From 5fe09014bdee75cf00864f80427d0a5fa1e77a18 Mon Sep 17 00:00:00 2001 From: Tyler Mizuyabu Date: Fri, 15 Mar 2024 09:25:03 -0400 Subject: [PATCH 01/16] made an eneterpise organization module. removed org creation from github-foundations module --- .../enterprise-organization/organization.tf | 9 +++++ modules/enterprise-organization/outputs.tf | 7 ++++ modules/enterprise-organization/variables.tf | 31 +++++++++++++++ .../versions.tf | 1 - .../organization.tf | 11 ------ .../README.md | 0 .../action-variables.tf | 12 ------ modules/github-foundations/organization.tf | 11 ++++++ .../outputs.tf | 0 .../repo_readme.tf | 2 +- .../repositories.tf | 18 +-------- .../teams.tf | 4 +- .../variables.tf | 38 +++++++++---------- modules/github-foundations/versions.tf | 9 +++++ 14 files changed, 89 insertions(+), 64 deletions(-) create mode 100644 modules/enterprise-organization/organization.tf create mode 100644 modules/enterprise-organization/outputs.tf create mode 100644 modules/enterprise-organization/variables.tf rename modules/{foundations-github-organization => enterprise-organization}/versions.tf (67%) delete mode 100644 modules/foundations-github-organization/organization.tf rename modules/{foundations-github-organization => github-foundations}/README.md (100%) rename modules/{foundations-github-organization => github-foundations}/action-variables.tf (87%) create mode 100644 modules/github-foundations/organization.tf rename modules/{foundations-github-organization => github-foundations}/outputs.tf (100%) rename modules/{foundations-github-organization => github-foundations}/repo_readme.tf (100%) rename modules/{foundations-github-organization => github-foundations}/repositories.tf (82%) rename modules/{foundations-github-organization => github-foundations}/teams.tf (66%) rename modules/{foundations-github-organization => github-foundations}/variables.tf (70%) create mode 100644 modules/github-foundations/versions.tf diff --git a/modules/enterprise-organization/organization.tf b/modules/enterprise-organization/organization.tf new file mode 100644 index 0000000..4560f80 --- /dev/null +++ b/modules/enterprise-organization/organization.tf @@ -0,0 +1,9 @@ +resource "github_enterprise_organization" "organization" { + enterprise_id = var.enterprise_id + name = var.name + display_name = length(var.display_name) > 0 ? var.display_name : var.name + description = var.description + billing_email = var.billing_email + admin_logins = var.admin_logins +} + diff --git a/modules/enterprise-organization/outputs.tf b/modules/enterprise-organization/outputs.tf new file mode 100644 index 0000000..937fb55 --- /dev/null +++ b/modules/enterprise-organization/outputs.tf @@ -0,0 +1,7 @@ +output "id" { + value = github_enterprise_organization.organization.id +} + +output "name" { + value = github_enterprise_organization.organization.name +} \ No newline at end of file diff --git a/modules/enterprise-organization/variables.tf b/modules/enterprise-organization/variables.tf new file mode 100644 index 0000000..1be3d95 --- /dev/null +++ b/modules/enterprise-organization/variables.tf @@ -0,0 +1,31 @@ +variable "enterprise_id" { + type = string + description = "The id of the enterprise account to create the organization under." +} + +variable "name" { + type = string + description = "The name of the organization to create." +} + +variable "display_name" { + type = string + description = "The display name of the organization. If set to an empty string then `name` will be used instead" + default = "" +} + +variable "description" { + type = string + description = "The description of the organization." + default = "" +} + +variable "billing_email" { + type = string + description = "The email to use for the organizations billing." +} + +variable "admin_logins" { + type = list(string) + description = "List of organization owner usernames." +} diff --git a/modules/foundations-github-organization/versions.tf b/modules/enterprise-organization/versions.tf similarity index 67% rename from modules/foundations-github-organization/versions.tf rename to modules/enterprise-organization/versions.tf index ac486db..964b37f 100644 --- a/modules/foundations-github-organization/versions.tf +++ b/modules/enterprise-organization/versions.tf @@ -4,7 +4,6 @@ terraform { github = { source = "hashicorp/github" version = "5.44.0" - configuration_aliases = [github.enterprise_scoped, github.foundation_org_scoped] } } } diff --git a/modules/foundations-github-organization/organization.tf b/modules/foundations-github-organization/organization.tf deleted file mode 100644 index c5a710e..0000000 --- a/modules/foundations-github-organization/organization.tf +++ /dev/null @@ -1,11 +0,0 @@ -resource "github_enterprise_organization" "github-foundations" { - provider = github.enterprise_scoped - - enterprise_id = var.enterprise_id - name = var.github_foundations_organization_name - display_name = "Github Foundations" - description = "Organization created to host github foundation toolkit repositories" - billing_email = var.billing_email - admin_logins = var.admin_logins -} - diff --git a/modules/foundations-github-organization/README.md b/modules/github-foundations/README.md similarity index 100% rename from modules/foundations-github-organization/README.md rename to modules/github-foundations/README.md diff --git a/modules/foundations-github-organization/action-variables.tf b/modules/github-foundations/action-variables.tf similarity index 87% rename from modules/foundations-github-organization/action-variables.tf rename to modules/github-foundations/action-variables.tf index c34eee7..ad39345 100644 --- a/modules/foundations-github-organization/action-variables.tf +++ b/modules/github-foundations/action-variables.tf @@ -1,22 +1,16 @@ resource "github_actions_secret" "organization_workload_identity_sa" { - provider = github.foundation_org_scoped - repository = github_repository.organizations_repo.name secret_name = "GCP_SERVICE_ACCOUNT" plaintext_value = var.organization_workload_identity_sa } resource "github_actions_variable" "gcp_secret_manager_project_id" { - provider = github.foundation_org_scoped - repository = github_repository.organizations_repo.name variable_name = "GCP_SECRET_MANAGER_PROJECT" value = var.gcp_project_id } resource "github_actions_organization_secret" "workload_identity_provider" { - provider = github.foundation_org_scoped - secret_name = "WORKLOAD_IDENTITY_PROVIDER" plaintext_value = var.workload_identity_provider_name visibility = "selected" @@ -27,8 +21,6 @@ resource "github_actions_organization_secret" "workload_identity_provider" { } resource "github_actions_organization_variable" "tf_state_bucket_project_id" { - provider = github.foundation_org_scoped - variable_name = "TF_STATE_BUCKET_PROJECT_ID" value = var.gcp_tf_state_bucket_project_id visibility = "selected" @@ -39,8 +31,6 @@ resource "github_actions_organization_variable" "tf_state_bucket_project_id" { } resource "github_actions_organization_variable" "tf_state_bucket_name" { - provider = github.foundation_org_scoped - variable_name = "TF_STATE_BUCKET_NAME" value = var.bucket_name visibility = "selected" @@ -51,8 +41,6 @@ resource "github_actions_organization_variable" "tf_state_bucket_name" { } resource "github_actions_organization_variable" "tf_state_bucket_location" { - provider = github.foundation_org_scoped - variable_name = "TF_STATE_BUCKET_LOCATION" value = var.bucket_location visibility = "selected" diff --git a/modules/github-foundations/organization.tf b/modules/github-foundations/organization.tf new file mode 100644 index 0000000..5d2fd86 --- /dev/null +++ b/modules/github-foundations/organization.tf @@ -0,0 +1,11 @@ +# resource "github_enterprise_organization" "github-foundations" { +# provider = github.enterprise_scoped + +# enterprise_id = var.enterprise_id +# name = var.github_foundations_organization_name +# display_name = "Github Foundations" +# description = "Organization created to host github foundation toolkit repositories" +# billing_email = var.billing_email +# admin_logins = var.admin_logins +# } + diff --git a/modules/foundations-github-organization/outputs.tf b/modules/github-foundations/outputs.tf similarity index 100% rename from modules/foundations-github-organization/outputs.tf rename to modules/github-foundations/outputs.tf diff --git a/modules/foundations-github-organization/repo_readme.tf b/modules/github-foundations/repo_readme.tf similarity index 100% rename from modules/foundations-github-organization/repo_readme.tf rename to modules/github-foundations/repo_readme.tf index 66b5b79..2b2ef07 100644 --- a/modules/foundations-github-organization/repo_readme.tf +++ b/modules/github-foundations/repo_readme.tf @@ -5,8 +5,8 @@ data "local_file" "main_readme" { resource "github_repository_file" "main_readme" { # Only create this when the readme filename is not empty count = var.readme_path != "" ? 1 : 0 + depends_on = [github_repository.organizations_repo] repository = github_repository.organizations_repo.name file = "README.md" content = data.local_file.main_readme.content - depends_on = [github_repository.organizations_repo] } \ No newline at end of file diff --git a/modules/foundations-github-organization/repositories.tf b/modules/github-foundations/repositories.tf similarity index 82% rename from modules/foundations-github-organization/repositories.tf rename to modules/github-foundations/repositories.tf index 1dbf92c..32924f2 100644 --- a/modules/foundations-github-organization/repositories.tf +++ b/modules/github-foundations/repositories.tf @@ -4,11 +4,7 @@ locals { #Creates the repository for the bootstrap layer resource "github_repository" "bootstrap_repo" { - provider = github.foundation_org_scoped - #TODO: figure out what seems to be a race condition between repository creation and organization creation - depends_on = [github_enterprise_organization.github-foundations] - - name = "bootstrap" + name = var.bootstrap_repository_name description = "The repository for the bootstrap layer of the foundations. This repository contains the Terraform code to setup the github organization for the foundation repositories, create the GCP project, the GCP service account, the GCP secret manager secrets, and the GCP storage bucket for the state files." visibility = "private" @@ -19,7 +15,6 @@ resource "github_repository" "bootstrap_repo" { } resource "github_repository_collaborators" "bootstrap_repo_collaborators" { - provider = github.foundation_org_scoped repository = github_repository.bootstrap_repo.name team { @@ -29,8 +24,6 @@ resource "github_repository_collaborators" "bootstrap_repo_collaborators" { } resource "github_branch_protection" "protect_bootstrap_main" { - provider = github.foundation_org_scoped - repository_id = github_repository.bootstrap_repo.id pattern = "main" @@ -52,10 +45,7 @@ resource "github_branch_protection" "protect_bootstrap_main" { #Creates the repository for the organizations layer resource "github_repository" "organizations_repo" { - provider = github.foundation_org_scoped - depends_on = [github_enterprise_organization.github-foundations] - - name = "organizations" + name = var.organizations_repository_name description = "The repository for the organizations layer of the foundations. This repository contains the Terraform code to manage github organizations under the enterprise account and their repositories, teams, and members." visibility = "private" @@ -67,7 +57,6 @@ resource "github_repository" "organizations_repo" { } resource "github_repository_collaborators" "organization_repo_collaborators" { - provider = github.foundation_org_scoped repository = github_repository.organizations_repo.name team { @@ -78,8 +67,6 @@ resource "github_repository_collaborators" "organization_repo_collaborators" { resource "github_branch_protection" "protect_organization_main" { - provider = github.foundation_org_scoped - repository_id = github_repository.organizations_repo.id pattern = "main" @@ -100,7 +87,6 @@ resource "github_branch_protection" "protect_organization_main" { resource "github_issue_labels" "drift_labels" { for_each = { for idx, val in local.repos_with_drift_detection : idx => val } - provider = github.foundation_org_scoped repository = each.value.name diff --git a/modules/foundations-github-organization/teams.tf b/modules/github-foundations/teams.tf similarity index 66% rename from modules/foundations-github-organization/teams.tf rename to modules/github-foundations/teams.tf index 9511724..4954898 100644 --- a/modules/foundations-github-organization/teams.tf +++ b/modules/github-foundations/teams.tf @@ -1,7 +1,5 @@ resource "github_team" "foundation_devs" { - provider = github.foundation_org_scoped - - name = "foundation-devs" + name = var.foundation_devs_team_name description = "Team members with write access to the foundation repositories" privacy = "closed" } diff --git a/modules/foundations-github-organization/variables.tf b/modules/github-foundations/variables.tf similarity index 70% rename from modules/foundations-github-organization/variables.tf rename to modules/github-foundations/variables.tf index deb508f..25b66fb 100644 --- a/modules/foundations-github-organization/variables.tf +++ b/modules/github-foundations/variables.tf @@ -1,23 +1,3 @@ -variable "enterprise_id" { - type = string - description = "The id of the enterprise account to create the organization under." -} - -variable "github_foundations_organization_name" { - type = string - description = "The name of the organization to create." -} - -variable "billing_email" { - type = string - description = "The email to use for the organizations billing." -} - -variable "admin_logins" { - type = list(string) - description = "List of organization owner usernames." -} - variable "workload_identity_provider_name" { type = string description = "The name of the workload identity provider to use for the oidc of the github foundation repositories." @@ -58,4 +38,22 @@ variable "readme_path" { type = string description = "Local Path to the README file in your current codebase. Pushed to the github foundation repository." default = "" +} + +variable "bootstrap_repository_name" { + type = string + description = "The name of the bootstrap repository." + default = "bootstrap" +} + +variable "organizations_repository_name" { + type = string + description = "The name of the organizations repository." + default = "organizations" +} + +variable "foundation_devs_team_name" { + type = string + description = "The name of the foundation developers team." + default = "foundation-devs" } \ No newline at end of file diff --git a/modules/github-foundations/versions.tf b/modules/github-foundations/versions.tf new file mode 100644 index 0000000..964b37f --- /dev/null +++ b/modules/github-foundations/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.3" + required_providers { + github = { + source = "hashicorp/github" + version = "5.44.0" + } + } +} From 5f3bd62f05520423bae41a29f79d58f036b4f867 Mon Sep 17 00:00:00 2001 From: Tyler Mizuyabu Date: Fri, 15 Mar 2024 10:05:53 -0400 Subject: [PATCH 02/16] added count to data source --- modules/github-foundations/repo_readme.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/github-foundations/repo_readme.tf b/modules/github-foundations/repo_readme.tf index 2b2ef07..a359f71 100644 --- a/modules/github-foundations/repo_readme.tf +++ b/modules/github-foundations/repo_readme.tf @@ -1,4 +1,5 @@ data "local_file" "main_readme" { + count = var.readme_path != "" ? 1 : 0 filename = var.readme_path } @@ -8,5 +9,5 @@ resource "github_repository_file" "main_readme" { depends_on = [github_repository.organizations_repo] repository = github_repository.organizations_repo.name file = "README.md" - content = data.local_file.main_readme.content + content = data.local_file.main_readme[0].content } \ No newline at end of file From d3f533cb87b269ec8bc27fa08513f2a69d3328e3 Mon Sep 17 00:00:00 2001 From: Tyler Mizuyabu Date: Fri, 15 Mar 2024 10:41:26 -0400 Subject: [PATCH 03/16] fmted, added rulesets instead of branch protection, removed useless variable --- modules/enterprise-organization/versions.tf | 4 +- modules/github-foundations/repo_readme.tf | 2 +- modules/github-foundations/repositories.tf | 57 ++---- modules/github-foundations/rulesets.tf | 43 ++++ modules/github-foundations/variables.tf | 12 +- modules/github-foundations/versions.tf | 4 +- modules/organization/variables.tf | 2 +- modules/repository_base/rulesets.tf | 4 +- modules/ruleset/repository_ruleset.tf | 2 +- modules/ruleset/variables.tf | 211 +++++++++----------- 10 files changed, 173 insertions(+), 168 deletions(-) create mode 100644 modules/github-foundations/rulesets.tf diff --git a/modules/enterprise-organization/versions.tf b/modules/enterprise-organization/versions.tf index 964b37f..d64c9b6 100644 --- a/modules/enterprise-organization/versions.tf +++ b/modules/enterprise-organization/versions.tf @@ -2,8 +2,8 @@ terraform { required_version = ">= 1.3" required_providers { github = { - source = "hashicorp/github" - version = "5.44.0" + source = "hashicorp/github" + version = "5.44.0" } } } diff --git a/modules/github-foundations/repo_readme.tf b/modules/github-foundations/repo_readme.tf index a359f71..9210ca5 100644 --- a/modules/github-foundations/repo_readme.tf +++ b/modules/github-foundations/repo_readme.tf @@ -1,5 +1,5 @@ data "local_file" "main_readme" { - count = var.readme_path != "" ? 1 : 0 + count = var.readme_path != "" ? 1 : 0 filename = var.readme_path } diff --git a/modules/github-foundations/repositories.tf b/modules/github-foundations/repositories.tf index 32924f2..dfa9abc 100644 --- a/modules/github-foundations/repositories.tf +++ b/modules/github-foundations/repositories.tf @@ -12,6 +12,12 @@ resource "github_repository" "bootstrap_repo" { auto_init = true delete_branch_on_merge = true vulnerability_alerts = true + + lifecycle { + ignore_changes = [ + auto_init + ] + } } resource "github_repository_collaborators" "bootstrap_repo_collaborators" { @@ -23,26 +29,6 @@ resource "github_repository_collaborators" "bootstrap_repo_collaborators" { } } -resource "github_branch_protection" "protect_bootstrap_main" { - repository_id = github_repository.bootstrap_repo.id - - pattern = "main" - enforce_admins = true - allows_deletions = false - - # TODO: Add a required check for the terrafom apply workflow - required_status_checks { - strict = true - } - - required_pull_request_reviews { - dismiss_stale_reviews = true - restrict_dismissals = true - required_approving_review_count = 1 - require_last_push_approval = true - } -} - #Creates the repository for the organizations layer resource "github_repository" "organizations_repo" { name = var.organizations_repository_name @@ -54,6 +40,12 @@ resource "github_repository" "organizations_repo" { delete_branch_on_merge = true vulnerability_alerts = true has_issues = true + + lifecycle { + ignore_changes = [ + auto_init + ] + } } resource "github_repository_collaborators" "organization_repo_collaborators" { @@ -65,26 +57,6 @@ resource "github_repository_collaborators" "organization_repo_collaborators" { } } - -resource "github_branch_protection" "protect_organization_main" { - repository_id = github_repository.organizations_repo.id - - pattern = "main" - enforce_admins = true - allows_deletions = false - - required_status_checks { - strict = true - } - - required_pull_request_reviews { - dismiss_stale_reviews = true - restrict_dismissals = true - required_approving_review_count = 1 - require_last_push_approval = true - } -} - resource "github_issue_labels" "drift_labels" { for_each = { for idx, val in local.repos_with_drift_detection : idx => val } @@ -99,4 +71,9 @@ resource "github_issue_labels" "drift_labels" { name = "Re-Apply" color = "0800FF" } + + label { + color = "ededed" + name = "Drift" + } } diff --git a/modules/github-foundations/rulesets.tf b/modules/github-foundations/rulesets.tf new file mode 100644 index 0000000..cf4b152 --- /dev/null +++ b/modules/github-foundations/rulesets.tf @@ -0,0 +1,43 @@ +module "base_ruleset" { + source = "../ruleset" + + name = "Foundation Repositories Base Ruleset" + enforcement = "active" + target = "branch" + ruleset_type = "organization" + + rules = { + pull_request = { + dismiss_stale_reviews_on_push = true + require_last_push_approval = true + required_approving_review_count = 1 + } + } + + ref_name_inclusions = ["~DEFAULT"] + repository_name_inclusions = [github_repository.bootstrap_repo.name, github_repository.organizations_repo.name] +} + +module "terraform_required_workflow_ruleset" { + source = "../ruleset" + + name = "Foundation Repositories Terraform Required Workflow Ruleset" + enforcement = "active" + target = "branch" + ruleset_type = "organization" + + rules = { + required_workflows = { + required_workflows = [ + { + repository_id = github_repository.organizations_repo.id + path = ".github/workflows/on-pull-and-push.yaml" + ref = "main" + } + ] + } + } + + ref_name_inclusions = ["~DEFAULT"] + repository_name_inclusions = [github_repository.organizations_repo.name] +} diff --git a/modules/github-foundations/variables.tf b/modules/github-foundations/variables.tf index 25b66fb..9a82faf 100644 --- a/modules/github-foundations/variables.tf +++ b/modules/github-foundations/variables.tf @@ -41,19 +41,19 @@ variable "readme_path" { } variable "bootstrap_repository_name" { - type = string + type = string description = "The name of the bootstrap repository." - default = "bootstrap" + default = "bootstrap" } variable "organizations_repository_name" { - type = string + type = string description = "The name of the organizations repository." - default = "organizations" + default = "organizations" } variable "foundation_devs_team_name" { - type = string + type = string description = "The name of the foundation developers team." - default = "foundation-devs" + default = "foundation-devs" } \ No newline at end of file diff --git a/modules/github-foundations/versions.tf b/modules/github-foundations/versions.tf index 964b37f..d64c9b6 100644 --- a/modules/github-foundations/versions.tf +++ b/modules/github-foundations/versions.tf @@ -2,8 +2,8 @@ terraform { required_version = ">= 1.3" required_providers { github = { - source = "hashicorp/github" - version = "5.44.0" + source = "hashicorp/github" + version = "5.44.0" } } } diff --git a/modules/organization/variables.tf b/modules/organization/variables.tf index 3708ac1..2a67723 100644 --- a/modules/organization/variables.tf +++ b/modules/organization/variables.tf @@ -166,7 +166,7 @@ variable "default_branch_protection_rulesets" { enforcement = string })) minimum_approvals = optional(object({ - enforcement = string + enforcement = string approvals_required = number })) dismiss_stale_reviews = optional(object({ diff --git a/modules/repository_base/rulesets.tf b/modules/repository_base/rulesets.tf index a199f5d..7fdfa52 100644 --- a/modules/repository_base/rulesets.tf +++ b/modules/repository_base/rulesets.tf @@ -96,6 +96,6 @@ module "ruleset" { integrations = try(each.value.bypass_actors.repository_roles, []) } - ref_name_inclusions = each.value.conditions.ref_name.include - ref_name_exclusions = each.value.conditions.ref_name.exclude + ref_name_inclusions = each.value.conditions.ref_name.include + ref_name_exclusions = each.value.conditions.ref_name.exclude } \ No newline at end of file diff --git a/modules/ruleset/repository_ruleset.tf b/modules/ruleset/repository_ruleset.tf index bcaa162..514edee 100644 --- a/modules/ruleset/repository_ruleset.tf +++ b/modules/ruleset/repository_ruleset.tf @@ -1,5 +1,5 @@ resource "github_repository_ruleset" "ruleset" { - count = var.ruleset_type == "repository" ? 1 : 0 + count = var.ruleset_type == "repository" ? 1 : 0 name = var.name target = var.target enforcement = var.enforcement diff --git a/modules/ruleset/variables.tf b/modules/ruleset/variables.tf index 1c245d9..d442c16 100644 --- a/modules/ruleset/variables.tf +++ b/modules/ruleset/variables.tf @@ -1,165 +1,150 @@ variable "name" { - type = string + type = string description = "The name of the ruleset." } variable "bypass_actors" { - type = object({ - repository_roles = optional(list(object({ - role_id = string - always_bypass = optional(bool) - }))) - teams = optional(list(object({ - team_id = string - always_bypass = optional(bool) - }))) - integrations = optional(list(object({ - installation_id = number - always_bypass = optional(bool) - }))) - organization_admins = optional(list(object({ - user_id = string - always_bypass = optional(bool) - }))) - }) - default = {} - description = "An object containing fields for role, team, organization admin, and integration bypass actors. Defaults to `{}`" + type = object({ + repository_roles = optional(list(object({ + role_id = string + always_bypass = optional(bool) + }))) + teams = optional(list(object({ + team_id = string + always_bypass = optional(bool) + }))) + integrations = optional(list(object({ + installation_id = number + always_bypass = optional(bool) + }))) + organization_admins = optional(list(object({ + user_id = string + always_bypass = optional(bool) + }))) + }) + default = {} + description = "An object containing fields for role, team, organization admin, and integration bypass actors. Defaults to `{}`" } variable "rules" { type = object({ - branch_name_pattern = optional(object({ - operator = string - pattern = string - name = optional(string) - negate = optional(bool) - })) - tag_name_pattern = optional(object({ - operator = string - pattern = string - name = optional(string) - negate = optional(bool) - })) - commit_author_email_pattern = optional(object({ - operator = string - pattern = string - name = optional(string) - negate = optional(bool) - })) - commit_message_pattern = optional(object({ - operator = string - pattern = string - name = optional(string) - negate = optional(bool) - })) - committer_email_pattern = optional(object({ - operator = string - pattern = string - name = optional(string) - negate = optional(bool) - })) - creation = optional(bool) - deletion = optional(bool) - update = optional(bool) - non_fast_forward = optional(bool) - required_linear_history = optional(bool) - required_signatures = optional(bool) - update_allows_fetch_and_merge = optional(bool) - pull_request = optional(object({ - dismiss_stale_reviews_on_push = optional(bool) - require_code_owner_review = optional(bool) - require_last_push_approval = optional(bool) - required_approving_review_count = optional(number) - required_review_thread_resolution = optional(bool) - })) - required_status_checks = optional(object({ - required_check = list(object({ - context = string - integration_id = optional(number) - })) - strict_required_status_check_policy = optional(bool) + branch_name_pattern = optional(object({ + operator = string + pattern = string + name = optional(string) + negate = optional(bool) + })) + tag_name_pattern = optional(object({ + operator = string + pattern = string + name = optional(string) + negate = optional(bool) + })) + commit_author_email_pattern = optional(object({ + operator = string + pattern = string + name = optional(string) + negate = optional(bool) + })) + commit_message_pattern = optional(object({ + operator = string + pattern = string + name = optional(string) + negate = optional(bool) + })) + committer_email_pattern = optional(object({ + operator = string + pattern = string + name = optional(string) + negate = optional(bool) + })) + creation = optional(bool) + deletion = optional(bool) + update = optional(bool) + non_fast_forward = optional(bool) + required_linear_history = optional(bool) + required_signatures = optional(bool) + update_allows_fetch_and_merge = optional(bool) + pull_request = optional(object({ + dismiss_stale_reviews_on_push = optional(bool) + require_code_owner_review = optional(bool) + require_last_push_approval = optional(bool) + required_approving_review_count = optional(number) + required_review_thread_resolution = optional(bool) + })) + required_status_checks = optional(object({ + required_check = list(object({ + context = string + integration_id = optional(number) })) - required_workflows = optional(object({ - required_workflows = list(object({ - repository_id = number - path = string - ref = optional(string) - })) + strict_required_status_check_policy = optional(bool) + })) + required_workflows = optional(object({ + required_workflows = list(object({ + repository_id = number + path = string + ref = optional(string) })) - required_deployment_environments = optional(list(string)) - }) + })) + required_deployment_environments = optional(list(string)) + }) description = "An object containing fields for all the rule definitions the ruleset should enforce." } variable "ref_name_inclusions" { - type = list(string) + type = list(string) description = "A list of ref names or patterns to include. Defaults to an empty list. If set and `ruleset_type` is set to `organization` then either `repository_name_inclusions` or `repository_name_exclusions` must be set to a list of atleast 1 string." - default = [] + default = [] } variable "ref_name_exclusions" { - type = list(string) + type = list(string) description = "A list of ref names or patterns to exclude. Defaults to an empty list. If set and `ruleset_type` is set to `organization` then either `repository_name_inclusions` or `repository_name_exclusions` must be set to a list of atleast 1 string." - default = [] + default = [] } variable "repository_name_inclusions" { - type = list(string) + type = list(string) description = "A list of repository names or patterns to include. If `ruleset_type` is set to `repository` then this field is ignored." - default = [] + default = [] } variable "repository_name_exclusions" { - type = list(string) + type = list(string) description = "A list of repository names or patterns to exclude. If `ruleset_type` is set to `repository` then this field is ignored." - default = [] -} - -variable "conditions" { - type = object({ - ref_name = optional(object({ - include = list(string) - exclude = list(string) - })) - repository_name = optional(object({ - include = list(string) - exclude = list(string) - })) - }) - description = "An object that describes what branches and repositories the ruleset should apply to. If `ruleset_type` is set to `repository` then this field is optional and repository_name is ignored." - default = {} + default = [] } variable "target" { - type = string + type = string description = "The target of the ruleset. Should be one of either `branch` or `tag`." validation { - condition = can(regex("branch|tag", var.target)) + condition = can(regex("branch|tag", var.target)) error_message = "The target must be either `branch` or `tag`." } } variable "ruleset_type" { - type = string + type = string description = "The type of rulset to make. Should be one of ether `organization` or `repository`." validation { - condition = can(regex("organization|repository", var.ruleset_type)) + condition = can(regex("organization|repository", var.ruleset_type)) error_message = "The ruleset type must be either `organization` or `repository`." } } - + variable "enforcement" { - type = string + type = string description = "The enforcement level of the ruleset. Should be one of either `active`, `evaluate` or `disabled`. Defaults to `active`" - default = "active" + default = "active" validation { - condition = can(regex("active|evaluate|disabled", var.enforcement)) + condition = can(regex("active|evaluate|disabled", var.enforcement)) error_message = "The enforcement level must be either `active`, `evaluate` or `disabled`." } } variable "repository" { - type = string + type = string description = "The repository to create the ruleset under. Only applicable if `ruleset_type` is set to `repository`. Defaults to \"\"" - default = "" -} \ No newline at end of file + default = "" +} From da6b446ed1a503b511a888cc61267bf846400dbe Mon Sep 17 00:00:00 2001 From: Tyler Mizuyabu Date: Fri, 15 Mar 2024 10:43:11 -0400 Subject: [PATCH 04/16] have to use repo_id --- modules/github-foundations/rulesets.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/github-foundations/rulesets.tf b/modules/github-foundations/rulesets.tf index cf4b152..3d4a25d 100644 --- a/modules/github-foundations/rulesets.tf +++ b/modules/github-foundations/rulesets.tf @@ -30,7 +30,7 @@ module "terraform_required_workflow_ruleset" { required_workflows = { required_workflows = [ { - repository_id = github_repository.organizations_repo.id + repository_id = github_repository.organizations_repo.repo_id path = ".github/workflows/on-pull-and-push.yaml" ref = "main" } From 714c988c1465bac6b8dfdad418ef91bad60e6e2b Mon Sep 17 00:00:00 2001 From: Tyler Mizuyabu Date: Fri, 15 Mar 2024 10:48:24 -0400 Subject: [PATCH 05/16] deleted unused file and added double slashes --- modules/github-foundations/organization.tf | 11 ----------- modules/github-foundations/rulesets.tf | 4 ++-- 2 files changed, 2 insertions(+), 13 deletions(-) delete mode 100644 modules/github-foundations/organization.tf diff --git a/modules/github-foundations/organization.tf b/modules/github-foundations/organization.tf deleted file mode 100644 index 5d2fd86..0000000 --- a/modules/github-foundations/organization.tf +++ /dev/null @@ -1,11 +0,0 @@ -# resource "github_enterprise_organization" "github-foundations" { -# provider = github.enterprise_scoped - -# enterprise_id = var.enterprise_id -# name = var.github_foundations_organization_name -# display_name = "Github Foundations" -# description = "Organization created to host github foundation toolkit repositories" -# billing_email = var.billing_email -# admin_logins = var.admin_logins -# } - diff --git a/modules/github-foundations/rulesets.tf b/modules/github-foundations/rulesets.tf index 3d4a25d..bb7009c 100644 --- a/modules/github-foundations/rulesets.tf +++ b/modules/github-foundations/rulesets.tf @@ -1,5 +1,5 @@ module "base_ruleset" { - source = "../ruleset" + source = "..//ruleset" name = "Foundation Repositories Base Ruleset" enforcement = "active" @@ -19,7 +19,7 @@ module "base_ruleset" { } module "terraform_required_workflow_ruleset" { - source = "../ruleset" + source = "..//ruleset" name = "Foundation Repositories Terraform Required Workflow Ruleset" enforcement = "active" From c8fe114348f10b7c4464ed05c51163ea1bdd3d31 Mon Sep 17 00:00:00 2001 From: Tyler Mizuyabu Date: Fri, 15 Mar 2024 10:51:24 -0400 Subject: [PATCH 06/16] I shouldn't have to do this --- modules/github-foundations/rulesets.tf | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/github-foundations/rulesets.tf b/modules/github-foundations/rulesets.tf index bb7009c..150b21a 100644 --- a/modules/github-foundations/rulesets.tf +++ b/modules/github-foundations/rulesets.tf @@ -1,5 +1,8 @@ module "base_ruleset" { source = "..//ruleset" + providers = { + github = github + } name = "Foundation Repositories Base Ruleset" enforcement = "active" @@ -20,7 +23,10 @@ module "base_ruleset" { module "terraform_required_workflow_ruleset" { source = "..//ruleset" - + providers = { + github = github + } + name = "Foundation Repositories Terraform Required Workflow Ruleset" enforcement = "active" target = "branch" From 27238cc608521971dcb5b9319272a2bd584cb406 Mon Sep 17 00:00:00 2001 From: Tyler Mizuyabu Date: Fri, 15 Mar 2024 10:52:48 -0400 Subject: [PATCH 07/16] changing provider source --- modules/enterprise-organization/versions.tf | 2 +- modules/github-foundations/rulesets.tf | 12 +++--------- modules/github-foundations/versions.tf | 2 +- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/modules/enterprise-organization/versions.tf b/modules/enterprise-organization/versions.tf index d64c9b6..a558aac 100644 --- a/modules/enterprise-organization/versions.tf +++ b/modules/enterprise-organization/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 1.3" required_providers { github = { - source = "hashicorp/github" + source = "integrations/github" version = "5.44.0" } } diff --git a/modules/github-foundations/rulesets.tf b/modules/github-foundations/rulesets.tf index 150b21a..3d4a25d 100644 --- a/modules/github-foundations/rulesets.tf +++ b/modules/github-foundations/rulesets.tf @@ -1,8 +1,5 @@ module "base_ruleset" { - source = "..//ruleset" - providers = { - github = github - } + source = "../ruleset" name = "Foundation Repositories Base Ruleset" enforcement = "active" @@ -22,11 +19,8 @@ module "base_ruleset" { } module "terraform_required_workflow_ruleset" { - source = "..//ruleset" - providers = { - github = github - } - + source = "../ruleset" + name = "Foundation Repositories Terraform Required Workflow Ruleset" enforcement = "active" target = "branch" diff --git a/modules/github-foundations/versions.tf b/modules/github-foundations/versions.tf index d64c9b6..a558aac 100644 --- a/modules/github-foundations/versions.tf +++ b/modules/github-foundations/versions.tf @@ -2,7 +2,7 @@ terraform { required_version = ">= 1.3" required_providers { github = { - source = "hashicorp/github" + source = "integrations/github" version = "5.44.0" } } From cde9508dfa8e773ae08350de20325e83097a1a9b Mon Sep 17 00:00:00 2001 From: Tyler Mizuyabu Date: Fri, 15 Mar 2024 10:55:29 -0400 Subject: [PATCH 08/16] upgraded everyone to v6.1.0 --- modules/enterprise-organization/versions.tf | 2 +- modules/github-foundations/versions.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/enterprise-organization/versions.tf b/modules/enterprise-organization/versions.tf index a558aac..95d7d87 100644 --- a/modules/enterprise-organization/versions.tf +++ b/modules/enterprise-organization/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { github = { source = "integrations/github" - version = "5.44.0" + version = "6.1.0" } } } diff --git a/modules/github-foundations/versions.tf b/modules/github-foundations/versions.tf index a558aac..95d7d87 100644 --- a/modules/github-foundations/versions.tf +++ b/modules/github-foundations/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { github = { source = "integrations/github" - version = "5.44.0" + version = "6.1.0" } } } From 0cca25f4b07ea71a64b5521ea64372a0e40dc1bc Mon Sep 17 00:00:00 2001 From: Tyler Mizuyabu Date: Fri, 15 Mar 2024 10:57:22 -0400 Subject: [PATCH 09/16] changed version to use greater than --- modules/enterprise-organization/versions.tf | 2 +- modules/github-foundations/versions.tf | 2 +- modules/organization/versions.tf | 2 +- modules/private_repository/versions.tf | 2 +- modules/public_repository/versions.tf | 2 +- modules/repository_base/versions.tf | 2 +- modules/repository_set/versions.tf | 2 +- modules/ruleset/versions.tf | 2 +- modules/team/versions.tf | 2 +- modules/team_set/versions.tf | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/enterprise-organization/versions.tf b/modules/enterprise-organization/versions.tf index 95d7d87..bb0a0bb 100644 --- a/modules/enterprise-organization/versions.tf +++ b/modules/enterprise-organization/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { github = { source = "integrations/github" - version = "6.1.0" + version = "~> 6.0" } } } diff --git a/modules/github-foundations/versions.tf b/modules/github-foundations/versions.tf index 95d7d87..bb0a0bb 100644 --- a/modules/github-foundations/versions.tf +++ b/modules/github-foundations/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { github = { source = "integrations/github" - version = "6.1.0" + version = "~> 6.0" } } } diff --git a/modules/organization/versions.tf b/modules/organization/versions.tf index d32b1bb..e58f121 100644 --- a/modules/organization/versions.tf +++ b/modules/organization/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { github = { source = "integrations/github" - version = "6.1.0" + version = "~> 6.0" } } } \ No newline at end of file diff --git a/modules/private_repository/versions.tf b/modules/private_repository/versions.tf index d32b1bb..e58f121 100644 --- a/modules/private_repository/versions.tf +++ b/modules/private_repository/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { github = { source = "integrations/github" - version = "6.1.0" + version = "~> 6.0" } } } \ No newline at end of file diff --git a/modules/public_repository/versions.tf b/modules/public_repository/versions.tf index d32b1bb..e58f121 100644 --- a/modules/public_repository/versions.tf +++ b/modules/public_repository/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { github = { source = "integrations/github" - version = "6.1.0" + version = "~> 6.0" } } } \ No newline at end of file diff --git a/modules/repository_base/versions.tf b/modules/repository_base/versions.tf index d32b1bb..e58f121 100644 --- a/modules/repository_base/versions.tf +++ b/modules/repository_base/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { github = { source = "integrations/github" - version = "6.1.0" + version = "~> 6.0" } } } \ No newline at end of file diff --git a/modules/repository_set/versions.tf b/modules/repository_set/versions.tf index d32b1bb..e58f121 100644 --- a/modules/repository_set/versions.tf +++ b/modules/repository_set/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { github = { source = "integrations/github" - version = "6.1.0" + version = "~> 6.0" } } } \ No newline at end of file diff --git a/modules/ruleset/versions.tf b/modules/ruleset/versions.tf index d32b1bb..e58f121 100644 --- a/modules/ruleset/versions.tf +++ b/modules/ruleset/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { github = { source = "integrations/github" - version = "6.1.0" + version = "~> 6.0" } } } \ No newline at end of file diff --git a/modules/team/versions.tf b/modules/team/versions.tf index d32b1bb..e58f121 100644 --- a/modules/team/versions.tf +++ b/modules/team/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { github = { source = "integrations/github" - version = "6.1.0" + version = "~> 6.0" } } } \ No newline at end of file diff --git a/modules/team_set/versions.tf b/modules/team_set/versions.tf index 95d7d87..bb0a0bb 100644 --- a/modules/team_set/versions.tf +++ b/modules/team_set/versions.tf @@ -3,7 +3,7 @@ terraform { required_providers { github = { source = "integrations/github" - version = "6.1.0" + version = "~> 6.0" } } } From 18a9b01174219e7467bd1369d3323becf3b8c221 Mon Sep 17 00:00:00 2001 From: Tyler Mizuyabu Date: Fri, 15 Mar 2024 11:04:20 -0400 Subject: [PATCH 10/16] default_branch not default --- modules/github-foundations/rulesets.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/github-foundations/rulesets.tf b/modules/github-foundations/rulesets.tf index 3d4a25d..3a7842d 100644 --- a/modules/github-foundations/rulesets.tf +++ b/modules/github-foundations/rulesets.tf @@ -14,7 +14,7 @@ module "base_ruleset" { } } - ref_name_inclusions = ["~DEFAULT"] + ref_name_inclusions = ["~DEFAULT_BRANCH"] repository_name_inclusions = [github_repository.bootstrap_repo.name, github_repository.organizations_repo.name] } @@ -38,6 +38,6 @@ module "terraform_required_workflow_ruleset" { } } - ref_name_inclusions = ["~DEFAULT"] + ref_name_inclusions = ["~DEFAULT_BRANCH"] repository_name_inclusions = [github_repository.organizations_repo.name] } From 19e1f93ee45f7f9ff8d0f871b4d538c115a895af Mon Sep 17 00:00:00 2001 From: Tyler Mizuyabu Date: Fri, 15 Mar 2024 11:07:33 -0400 Subject: [PATCH 11/16] does it not like repo_id? --- modules/github-foundations/rulesets.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/github-foundations/rulesets.tf b/modules/github-foundations/rulesets.tf index 3a7842d..b6d396b 100644 --- a/modules/github-foundations/rulesets.tf +++ b/modules/github-foundations/rulesets.tf @@ -30,7 +30,7 @@ module "terraform_required_workflow_ruleset" { required_workflows = { required_workflows = [ { - repository_id = github_repository.organizations_repo.repo_id + repository_id = 752018946 path = ".github/workflows/on-pull-and-push.yaml" ref = "main" } From 3762dca40a4b839275f27d6fc02af5976837307e Mon Sep 17 00:00:00 2001 From: Tyler Mizuyabu Date: Fri, 15 Mar 2024 11:10:10 -0400 Subject: [PATCH 12/16] Revert "does it not like repo_id?" This reverts commit 19e1f93ee45f7f9ff8d0f871b4d538c115a895af. --- modules/github-foundations/rulesets.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/github-foundations/rulesets.tf b/modules/github-foundations/rulesets.tf index b6d396b..3a7842d 100644 --- a/modules/github-foundations/rulesets.tf +++ b/modules/github-foundations/rulesets.tf @@ -30,7 +30,7 @@ module "terraform_required_workflow_ruleset" { required_workflows = { required_workflows = [ { - repository_id = 752018946 + repository_id = github_repository.organizations_repo.repo_id path = ".github/workflows/on-pull-and-push.yaml" ref = "main" } From 45c9c1c5848d4714a0676221a877bdf5411f92a2 Mon Sep 17 00:00:00 2001 From: Tyler Mizuyabu Date: Fri, 15 Mar 2024 11:11:21 -0400 Subject: [PATCH 13/16] is main actually master? --- modules/github-foundations/repositories.tf | 4 ++-- modules/github-foundations/rulesets.tf | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/github-foundations/repositories.tf b/modules/github-foundations/repositories.tf index dfa9abc..7a3e95e 100644 --- a/modules/github-foundations/repositories.tf +++ b/modules/github-foundations/repositories.tf @@ -25,7 +25,7 @@ resource "github_repository_collaborators" "bootstrap_repo_collaborators" { team { permission = "push" - team_id = github_team.foundation_devs.id + team_id = github_team.foundation_devs.name } } @@ -53,7 +53,7 @@ resource "github_repository_collaborators" "organization_repo_collaborators" { team { permission = "push" - team_id = github_team.foundation_devs.id + team_id = github_team.foundation_devs.name } } diff --git a/modules/github-foundations/rulesets.tf b/modules/github-foundations/rulesets.tf index 3a7842d..dc9984a 100644 --- a/modules/github-foundations/rulesets.tf +++ b/modules/github-foundations/rulesets.tf @@ -32,7 +32,6 @@ module "terraform_required_workflow_ruleset" { { repository_id = github_repository.organizations_repo.repo_id path = ".github/workflows/on-pull-and-push.yaml" - ref = "main" } ] } From 75520de56248778871204fe53efedd360dc3c2ba Mon Sep 17 00:00:00 2001 From: Tyler Mizuyabu Date: Fri, 15 Mar 2024 11:14:53 -0400 Subject: [PATCH 14/16] I have to explicitly set master --- modules/github-foundations/rulesets.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/github-foundations/rulesets.tf b/modules/github-foundations/rulesets.tf index dc9984a..56b2e31 100644 --- a/modules/github-foundations/rulesets.tf +++ b/modules/github-foundations/rulesets.tf @@ -32,6 +32,7 @@ module "terraform_required_workflow_ruleset" { { repository_id = github_repository.organizations_repo.repo_id path = ".github/workflows/on-pull-and-push.yaml" + ref = "master" } ] } From 216e5815f4d3925bc7ca85feac6ce2500ca8fe15 Mon Sep 17 00:00:00 2001 From: Tyler Mizuyabu Date: Fri, 15 Mar 2024 13:24:08 -0400 Subject: [PATCH 15/16] removing this ruleset for now --- modules/github-foundations/rulesets.tf | 26 +------------------------- 1 file changed, 1 insertion(+), 25 deletions(-) diff --git a/modules/github-foundations/rulesets.tf b/modules/github-foundations/rulesets.tf index 56b2e31..22fbadf 100644 --- a/modules/github-foundations/rulesets.tf +++ b/modules/github-foundations/rulesets.tf @@ -16,28 +16,4 @@ module "base_ruleset" { ref_name_inclusions = ["~DEFAULT_BRANCH"] repository_name_inclusions = [github_repository.bootstrap_repo.name, github_repository.organizations_repo.name] -} - -module "terraform_required_workflow_ruleset" { - source = "../ruleset" - - name = "Foundation Repositories Terraform Required Workflow Ruleset" - enforcement = "active" - target = "branch" - ruleset_type = "organization" - - rules = { - required_workflows = { - required_workflows = [ - { - repository_id = github_repository.organizations_repo.repo_id - path = ".github/workflows/on-pull-and-push.yaml" - ref = "master" - } - ] - } - } - - ref_name_inclusions = ["~DEFAULT_BRANCH"] - repository_name_inclusions = [github_repository.organizations_repo.name] -} +} \ No newline at end of file From f69d2c79f228e776172c4eb2b0a4a19ef7f08921 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 15 Mar 2024 17:32:18 +0000 Subject: [PATCH 16/16] terraform-docs: automated action --- modules/enterprise-organization/README.md | 40 ++++++++++++++++++++ modules/github-foundations/README.md | 46 +++++++++++------------ modules/organization/README.md | 32 ++++++++-------- modules/private_repository/README.md | 2 +- modules/public_repository/README.md | 2 +- modules/repository_base/README.md | 30 +++++++-------- modules/repository_set/README.md | 10 ++--- modules/ruleset/README.md | 13 +++---- modules/team/README.md | 10 ++--- modules/team_set/README.md | 2 +- 10 files changed, 111 insertions(+), 76 deletions(-) create mode 100644 modules/enterprise-organization/README.md diff --git a/modules/enterprise-organization/README.md b/modules/enterprise-organization/README.md new file mode 100644 index 0000000..b413c5c --- /dev/null +++ b/modules/enterprise-organization/README.md @@ -0,0 +1,40 @@ +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3 | +| [github](#requirement\_github) | ~> 6.0 | + +## Providers + +| Name | Version | +|------|---------| +| [github](#provider\_github) | ~> 6.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [github_enterprise_organization.organization](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/enterprise_organization) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [admin\_logins](#input\_admin\_logins) | List of organization owner usernames. | `list(string)` | n/a | yes | +| [billing\_email](#input\_billing\_email) | The email to use for the organizations billing. | `string` | n/a | yes | +| [description](#input\_description) | The description of the organization. | `string` | `""` | no | +| [display\_name](#input\_display\_name) | The display name of the organization. If set to an empty string then `name` will be used instead | `string` | `""` | no | +| [enterprise\_id](#input\_enterprise\_id) | The id of the enterprise account to create the organization under. | `string` | n/a | yes | +| [name](#input\_name) | The name of the organization to create. | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [id](#output\_id) | n/a | +| [name](#output\_name) | n/a | \ No newline at end of file diff --git a/modules/github-foundations/README.md b/modules/github-foundations/README.md index 97e355f..890204b 100644 --- a/modules/github-foundations/README.md +++ b/modules/github-foundations/README.md @@ -3,57 +3,53 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [github](#requirement\_github) | 5.44.0 | +| [github](#requirement\_github) | ~> 6.0 | ## Providers | Name | Version | |------|---------| -| [github](#provider\_github) | 5.44.0 | -| [github.enterprise\_scoped](#provider\_github.enterprise\_scoped) | 5.44.0 | -| [github.foundation\_org\_scoped](#provider\_github.foundation\_org\_scoped) | 5.44.0 | +| [github](#provider\_github) | ~> 6.0 | | [local](#provider\_local) | n/a | ## Modules -No modules. +| Name | Source | Version | +|------|--------|---------| +| [base\_ruleset](#module\_base\_ruleset) | ../ruleset | n/a | ## Resources | Name | Type | |------|------| -| [github_actions_organization_secret.workload_identity_provider](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_secret) | resource | -| [github_actions_organization_variable.tf_state_bucket_location](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_variable) | resource | -| [github_actions_organization_variable.tf_state_bucket_name](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_variable) | resource | -| [github_actions_organization_variable.tf_state_bucket_project_id](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_organization_variable) | resource | -| [github_actions_secret.organization_workload_identity_sa](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_secret) | resource | -| [github_actions_variable.gcp_secret_manager_project_id](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/actions_variable) | resource | -| [github_branch_protection.protect_bootstrap_main](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/branch_protection) | resource | -| [github_branch_protection.protect_organization_main](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/branch_protection) | resource | -| [github_enterprise_organization.github-foundations](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/enterprise_organization) | resource | -| [github_issue_labels.drift_labels](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/issue_labels) | resource | -| [github_repository.bootstrap_repo](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/repository) | resource | -| [github_repository.organizations_repo](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/repository) | resource | -| [github_repository_collaborators.bootstrap_repo_collaborators](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/repository_collaborators) | resource | -| [github_repository_collaborators.organization_repo_collaborators](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/repository_collaborators) | resource | -| [github_repository_file.main_readme](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/repository_file) | resource | -| [github_team.foundation_devs](https://registry.terraform.io/providers/hashicorp/github/5.44.0/docs/resources/team) | resource | +| [github_actions_organization_secret.workload_identity_provider](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_secret) | resource | +| [github_actions_organization_variable.tf_state_bucket_location](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_variable) | resource | +| [github_actions_organization_variable.tf_state_bucket_name](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_variable) | resource | +| [github_actions_organization_variable.tf_state_bucket_project_id](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_variable) | resource | +| [github_actions_secret.organization_workload_identity_sa](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource | +| [github_actions_variable.gcp_secret_manager_project_id](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_variable) | resource | +| [github_issue_labels.drift_labels](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/issue_labels) | resource | +| [github_repository.bootstrap_repo](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository) | resource | +| [github_repository.organizations_repo](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository) | resource | +| [github_repository_collaborators.bootstrap_repo_collaborators](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_collaborators) | resource | +| [github_repository_collaborators.organization_repo_collaborators](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_collaborators) | resource | +| [github_repository_file.main_readme](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_file) | resource | +| [github_team.foundation_devs](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team) | resource | | [local_file.main_readme](https://registry.terraform.io/providers/hashicorp/local/latest/docs/data-sources/file) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [admin\_logins](#input\_admin\_logins) | List of organization owner usernames. | `list(string)` | n/a | yes | -| [billing\_email](#input\_billing\_email) | The email to use for the organizations billing. | `string` | n/a | yes | +| [bootstrap\_repository\_name](#input\_bootstrap\_repository\_name) | The name of the bootstrap repository. | `string` | `"bootstrap"` | no | | [bootstrap\_workload\_identity\_sa](#input\_bootstrap\_workload\_identity\_sa) | The service account to use for the bootstrap repository oidc. | `string` | n/a | yes | | [bucket\_location](#input\_bucket\_location) | The location of the tf state bucket. | `string` | n/a | yes | | [bucket\_name](#input\_bucket\_name) | The name of the tf state bucket. | `string` | n/a | yes | -| [enterprise\_id](#input\_enterprise\_id) | The id of the enterprise account to create the organization under. | `string` | n/a | yes | +| [foundation\_devs\_team\_name](#input\_foundation\_devs\_team\_name) | The name of the foundation developers team. | `string` | `"foundation-devs"` | no | | [gcp\_project\_id](#input\_gcp\_project\_id) | The id of the gcp project where secret manager was setup. | `string` | n/a | yes | | [gcp\_tf\_state\_bucket\_project\_id](#input\_gcp\_tf\_state\_bucket\_project\_id) | The id of the gcp project where the tf state bucket was setup. | `string` | n/a | yes | -| [github\_foundations\_organization\_name](#input\_github\_foundations\_organization\_name) | The name of the organization to create. | `string` | n/a | yes | | [organization\_workload\_identity\_sa](#input\_organization\_workload\_identity\_sa) | The service account to use for the organization repository oidc. | `string` | n/a | yes | +| [organizations\_repository\_name](#input\_organizations\_repository\_name) | The name of the organizations repository. | `string` | `"organizations"` | no | | [readme\_path](#input\_readme\_path) | Local Path to the README file in your current codebase. Pushed to the github foundation repository. | `string` | `""` | no | | [workload\_identity\_provider\_name](#input\_workload\_identity\_provider\_name) | The name of the workload identity provider to use for the oidc of the github foundation repositories. | `string` | n/a | yes | diff --git a/modules/organization/README.md b/modules/organization/README.md index 6cee7f2..407378c 100644 --- a/modules/organization/README.md +++ b/modules/organization/README.md @@ -3,13 +3,13 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [github](#requirement\_github) | 6.1.0 | +| [github](#requirement\_github) | ~> 6.0 | ## Providers | Name | Version | |------|---------| -| [github](#provider\_github) | 6.1.0 | +| [github](#provider\_github) | ~> 6.0 | ## Modules @@ -25,19 +25,19 @@ | Name | Type | |------|------| -| [github_actions_organization_secret.action_secret](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/actions_organization_secret) | resource | -| [github_codespaces_organization_secret.codespace_secret](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/codespaces_organization_secret) | resource | -| [github_dependabot_organization_secret.dependabot_secret](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/dependabot_organization_secret) | resource | -| [github_membership.membership_for_user](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/membership) | resource | -| [github_organization_block.blocked_user](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/organization_block) | resource | -| [github_organization_custom_role.community_manager_role](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/organization_custom_role) | resource | -| [github_organization_custom_role.contractor_role](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/organization_custom_role) | resource | -| [github_organization_custom_role.custom_repository_role](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/organization_custom_role) | resource | -| [github_organization_custom_role.security_engineer_role](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/organization_custom_role) | resource | -| [github_organization_settings.organization_settings](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/organization_settings) | resource | -| [github_organization_custom_role.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/data-sources/organization_custom_role) | data source | -| [github_team.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/data-sources/team) | data source | -| [github_user.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/data-sources/user) | data source | +| [github_actions_organization_secret.action_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_secret) | resource | +| [github_codespaces_organization_secret.codespace_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/codespaces_organization_secret) | resource | +| [github_dependabot_organization_secret.dependabot_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/dependabot_organization_secret) | resource | +| [github_membership.membership_for_user](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/membership) | resource | +| [github_organization_block.blocked_user](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_block) | resource | +| [github_organization_custom_role.community_manager_role](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_custom_role) | resource | +| [github_organization_custom_role.contractor_role](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_custom_role) | resource | +| [github_organization_custom_role.custom_repository_role](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_custom_role) | resource | +| [github_organization_custom_role.security_engineer_role](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_custom_role) | resource | +| [github_organization_settings.organization_settings](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_settings) | resource | +| [github_organization_custom_role.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/organization_custom_role) | data source | +| [github_team.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/team) | data source | +| [github_user.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/user) | data source | ## Inputs @@ -46,7 +46,7 @@ | [actions\_secrets](#input\_actions\_secrets) | A map of organization-level GitHub Actions secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. | 
map(object({
    encrypted_value = string
    visibility      = string
  }))
| `{}` | no | | [codespaces\_secrets](#input\_codespaces\_secrets) | A map of organization-level GitHub Codespaces secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. | 
map(object({
    encrypted_value = string
    visibility      = string
  }))
| `{}` | no | | [custom\_repository\_roles](#input\_custom\_repository\_roles) | A map of custom repository roles to create. The key is the name of the role and the value is the role configurations. | 
map(object({
    description = string
    base_role   = string
    permissions = list(string)
  }))
| n/a | yes | -| [default\_branch\_protection\_rulesets](#input\_default\_branch\_protection\_rulesets) | n/a | 
object({
    base_protection = optional(object({
      enforcement = string
    }))
    minimum_approvals = optional(object({
      enforcement = string
      approvals_required = number
    }))
    dismiss_stale_reviews = optional(object({
      enforcement = string
    }))
    require_signatures = optional(object({
      enforcement = string
    }))
    bypass_actors = optional(object({
      repository_roles = optional(list(object({
        role          = string
        always_bypass = optional(bool)
      })))
      teams = optional(list(object({
        team          = string
        always_bypass = optional(bool)
      })))
      integrations = optional(list(object({
        installation_id = number
        always_bypass   = optional(bool)
      })))
      organization_admins = optional(list(object({
        user          = string
        always_bypass = optional(bool)
      })))
    }))
  })
| `{}` | no | +| [default\_branch\_protection\_rulesets](#input\_default\_branch\_protection\_rulesets) | n/a | 
object({
    base_protection = optional(object({
      enforcement = string
    }))
    minimum_approvals = optional(object({
      enforcement        = string
      approvals_required = number
    }))
    dismiss_stale_reviews = optional(object({
      enforcement = string
    }))
    require_signatures = optional(object({
      enforcement = string
    }))
    bypass_actors = optional(object({
      repository_roles = optional(list(object({
        role          = string
        always_bypass = optional(bool)
      })))
      teams = optional(list(object({
        team          = string
        always_bypass = optional(bool)
      })))
      integrations = optional(list(object({
        installation_id = number
        always_bypass   = optional(bool)
      })))
      organization_admins = optional(list(object({
        user          = string
        always_bypass = optional(bool)
      })))
    }))
  })
| `{}` | no | | [dependabot\_secrets](#input\_dependabot\_secrets) | A map of organization-level Dependabot secrets to create. The key is the name of the secret and the value is an object describing how to create the secret. | 
map(object({
    encrypted_value = string
    visibility      = string
  }))
| `{}` | no | | [enable\_community\_manager\_role](#input\_enable\_community\_manager\_role) | If `true` will create a custom repository role for community managers. Defaults to `false`. If `true` the maximum number of `custom_repository_roles` that can be defined will be reduced by one. | `bool` | `false` | no | | [enable\_contractor\_role](#input\_enable\_contractor\_role) | If `true` will create a custom repository role for contractors. Defaults to `false`. If `true` the maximum number of `custom_repository_roles` that can be defined will be reduced by one. | `bool` | `false` | no | diff --git a/modules/private_repository/README.md b/modules/private_repository/README.md index f318c8a..71f1d8f 100644 --- a/modules/private_repository/README.md +++ b/modules/private_repository/README.md @@ -3,7 +3,7 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [github](#requirement\_github) | 6.1.0 | +| [github](#requirement\_github) | ~> 6.0 | ## Providers diff --git a/modules/public_repository/README.md b/modules/public_repository/README.md index 77eb62a..5382525 100644 --- a/modules/public_repository/README.md +++ b/modules/public_repository/README.md @@ -3,7 +3,7 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [github](#requirement\_github) | 6.1.0 | +| [github](#requirement\_github) | ~> 6.0 | ## Providers diff --git a/modules/repository_base/README.md b/modules/repository_base/README.md index d05a568..c1c6c8a 100644 --- a/modules/repository_base/README.md +++ b/modules/repository_base/README.md @@ -3,13 +3,13 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [github](#requirement\_github) | 6.1.0 | +| [github](#requirement\_github) | ~> 6.0 | ## Providers | Name | Version | |------|---------| -| [github](#provider\_github) | 6.1.0 | +| [github](#provider\_github) | ~> 6.0 | ## Modules @@ -21,19 +21,19 @@ | Name | Type | |------|------| -| [github_actions_environment_secret.environment_secret](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/actions_environment_secret) | resource | -| [github_actions_secret.actions_secret](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/actions_secret) | resource | -| [github_branch_default.default_branch](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/branch_default) | resource | -| [github_codespaces_secret.codespaces_secret](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/codespaces_secret) | resource | -| [github_dependabot_secret.dependabot_secret](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/dependabot_secret) | resource | -| [github_repository.repository](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/repository) | resource | -| [github_repository_collaborators.collaborators](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/repository_collaborators) | resource | -| [github_repository_dependabot_security_updates.automated_security_fixes](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/repository_dependabot_security_updates) | resource | -| [github_repository_environment.environment](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/repository_environment) | resource | -| [github_repository_ruleset.protected_branch_base_rules](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/repository_ruleset) | resource | -| [github_organization_custom_role.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/data-sources/organization_custom_role) | data source | -| [github_team.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/data-sources/team) | data source | -| [github_user.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/data-sources/user) | data source | +| [github_actions_environment_secret.environment_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_environment_secret) | resource | +| [github_actions_secret.actions_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource | +| [github_branch_default.default_branch](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_default) | resource | +| [github_codespaces_secret.codespaces_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/codespaces_secret) | resource | +| [github_dependabot_secret.dependabot_secret](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/dependabot_secret) | resource | +| [github_repository.repository](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository) | resource | +| [github_repository_collaborators.collaborators](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_collaborators) | resource | +| [github_repository_dependabot_security_updates.automated_security_fixes](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_dependabot_security_updates) | resource | +| [github_repository_environment.environment](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_environment) | resource | +| [github_repository_ruleset.protected_branch_base_rules](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_ruleset) | resource | +| [github_organization_custom_role.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/organization_custom_role) | data source | +| [github_team.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/team) | data source | +| [github_user.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/user) | data source | ## Inputs diff --git a/modules/repository_set/README.md b/modules/repository_set/README.md index 6f09872..c216cfe 100644 --- a/modules/repository_set/README.md +++ b/modules/repository_set/README.md @@ -3,13 +3,13 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [github](#requirement\_github) | 6.1.0 | +| [github](#requirement\_github) | ~> 6.0 | ## Providers | Name | Version | |------|---------| -| [github](#provider\_github) | 6.1.0 | +| [github](#provider\_github) | ~> 6.0 | ## Modules @@ -22,9 +22,9 @@ | Name | Type | |------|------| -| [github_actions_organization_secret_repositories.org__action_secret_repo_access](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/actions_organization_secret_repositories) | resource | -| [github_codespaces_organization_secret_repositories.org__codespace_secret_repo_access](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/codespaces_organization_secret_repositories) | resource | -| [github_dependabot_organization_secret_repositories.org__dependabot_secret_repo_access](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/dependabot_organization_secret_repositories) | resource | +| [github_actions_organization_secret_repositories.org__action_secret_repo_access](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_secret_repositories) | resource | +| [github_codespaces_organization_secret_repositories.org__codespace_secret_repo_access](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/codespaces_organization_secret_repositories) | resource | +| [github_dependabot_organization_secret_repositories.org__dependabot_secret_repo_access](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/dependabot_organization_secret_repositories) | resource | ## Inputs diff --git a/modules/ruleset/README.md b/modules/ruleset/README.md index 1809db2..7853302 100644 --- a/modules/ruleset/README.md +++ b/modules/ruleset/README.md @@ -3,13 +3,13 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [github](#requirement\_github) | 6.1.0 | +| [github](#requirement\_github) | ~> 6.0 | ## Providers | Name | Version | |------|---------| -| [github](#provider\_github) | 6.1.0 | +| [github](#provider\_github) | ~> 6.0 | ## Modules @@ -19,15 +19,14 @@ No modules. | Name | Type | |------|------| -| [github_organization_ruleset.ruleset](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/organization_ruleset) | resource | -| [github_repository_ruleset.ruleset](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/repository_ruleset) | resource | +| [github_organization_ruleset.ruleset](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_ruleset) | resource | +| [github_repository_ruleset.ruleset](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_ruleset) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [bypass\_actors](#input\_bypass\_actors) | An object containing fields for role, team, organization admin, and integration bypass actors. Defaults to `{}` | 
object({
   repository_roles = optional(list(object({
        role_id          = string
        always_bypass = optional(bool)
      })))
      teams = optional(list(object({
        team_id          = string
        always_bypass = optional(bool)
      })))
      integrations = optional(list(object({
        installation_id = number
        always_bypass   = optional(bool)
      })))
      organization_admins = optional(list(object({
        user_id          = string
        always_bypass = optional(bool)
      })))
 })
| `{}` | no | -| [conditions](#input\_conditions) | An object that describes what branches and repositories the ruleset should apply to. If `ruleset_type` is set to `repository` then this field is optional and repository\_name is ignored. | 
object({
      ref_name = optional(object({
        include = list(string)
        exclude = list(string)
      }))
      repository_name = optional(object({
        include = list(string)
        exclude = list(string)
      }))
    })
| `{}` | no | +| [bypass\_actors](#input\_bypass\_actors) | An object containing fields for role, team, organization admin, and integration bypass actors. Defaults to `{}` | 
object({
    repository_roles = optional(list(object({
      role_id       = string
      always_bypass = optional(bool)
    })))
    teams = optional(list(object({
      team_id       = string
      always_bypass = optional(bool)
    })))
    integrations = optional(list(object({
      installation_id = number
      always_bypass   = optional(bool)
    })))
    organization_admins = optional(list(object({
      user_id       = string
      always_bypass = optional(bool)
    })))
  })
| `{}` | no | | [enforcement](#input\_enforcement) | The enforcement level of the ruleset. Should be one of either `active`, `evaluate` or `disabled`. Defaults to `active` | `string` | `"active"` | no | | [name](#input\_name) | The name of the ruleset. | `string` | n/a | yes | | [ref\_name\_exclusions](#input\_ref\_name\_exclusions) | A list of ref names or patterns to exclude. Defaults to an empty list. If set and `ruleset_type` is set to `organization` then either `repository_name_inclusions` or `repository_name_exclusions` must be set to a list of atleast 1 string. | `list(string)` | `[]` | no | @@ -35,7 +34,7 @@ No modules. | [repository](#input\_repository) | The repository to create the ruleset under. Only applicable if `ruleset_type` is set to `repository`. Defaults to "" | `string` | `""` | no | | [repository\_name\_exclusions](#input\_repository\_name\_exclusions) | A list of repository names or patterns to exclude. If `ruleset_type` is set to `repository` then this field is ignored. | `list(string)` | `[]` | no | | [repository\_name\_inclusions](#input\_repository\_name\_inclusions) | A list of repository names or patterns to include. If `ruleset_type` is set to `repository` then this field is ignored. | `list(string)` | `[]` | no | -| [rules](#input\_rules) | An object containing fields for all the rule definitions the ruleset should enforce. | 
object({
      branch_name_pattern = optional(object({
        operator = string
        pattern  = string
        name     = optional(string)
        negate   = optional(bool)
      }))
      tag_name_pattern = optional(object({
        operator = string
        pattern  = string
        name     = optional(string)
        negate   = optional(bool)
      }))
      commit_author_email_pattern = optional(object({
        operator = string
        pattern  = string
        name     = optional(string)
        negate   = optional(bool)
      }))
      commit_message_pattern = optional(object({
        operator = string
        pattern  = string
        name     = optional(string)
        negate   = optional(bool)
      }))
      committer_email_pattern = optional(object({
        operator = string
        pattern  = string
        name     = optional(string)
        negate   = optional(bool)
      }))
      creation                      = optional(bool)
      deletion                      = optional(bool)
      update                        = optional(bool)
      non_fast_forward              = optional(bool)
      required_linear_history       = optional(bool)
      required_signatures           = optional(bool)
      update_allows_fetch_and_merge = optional(bool)
      pull_request = optional(object({
        dismiss_stale_reviews_on_push     = optional(bool)
        require_code_owner_review         = optional(bool)
        require_last_push_approval        = optional(bool)
        required_approving_review_count   = optional(number)
        required_review_thread_resolution = optional(bool)
      }))
      required_status_checks = optional(object({
        required_check = list(object({
          context        = string
          integration_id = optional(number)
        }))
        strict_required_status_check_policy = optional(bool)
      }))
      required_workflows = optional(object({
        required_workflows = list(object({
          repository_id = number
          path          = string
          ref           = optional(string)
        }))
      }))
      required_deployment_environments = optional(list(string))
    })
| n/a | yes | +| [rules](#input\_rules) | An object containing fields for all the rule definitions the ruleset should enforce. | 
object({
    branch_name_pattern = optional(object({
      operator = string
      pattern  = string
      name     = optional(string)
      negate   = optional(bool)
    }))
    tag_name_pattern = optional(object({
      operator = string
      pattern  = string
      name     = optional(string)
      negate   = optional(bool)
    }))
    commit_author_email_pattern = optional(object({
      operator = string
      pattern  = string
      name     = optional(string)
      negate   = optional(bool)
    }))
    commit_message_pattern = optional(object({
      operator = string
      pattern  = string
      name     = optional(string)
      negate   = optional(bool)
    }))
    committer_email_pattern = optional(object({
      operator = string
      pattern  = string
      name     = optional(string)
      negate   = optional(bool)
    }))
    creation                      = optional(bool)
    deletion                      = optional(bool)
    update                        = optional(bool)
    non_fast_forward              = optional(bool)
    required_linear_history       = optional(bool)
    required_signatures           = optional(bool)
    update_allows_fetch_and_merge = optional(bool)
    pull_request = optional(object({
      dismiss_stale_reviews_on_push     = optional(bool)
      require_code_owner_review         = optional(bool)
      require_last_push_approval        = optional(bool)
      required_approving_review_count   = optional(number)
      required_review_thread_resolution = optional(bool)
    }))
    required_status_checks = optional(object({
      required_check = list(object({
        context        = string
        integration_id = optional(number)
      }))
      strict_required_status_check_policy = optional(bool)
    }))
    required_workflows = optional(object({
      required_workflows = list(object({
        repository_id = number
        path          = string
        ref           = optional(string)
      }))
    }))
    required_deployment_environments = optional(list(string))
  })
| n/a | yes | | [ruleset\_type](#input\_ruleset\_type) | The type of rulset to make. Should be one of ether `organization` or `repository`. | `string` | n/a | yes | | [target](#input\_target) | The target of the ruleset. Should be one of either `branch` or `tag`. | `string` | n/a | yes | diff --git a/modules/team/README.md b/modules/team/README.md index 0991dfc..e71b7c9 100644 --- a/modules/team/README.md +++ b/modules/team/README.md @@ -3,13 +3,13 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [github](#requirement\_github) | 6.1.0 | +| [github](#requirement\_github) | ~> 6.0 | ## Providers | Name | Version | |------|---------| -| [github](#provider\_github) | 6.1.0 | +| [github](#provider\_github) | ~> 6.0 | ## Modules @@ -19,9 +19,9 @@ No modules. | Name | Type | |------|------| -| [github_team.team](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/team) | resource | -| [github_team_membership.maintainers](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/team_membership) | resource | -| [github_team_membership.members](https://registry.terraform.io/providers/integrations/github/6.1.0/docs/resources/team_membership) | resource | +| [github_team.team](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team) | resource | +| [github_team_membership.maintainers](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team_membership) | resource | +| [github_team_membership.members](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team_membership) | resource | ## Inputs diff --git a/modules/team_set/README.md b/modules/team_set/README.md index 468ce69..e8f78c8 100644 --- a/modules/team_set/README.md +++ b/modules/team_set/README.md @@ -3,7 +3,7 @@ | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [github](#requirement\_github) | 6.1.0 | +| [github](#requirement\_github) | ~> 6.0 | ## Providers