github-organization/variables.tf
+++ b/modules/github-foundations/variables.tf
@@ -1,23 +1,3 @@
-variable "enterprise_id" {
- type = string
- description = "The id of the enterprise account to create the organization under."
-}
-
-variable "github_foundations_organization_name" {
- type = string
- description = "The name of the organization to create."
-}
-
-variable "billing_email" {
- type = string
- description = "The email to use for the organizations billing."
-}
-
-variable "admin_logins" {
- type = list(string)
- description = "List of organization owner usernames."
-}
-
variable "workload_identity_provider_name" {
type = string
description = "The name of the workload identity provider to use for the oidc of the github foundation repositories."
@@ -58,4 +38,22 @@ variable "readme_path" {
type = string
description = "Local Path to the README file in your current codebase. Pushed to the github foundation repository."
default = ""
+}
+
+variable "bootstrap_repository_name" {
+ type = string
+ description = "The name of the bootstrap repository."
+ default = "bootstrap"
+}
+
+variable "organizations_repository_name" {
+ type = string
+ description = "The name of the organizations repository."
+ default = "organizations"
+}
+
+variable "foundation_devs_team_name" {
+ type = string
+ description = "The name of the foundation developers team."
+ default = "foundation-devs"
}
\ No newline at end of file
diff --git a/modules/github-foundations/versions.tf b/modules/github-foundations/versions.tf
new file mode 100644
index 0000000..bb0a0bb
--- /dev/null
+++ b/modules/github-foundations/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+ required_version = ">= 1.3"
+ required_providers {
+ github = {
+ source = "integrations/github"
+ version = "~> 6.0"
+ }
+ }
+}
diff --git a/modules/organization/README.md b/modules/organization/README.md
index 6cee7f2..407378c 100644
--- a/modules/organization/README.md
+++ b/modules/organization/README.md
@@ -3,13 +3,13 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
-| [github](#requirement\_github) | 6.1.0 |
+| [github](#requirement\_github) | ~> 6.0 |
## Providers
| Name | Version |
|------|---------|
-| [github](#provider\_github) | 6.1.0 |
+| [github](#provider\_github) | ~> 6.0 |
## Modules
@@ -25,19 +25,19 @@
| Name | Type |
|------|------|
-| [github_actions_organization_secret.action_secret](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/actions_organization_secret) | resource |
-| [github_codespaces_organization_secret.codespace_secret](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/codespaces_organization_secret) | resource |
-| [github_dependabot_organization_secret.dependabot_secret](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/dependabot_organization_secret) | resource |
-| [github_membership.membership_for_user](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/membership) | resource |
-| [github_organization_block.blocked_user](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/organization_block) | resource |
-| [github_organization_custom_role.community_manager_role](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/organization_custom_role) | resource |
-| [github_organization_custom_role.contractor_role](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/organization_custom_role) | resource |
-| [github_organization_custom_role.custom_repository_role](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/organization_custom_role) | resource |
-| [github_organization_custom_role.security_engineer_role](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/organization_custom_role) | resource |
-| [github_organization_settings.organization_settings](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/organization_settings) | resource |
-| [github_organization_custom_role.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/data-sources/organization_custom_role) | data source |
-| [github_team.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/data-sources/team) | data source |
-| [github_user.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/data-sources/user) | data source |
+| [github_actions_organization_secret.action_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_secret) | resource |
+| [github_codespaces_organization_secret.codespace_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/codespaces_organization_secret) | resource |
+| [github_dependabot_organization_secret.dependabot_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/dependabot_organization_secret) | resource |
+| [github_membership.membership_for_user](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/membership) | resource |
+| [github_organization_block.blocked_user](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_block) | resource |
+| [github_organization_custom_role.community_manager_role](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_custom_role) | resource |
+| [github_organization_custom_role.contractor_role](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_custom_role) | resource |
+| [github_organization_custom_role.custom_repository_role](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_custom_role) | resource |
+| [github_organization_custom_role.security_engineer_role](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_custom_role) | resource |
+| [github_organization_settings.organization_settings](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_settings) | resource |
+| [github_organization_custom_role.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/organization_custom_role) | data source |
+| [github_team.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/team) | data source |
+| [github_user.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/user) | data source |
## Inputs
@@ -46,7 +46,7 @@
| [actions\_secrets](#input\_actions\_secrets) | A map of organization-level GitHub Actions secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. | map(object({
encrypted_value = string
visibility = string
})) | `{}` | no |
| [codespaces\_secrets](#input\_codespaces\_secrets) | A map of organization-level GitHub Codespaces secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. | map(object({
encrypted_value = string
visibility = string
})) | `{}` | no |
| [custom\_repository\_roles](#input\_custom\_repository\_roles) | A map of custom repository roles to create. The key is the name of the role and the value is the role configurations. | map(object({
description = string
base_role = string
permissions = list(string)
})) | n/a | yes |
-| [default\_branch\_protection\_rulesets](#input\_default\_branch\_protection\_rulesets) | n/a | object({
base_protection = optional(object({
enforcement = string
}))
minimum_approvals = optional(object({
enforcement = string
approvals_required = number
}))
dismiss_stale_reviews = optional(object({
enforcement = string
}))
require_signatures = optional(object({
enforcement = string
}))
bypass_actors = optional(object({
repository_roles = optional(list(object({
role = string
always_bypass = optional(bool)
})))
teams = optional(list(object({
team = string
always_bypass = optional(bool)
})))
integrations = optional(list(object({
installation_id = number
always_bypass = optional(bool)
})))
organization_admins = optional(list(object({
user = string
always_bypass = optional(bool)
})))
}))
}) | `{}` | no |
+| [default\_branch\_protection\_rulesets](#input\_default\_branch\_protection\_rulesets) | n/a | object({
base_protection = optional(object({
enforcement = string
}))
minimum_approvals = optional(object({
enforcement = string
approvals_required = number
}))
dismiss_stale_reviews = optional(object({
enforcement = string
}))
require_signatures = optional(object({
enforcement = string
}))
bypass_actors = optional(object({
repository_roles = optional(list(object({
role = string
always_bypass = optional(bool)
})))
teams = optional(list(object({
team = string
always_bypass = optional(bool)
})))
integrations = optional(list(object({
installation_id = number
always_bypass = optional(bool)
})))
organization_admins = optional(list(object({
user = string
always_bypass = optional(bool)
})))
}))
}) | `{}` | no |
| [dependabot\_secrets](#input\_dependabot\_secrets) | A map of organization-level Dependabot secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. | map(object({
encrypted_value = string
visibility = string
})) | `{}` | no |
| [enable\_community\_manager\_role](#input\_enable\_community\_manager\_role) | If `true` will create a custom repository role for community managers. Defaults to `false`. If `true` the maximum number of `custom_repository_roles` that can be defined will be reduced by one. | `bool` | `false` | no |
| [enable\_contractor\_role](#input\_enable\_contractor\_role) | If `true` will create a custom repository role for contractors. Defaults to `false`. If `true` the maximum number of `custom_repository_roles` that can be defined will be reduced by one. | `bool` | `false` | no |
diff --git a/modules/organization/variables.tf b/modules/organization/variables.tf
index 3708ac1..2a67723 100644
--- a/modules/organization/variables.tf
+++ b/modules/organization/variables.tf
@@ -166,7 +166,7 @@ variable "default_branch_protection_rulesets" {
enforcement = string
}))
minimum_approvals = optional(object({
- enforcement = string
+ enforcement = string
approvals_required = number
}))
dismiss_stale_reviews = optional(object({
diff --git a/modules/organization/versions.tf b/modules/organization/versions.tf
index d32b1bb..e58f121 100644
--- a/modules/organization/versions.tf
+++ b/modules/organization/versions.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
github = {
source = "integrations/github"
- version = "6.1.0"
+ version = "~> 6.0"
}
}
}
\ No newline at end of file
diff --git a/modules/private_repository/README.md b/modules/private_repository/README.md
index f318c8a..71f1d8f 100644
--- a/modules/private_repository/README.md
+++ b/modules/private_repository/README.md
@@ -3,7 +3,7 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
-| [github](#requirement\_github) | 6.1.0 |
+| [github](#requirement\_github) | ~> 6.0 |
## Providers
diff --git a/modules/private_repository/versions.tf b/modules/private_repository/versions.tf
index d32b1bb..e58f121 100644
--- a/modules/private_repository/versions.tf
+++ b/modules/private_repository/versions.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
github = {
source = "integrations/github"
- version = "6.1.0"
+ version = "~> 6.0"
}
}
}
\ No newline at end of file
diff --git a/modules/public_repository/README.md b/modules/public_repository/README.md
index 77eb62a..5382525 100644
--- a/modules/public_repository/README.md
+++ b/modules/public_repository/README.md
@@ -3,7 +3,7 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
-| [github](#requirement\_github) | 6.1.0 |
+| [github](#requirement\_github) | ~> 6.0 |
## Providers
diff --git a/modules/public_repository/versions.tf b/modules/public_repository/versions.tf
index d32b1bb..e58f121 100644
--- a/modules/public_repository/versions.tf
+++ b/modules/public_repository/versions.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
github = {
source = "integrations/github"
- version = "6.1.0"
+ version = "~> 6.0"
}
}
}
\ No newline at end of file
diff --git a/modules/repository_base/README.md b/modules/repository_base/README.md
index d05a568..c1c6c8a 100644
--- a/modules/repository_base/README.md
+++ b/modules/repository_base/README.md
@@ -3,13 +3,13 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
-| [github](#requirement\_github) | 6.1.0 |
+| [github](#requirement\_github) | ~> 6.0 |
## Providers
| Name | Version |
|------|---------|
-| [github](#provider\_github) | 6.1.0 |
+| [github](#provider\_github) | ~> 6.0 |
## Modules
@@ -21,19 +21,19 @@
| Name | Type |
|------|------|
-| [github_actions_environment_secret.environment_secret](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/actions_environment_secret) | resource |
-| [github_actions_secret.actions_secret](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/actions_secret) | resource |
-| [github_branch_default.default_branch](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/branch_default) | resource |
-| [github_codespaces_secret.codespaces_secret](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/codespaces_secret) | resource |
-| [github_dependabot_secret.dependabot_secret](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/dependabot_secret) | resource |
-| [github_repository.repository](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/repository) | resource |
-| [github_repository_collaborators.collaborators](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/repository_collaborators) | resource |
-| [github_repository_dependabot_security_updates.automated_security_fixes](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/repository_dependabot_security_updates) | resource |
-| [github_repository_environment.environment](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/repository_environment) | resource |
-| [github_repository_ruleset.protected_branch_base_rules](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/repository_ruleset) | resource |
-| [github_organization_custom_role.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/data-sources/organization_custom_role) | data source |
-| [github_team.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/data-sources/team) | data source |
-| [github_user.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/data-sources/user) | data source |
+| [github_actions_environment_secret.environment_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_environment_secret) | resource |
+| [github_actions_secret.actions_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource |
+| [github_branch_default.default_branch](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_default) | resource |
+| [github_codespaces_secret.codespaces_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/codespaces_secret) | resource |
+| [github_dependabot_secret.dependabot_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/dependabot_secret) | resource |
+| [github_repository.repository](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository) | resource |
+| [github_repository_collaborators.collaborators](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_collaborators) | resource |
+| [github_repository_dependabot_security_updates.automated_security_fixes](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_dependabot_security_updates) | resource |
+| [github_repository_environment.environment](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_environment) | resource |
+| [github_repository_ruleset.protected_branch_base_rules](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_ruleset) | resource |
+| [github_organization_custom_role.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/organization_custom_role) | data source |
+| [github_team.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/team) | data source |
+| [github_user.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/user) | data source |
## Inputs
diff --git a/modules/repository_base/rulesets.tf b/modules/repository_base/rulesets.tf
index a199f5d..7fdfa52 100644
--- a/modules/repository_base/rulesets.tf
+++ b/modules/repository_base/rulesets.tf
@@ -96,6 +96,6 @@ module "ruleset" {
integrations = try(each.value.bypass_actors.repository_roles, [])
}
- ref_name_inclusions = each.value.conditions.ref_name.include
- ref_name_exclusions = each.value.conditions.ref_name.exclude
+ ref_name_inclusions = each.value.conditions.ref_name.include
+ ref_name_exclusions = each.value.conditions.ref_name.exclude
}
\ No newline at end of file
diff --git a/modules/repository_base/versions.tf b/modules/repository_base/versions.tf
index d32b1bb..e58f121 100644
--- a/modules/repository_base/versions.tf
+++ b/modules/repository_base/versions.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
github = {
source = "integrations/github"
- version = "6.1.0"
+ version = "~> 6.0"
}
}
}
\ No newline at end of file
diff --git a/modules/repository_set/README.md b/modules/repository_set/README.md
index 6f09872..c216cfe 100644
--- a/modules/repository_set/README.md
+++ b/modules/repository_set/README.md
@@ -3,13 +3,13 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
-| [github](#requirement\_github) | 6.1.0 |
+| [github](#requirement\_github) | ~> 6.0 |
## Providers
| Name | Version |
|------|---------|
-| [github](#provider\_github) | 6.1.0 |
+| [github](#provider\_github) | ~> 6.0 |
## Modules
@@ -22,9 +22,9 @@
| Name | Type |
|------|------|
-| [github_actions_organization_secret_repositories.org__action_secret_repo_access](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/actions_organization_secret_repositories) | resource |
-| [github_codespaces_organization_secret_repositories.org__codespace_secret_repo_access](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/codespaces_organization_secret_repositories) | resource |
-| [github_dependabot_organization_secret_repositories.org__dependabot_secret_repo_access](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/dependabot_organization_secret_repositories) | resource |
+| [github_actions_organization_secret_repositories.org__action_secret_repo_access](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_secret_repositories) | resource |
+| [github_codespaces_organization_secret_repositories.org__codespace_secret_repo_access](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/codespaces_organization_secret_repositories) | resource |
+| [github_dependabot_organization_secret_repositories.org__dependabot_secret_repo_access](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/dependabot_organization_secret_repositories) | resource |
## Inputs
diff --git a/modules/repository_set/versions.tf b/modules/repository_set/versions.tf
index d32b1bb..e58f121 100644
--- a/modules/repository_set/versions.tf
+++ b/modules/repository_set/versions.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
github = {
source = "integrations/github"
- version = "6.1.0"
+ version = "~> 6.0"
}
}
}
\ No newline at end of file
diff --git a/modules/ruleset/README.md b/modules/ruleset/README.md
index 1809db2..7853302 100644
--- a/modules/ruleset/README.md
+++ b/modules/ruleset/README.md
@@ -3,13 +3,13 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
-| [github](#requirement\_github) | 6.1.0 |
+| [github](#requirement\_github) | ~> 6.0 |
## Providers
| Name | Version |
|------|---------|
-| [github](#provider\_github) | 6.1.0 |
+| [github](#provider\_github) | ~> 6.0 |
## Modules
@@ -19,15 +19,14 @@ No modules.
| Name | Type |
|------|------|
-| [github_organization_ruleset.ruleset](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/organization_ruleset) | resource |
-| [github_repository_ruleset.ruleset](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/repository_ruleset) | resource |
+| [github_organization_ruleset.ruleset](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_ruleset) | resource |
+| [github_repository_ruleset.ruleset](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_ruleset) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [bypass\_actors](#input\_bypass\_actors) | An object containing fields for role, team, organization admin, and integration bypass actors. Defaults to `{}` | object({
repository_roles = optional(list(object({
role_id = string
always_bypass = optional(bool)
})))
teams = optional(list(object({
team_id = string
always_bypass = optional(bool)
})))
integrations = optional(list(object({
installation_id = number
always_bypass = optional(bool)
})))
organization_admins = optional(list(object({
user_id = string
always_bypass = optional(bool)
})))
}) | `{}` | no |
-| [conditions](#input\_conditions) | An object that describes what branches and repositories the ruleset should apply to. If `ruleset_type` is set to `repository` then this field is optional and repository\_name is ignored. | object({
ref_name = optional(object({
include = list(string)
exclude = list(string)
}))
repository_name = optional(object({
include = list(string)
exclude = list(string)
}))
}) | `{}` | no |
+| [bypass\_actors](#input\_bypass\_actors) | An object containing fields for role, team, organization admin, and integration bypass actors. Defaults to `{}` | object({
repository_roles = optional(list(object({
role_id = string
always_bypass = optional(bool)
})))
teams = optional(list(object({
team_id = string
always_bypass = optional(bool)
})))
integrations = optional(list(object({
installation_id = number
always_bypass = optional(bool)
})))
organization_admins = optional(list(object({
user_id = string
always_bypass = optional(bool)
})))
}) | `{}` | no |
| [enforcement](#input\_enforcement) | The enforcement level of the ruleset. Should be one of either `active`, `evaluate` or `disabled`. Defaults to `active` | `string` | `"active"` | no |
| [name](#input\_name) | The name of the ruleset. | `string` | n/a | yes |
| [ref\_name\_exclusions](#input\_ref\_name\_exclusions) | A list of ref names or patterns to exclude. Defaults to an empty list. If set and `ruleset_type` is set to `organization` then either `repository_name_inclusions` or `repository_name_exclusions` must be set to a list of atleast 1 string. | `list(string)` | `[]` | no |
@@ -35,7 +34,7 @@ No modules.
| [repository](#input\_repository) | The repository to create the ruleset under. Only applicable if `ruleset_type` is set to `repository`. Defaults to "" | `string` | `""` | no |
| [repository\_name\_exclusions](#input\_repository\_name\_exclusions) | A list of repository names or patterns to exclude. If `ruleset_type` is set to `repository` then this field is ignored. | `list(string)` | `[]` | no |
| [repository\_name\_inclusions](#input\_repository\_name\_inclusions) | A list of repository names or patterns to include. If `ruleset_type` is set to `repository` then this field is ignored. | `list(string)` | `[]` | no |
-| [rules](#input\_rules) | An object containing fields for all the rule definitions the ruleset should enforce. | object({
branch_name_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
tag_name_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
commit_author_email_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
commit_message_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
committer_email_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
creation = optional(bool)
deletion = optional(bool)
update = optional(bool)
non_fast_forward = optional(bool)
required_linear_history = optional(bool)
required_signatures = optional(bool)
update_allows_fetch_and_merge = optional(bool)
pull_request = optional(object({
dismiss_stale_reviews_on_push = optional(bool)
require_code_owner_review = optional(bool)
require_last_push_approval = optional(bool)
required_approving_review_count = optional(number)
required_review_thread_resolution = optional(bool)
}))
required_status_checks = optional(object({
required_check = list(object({
context = string
integration_id = optional(number)
}))
strict_required_status_check_policy = optional(bool)
}))
required_workflows = optional(object({
required_workflows = list(object({
repository_id = number
path = string
ref = optional(string)
}))
}))
required_deployment_environments = optional(list(string))
}) | n/a | yes |
+| [rules](#input\_rules) | An object containing fields for all the rule definitions the ruleset should enforce. | object({
branch_name_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
tag_name_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
commit_author_email_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
commit_message_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
committer_email_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
creation = optional(bool)
deletion = optional(bool)
update = optional(bool)
non_fast_forward = optional(bool)
required_linear_history = optional(bool)
required_signatures = optional(bool)
update_allows_fetch_and_merge = optional(bool)
pull_request = optional(object({
dismiss_stale_reviews_on_push = optional(bool)
require_code_owner_review = optional(bool)
require_last_push_approval = optional(bool)
required_approving_review_count = optional(number)
required_review_thread_resolution = optional(bool)
}))
required_status_checks = optional(object({
required_check = list(object({
context = string
integration_id = optional(number)
}))
strict_required_status_check_policy = optional(bool)
}))
required_workflows = optional(object({
required_workflows = list(object({
repository_id = number
path = string
ref = optional(string)
}))
}))
required_deployment_environments = optional(list(string))
}) | n/a | yes |
| [ruleset\_type](#input\_ruleset\_type) | The type of rulset to make. Should be one of ether `organization` or `repository`. | `string` | n/a | yes |
| [target](#input\_target) | The target of the ruleset. Should be one of either `branch` or `tag`. | `string` | n/a | yes |
diff --git a/modules/ruleset/repository_ruleset.tf b/modules/ruleset/repository_ruleset.tf
index bcaa162..514edee 100644
--- a/modules/ruleset/repository_ruleset.tf
+++ b/modules/ruleset/repository_ruleset.tf
@@ -1,5 +1,5 @@
resource "github_repository_ruleset" "ruleset" {
- count = var.ruleset_type == "repository" ? 1 : 0
+ count = var.ruleset_type == "repository" ? 1 : 0
name = var.name
target = var.target
enforcement = var.enforcement
diff --git a/modules/ruleset/variables.tf b/modules/ruleset/variables.tf
index 1c245d9..d442c16 100644
--- a/modules/ruleset/variables.tf
+++ b/modules/ruleset/variables.tf
@@ -1,165 +1,150 @@
variable "name" {
- type = string
+ type = string
description = "The name of the ruleset."
}
variable "bypass_actors" {
- type = object({
- repository_roles = optional(list(object({
- role_id = string
- always_bypass = optional(bool)
- })))
- teams = optional(list(object({
- team_id = string
- always_bypass = optional(bool)
- })))
- integrations = optional(list(object({
- installation_id = number
- always_bypass = optional(bool)
- })))
- organization_admins = optional(list(object({
- user_id = string
- always_bypass = optional(bool)
- })))
- })
- default = {}
- description = "An object containing fields for role, team, organization admin, and integration bypass actors. Defaults to `{}`"
+ type = object({
+ repository_roles = optional(list(object({
+ role_id = string
+ always_bypass = optional(bool)
+ })))
+ teams = optional(list(object({
+ team_id = string
+ always_bypass = optional(bool)
+ })))
+ integrations = optional(list(object({
+ installation_id = number
+ always_bypass = optional(bool)
+ })))
+ organization_admins = optional(list(object({
+ user_id = string
+ always_bypass = optional(bool)
+ })))
+ })
+ default = {}
+ description = "An object containing fields for role, team, organization admin, and integration bypass actors. Defaults to `{}`"
}
variable "rules" {
type = object({
- branch_name_pattern = optional(object({
- operator = string
- pattern = string
- name = optional(string)
- negate = optional(bool)
- }))
- tag_name_pattern = optional(object({
- operator = string
- pattern = string
- name = optional(string)
- negate = optional(bool)
- }))
- commit_author_email_pattern = optional(object({
- operator = string
- pattern = string
- name = optional(string)
- negate = optional(bool)
- }))
- commit_message_pattern = optional(object({
- operator = string
- pattern = string
- name = optional(string)
- negate = optional(bool)
- }))
- committer_email_pattern = optional(object({
- operator = string
- pattern = string
- name = optional(string)
- negate = optional(bool)
- }))
- creation = optional(bool)
- deletion = optional(bool)
- update = optional(bool)
- non_fast_forward = optional(bool)
- required_linear_history = optional(bool)
- required_signatures = optional(bool)
- update_allows_fetch_and_merge = optional(bool)
- pull_request = optional(object({
- dismiss_stale_reviews_on_push = optional(bool)
- require_code_owner_review = optional(bool)
- require_last_push_approval = optional(bool)
- required_approving_review_count = optional(number)
- required_review_thread_resolution = optional(bool)
- }))
- required_status_checks = optional(object({
- required_check = list(object({
- context = string
- integration_id = optional(number)
- }))
- strict_required_status_check_policy = optional(bool)
+ branch_name_pattern = optional(object({
+ operator = string
+ pattern = string
+ name = optional(string)
+ negate = optional(bool)
+ }))
+ tag_name_pattern = optional(object({
+ operator = string
+ pattern = string
+ name = optional(string)
+ negate = optional(bool)
+ }))
+ commit_author_email_pattern = optional(object({
+ operator = string
+ pattern = string
+ name = optional(string)
+ negate = optional(bool)
+ }))
+ commit_message_pattern = optional(object({
+ operator = string
+ pattern = string
+ name = optional(string)
+ negate = optional(bool)
+ }))
+ committer_email_pattern = optional(object({
+ operator = string
+ pattern = string
+ name = optional(string)
+ negate = optional(bool)
+ }))
+ creation = optional(bool)
+ deletion = optional(bool)
+ update = optional(bool)
+ non_fast_forward = optional(bool)
+ required_linear_history = optional(bool)
+ required_signatures = optional(bool)
+ update_allows_fetch_and_merge = optional(bool)
+ pull_request = optional(object({
+ dismiss_stale_reviews_on_push = optional(bool)
+ require_code_owner_review = optional(bool)
+ require_last_push_approval = optional(bool)
+ required_approving_review_count = optional(number)
+ required_review_thread_resolution = optional(bool)
+ }))
+ required_status_checks = optional(object({
+ required_check = list(object({
+ context = string
+ integration_id = optional(number)
}))
- required_workflows = optional(object({
- required_workflows = list(object({
- repository_id = number
- path = string
- ref = optional(string)
- }))
+ strict_required_status_check_policy = optional(bool)
+ }))
+ required_workflows = optional(object({
+ required_workflows = list(object({
+ repository_id = number
+ path = string
+ ref = optional(string)
}))
- required_deployment_environments = optional(list(string))
- })
+ }))
+ required_deployment_environments = optional(list(string))
+ })
description = "An object containing fields for all the rule definitions the ruleset should enforce."
}
variable "ref_name_inclusions" {
- type = list(string)
+ type = list(string)
description = "A list of ref names or patterns to include. Defaults to an empty list. If set and `ruleset_type` is set to `organization` then either `repository_name_inclusions` or `repository_name_exclusions` must be set to a list of atleast 1 string."
- default = []
+ default = []
}
variable "ref_name_exclusions" {
- type = list(string)
+ type = list(string)
description = "A list of ref names or patterns to exclude. Defaults to an empty list. If set and `ruleset_type` is set to `organization` then either `repository_name_inclusions` or `repository_name_exclusions` must be set to a list of atleast 1 string."
- default = []
+ default = []
}
variable "repository_name_inclusions" {
- type = list(string)
+ type = list(string)
description = "A list of repository names or patterns to include. If `ruleset_type` is set to `repository` then this field is ignored."
- default = []
+ default = []
}
variable "repository_name_exclusions" {
- type = list(string)
+ type = list(string)
description = "A list of repository names or patterns to exclude. If `ruleset_type` is set to `repository` then this field is ignored."
- default = []
-}
-
-variable "conditions" {
- type = object({
- ref_name = optional(object({
- include = list(string)
- exclude = list(string)
- }))
- repository_name = optional(object({
- include = list(string)
- exclude = list(string)
- }))
- })
- description = "An object that describes what branches and repositories the ruleset should apply to. If `ruleset_type` is set to `repository` then this field is optional and repository_name is ignored."
- default = {}
+ default = []
}
variable "target" {
- type = string
+ type = string
description = "The target of the ruleset. Should be one of either `branch` or `tag`."
validation {
- condition = can(regex("branch|tag", var.target))
+ condition = can(regex("branch|tag", var.target))
error_message = "The target must be either `branch` or `tag`."
}
}
variable "ruleset_type" {
- type = string
+ type = string
description = "The type of rulset to make. Should be one of ether `organization` or `repository`."
validation {
- condition = can(regex("organization|repository", var.ruleset_type))
+ condition = can(regex("organization|repository", var.ruleset_type))
error_message = "The ruleset type must be either `organization` or `repository`."
}
}
-
+
variable "enforcement" {
- type = string
+ type = string
description = "The enforcement level of the ruleset. Should be one of either `active`, `evaluate` or `disabled`. Defaults to `active`"
- default = "active"
+ default = "active"
validation {
- condition = can(regex("active|evaluate|disabled", var.enforcement))
+ condition = can(regex("active|evaluate|disabled", var.enforcement))
error_message = "The enforcement level must be either `active`, `evaluate` or `disabled`."
}
}
variable "repository" {
- type = string
+ type = string
description = "The repository to create the ruleset under. Only applicable if `ruleset_type` is set to `repository`. Defaults to \"\""
- default = ""
-}
\ No newline at end of file
+ default = ""
+}
diff --git a/modules/ruleset/versions.tf b/modules/ruleset/versions.tf
index d32b1bb..e58f121 100644
--- a/modules/ruleset/versions.tf
+++ b/modules/ruleset/versions.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
github = {
source = "integrations/github"
- version = "6.1.0"
+ version = "~> 6.0"
}
}
}
\ No newline at end of file
diff --git a/modules/team/README.md b/modules/team/README.md
index 0991dfc..e71b7c9 100644
--- a/modules/team/README.md
+++ b/modules/team/README.md
@@ -3,13 +3,13 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
-| [github](#requirement\_github) | 6.1.0 |
+| [github](#requirement\_github) | ~> 6.0 |
## Providers
| Name | Version |
|------|---------|
-| [github](#provider\_github) | 6.1.0 |
+| [github](#provider\_github) | ~> 6.0 |
## Modules
@@ -19,9 +19,9 @@ No modules.
| Name | Type |
|------|------|
-| [github_team.team](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/team) | resource |
-| [github_team_membership.maintainers](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/team_membership) | resource |
-| [github_team_membership.members](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/team_membership) | resource |
+| [github_team.team](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team) | resource |
+| [github_team_membership.maintainers](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team_membership) | resource |
+| [github_team_membership.members](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team_membership) | resource |
## Inputs
diff --git a/modules/team/versions.tf b/modules/team/versions.tf
index d32b1bb..e58f121 100644
--- a/modules/team/versions.tf
+++ b/modules/team/versions.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
github = {
source = "integrations/github"
- version = "6.1.0"
+ version = "~> 6.0"
}
}
}
\ No newline at end of file
diff --git a/modules/team_set/README.md b/modules/team_set/README.md
index 468ce69..e8f78c8 100644
--- a/modules/team_set/README.md
+++ b/modules/team_set/README.md
@@ -3,7 +3,7 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
-| [github](#requirement\_github) | 6.1.0 |
+| [github](#requirement\_github) | ~> 6.0 |
## Providers
diff --git a/modules/team_set/versions.tf b/modules/team_set/versions.tf
index 95d7d87..bb0a0bb 100644
--- a/modules/team_set/versions.tf
+++ b/modules/team_set/versions.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
github = {
source = "integrations/github"
- version = "6.1.0"
+ version = "~> 6.0"
}
}
}