FociSolutions · TylerMizuyabu · Apr 3, 2024 · Apr 3, 2024 · Apr 3, 2024
diff --git a/modules/private_repository/README.md b/modules/private_repository/README.md
@@ -38,6 +38,7 @@ No resources.
 | <a name="input_name"></a> [name](#input\_name) | The name of the repository to create/import. | `string` | n/a | yes |
 | <a name="input_protected_branches"></a> [protected\_branches](#input\_protected\_branches) | A list of ref names or patterns that should be protected. Defaults `["main"]` | `list(string)` | <pre>[<br>  "main"<br>]</pre> | no |
 | <a name="input_repository_team_permissions"></a> [repository\_team\_permissions](#input\_repository\_team\_permissions) | A map where the keys are github team slugs and the value is the permissions the team should have in the repository | `map(string)` | n/a | yes |
+| <a name="input_repository_user_permissions"></a> [repository\_user\_permissions](#input\_repository\_user\_permissions) | A map where the keys are github usernames and the value is the permissions the user should have in the repository | `map(string)` | n/a | yes |
 | <a name="input_requires_web_commit_signing"></a> [requires\_web\_commit\_signing](#input\_requires\_web\_commit\_signing) | If set commit signatures are required for commits to the organization. Defaults to `false`. | `bool` | `false` | no |
 | <a name="input_rulesets"></a> [rulesets](#input\_rulesets) | n/a | <pre>map(object({<br>    bypass_actors = optional(object({<br>      repository_roles = optional(list(object({<br>        role          = string<br>        always_bypass = optional(bool)<br>      })))<br>      teams = optional(list(object({<br>        team          = string<br>        always_bypass = optional(bool)<br>      })))<br>      integrations = optional(list(object({<br>        installation_id = number<br>        always_bypass   = optional(bool)<br>      })))<br>      organization_admins = optional(list(object({<br>        user          = string<br>        always_bypass = optional(bool)<br>      })))<br>    }))<br>    conditions = optional(object({<br>      ref_name = object({<br>        include = list(string)<br>        exclude = list(string)<br>      })<br>    }))<br>    rules = object({<br>      branch_name_pattern = optional(object({<br>        operator = string<br>        pattern  = string<br>        name     = optional(string)<br>        negate   = optional(bool)<br>      }))<br>      tag_name_pattern = optional(object({<br>        operator = string<br>        pattern  = string<br>        name     = optional(string)<br>        negate   = optional(bool)<br>      }))<br>      commit_author_email_pattern = optional(object({<br>        operator = string<br>        pattern  = string<br>        name     = optional(string)<br>        negate   = optional(bool)<br>      }))<br>      commit_message_pattern = optional(object({<br>        operator = string<br>        pattern  = string<br>        name     = optional(string)<br>        negate   = optional(bool)<br>      }))<br>      committer_email_pattern = optional(object({<br>        operator = string<br>        pattern  = string<br>        name     = optional(string)<br>        negate   = optional(bool)<br>      }))<br>      creation                      = optional(bool)<br>      deletion                      = optional(bool)<br>      update                        = optional(bool)<br>      non_fast_forward              = optional(bool)<br>      required_linear_history       = optional(bool)<br>      required_signatures           = optional(bool)<br>      update_allows_fetch_and_merge = optional(bool)<br>      pull_request = optional(object({<br>        dismiss_stale_reviews_on_push     = optional(bool)<br>        require_code_owner_review         = optional(bool)<br>        require_last_push_approval        = optional(bool)<br>        required_approving_review_count   = optional(number)<br>        required_review_thread_resolution = optional(bool)<br>      }))<br>      required_status_checks = optional(object({<br>        required_check = list(object({<br>          context        = string<br>          integration_id = optional(number)<br>        }))<br>        strict_required_status_check_policy = optional(bool)<br>      }))<br>      required_deployment_environments = optional(list(string))<br>    })<br>    target      = string<br>    enforcement = string<br>  }))</pre> | `{}` | no |
 | <a name="input_template_repository"></a> [template\_repository](#input\_template\_repository) | A (Optional) list of template repositories to use for the repository | <pre>object({<br>    owner                = string<br>    repository           = string<br>    include_all_branches = bool<br>  })</pre> | `null` | no |

diff --git a/modules/private_repository/repository.tf b/modules/private_repository/repository.tf
@@ -13,6 +13,7 @@ module "repository_base" {
   has_discussions = false
 
   repository_team_permissions = var.repository_team_permissions
+  repository_user_permissions = var.repository_user_permissions
 
   default_branch       = var.default_branch
   protected_branches   = var.protected_branches

diff --git a/modules/private_repository/variables.tf b/modules/private_repository/variables.tf
@@ -20,6 +20,11 @@ variable "repository_team_permissions" {
   description = "A map where the keys are github team slugs and the value is the permissions the team should have in the repository"
 }
 
+variable "repository_user_permissions" {
+  type        = map(string)
+  description = "A map where the keys are github usernames and the value is the permissions the user should have in the repository"
+}
+
 variable "protected_branches" {
   type        = list(string)
   description = "A list of ref names or patterns that should be protected. Defaults `[\"main\"]`"

diff --git a/modules/public_repository/README.md b/modules/public_repository/README.md
@@ -38,6 +38,7 @@ No resources.
 | <a name="input_name"></a> [name](#input\_name) | The name of the repository to create/import. | `string` | n/a | yes |
 | <a name="input_protected_branches"></a> [protected\_branches](#input\_protected\_branches) | A list of ref names or patterns that should be protected. Defaults `["main"]` | `list(string)` | <pre>[<br>  "main"<br>]</pre> | no |
 | <a name="input_repository_team_permissions"></a> [repository\_team\_permissions](#input\_repository\_team\_permissions) | A map where the keys are github team slugs and the value is the permissions the team should have in the repository | `map(string)` | n/a | yes |
+| <a name="input_repository_user_permissions"></a> [repository\_user\_permissions](#input\_repository\_user\_permissions) | A map where the keys are github usernames and the value is the permissions the user should have in the repository | `map(string)` | n/a | yes |
 | <a name="input_requires_web_commit_signing"></a> [requires\_web\_commit\_signing](#input\_requires\_web\_commit\_signing) | If set commit signatures are required for commits to the organization. Defaults to `false`. | `bool` | `false` | no |
 | <a name="input_rulesets"></a> [rulesets](#input\_rulesets) | n/a | <pre>map(object({<br>    bypass_actors = optional(object({<br>      repository_roles = optional(list(object({<br>        role          = string<br>        always_bypass = optional(bool)<br>      })))<br>      teams = optional(list(object({<br>        team          = string<br>        always_bypass = optional(bool)<br>      })))<br>      integrations = optional(list(object({<br>        installation_id = number<br>        always_bypass   = optional(bool)<br>      })))<br>      organization_admins = optional(list(object({<br>        user          = string<br>        always_bypass = optional(bool)<br>      })))<br>    }))<br>    conditions = optional(object({<br>      ref_name = object({<br>        include = list(string)<br>        exclude = list(string)<br>      })<br>    }))<br>    rules = object({<br>      branch_name_pattern = optional(object({<br>        operator = string<br>        pattern  = string<br>        name     = optional(string)<br>        negate   = optional(bool)<br>      }))<br>      tag_name_pattern = optional(object({<br>        operator = string<br>        pattern  = string<br>        name     = optional(string)<br>        negate   = optional(bool)<br>      }))<br>      commit_author_email_pattern = optional(object({<br>        operator = string<br>        pattern  = string<br>        name     = optional(string)<br>        negate   = optional(bool)<br>      }))<br>      commit_message_pattern = optional(object({<br>        operator = string<br>        pattern  = string<br>        name     = optional(string)<br>        negate   = optional(bool)<br>      }))<br>      committer_email_pattern = optional(object({<br>        operator = string<br>        pattern  = string<br>        name     = optional(string)<br>        negate   = optional(bool)<br>      }))<br>      creation                      = optional(bool)<br>      deletion                      = optional(bool)<br>      update                        = optional(bool)<br>      non_fast_forward              = optional(bool)<br>      required_linear_history       = optional(bool)<br>      required_signatures           = optional(bool)<br>      update_allows_fetch_and_merge = optional(bool)<br>      pull_request = optional(object({<br>        dismiss_stale_reviews_on_push     = optional(bool)<br>        require_code_owner_review         = optional(bool)<br>        require_last_push_approval        = optional(bool)<br>        required_approving_review_count   = optional(number)<br>        required_review_thread_resolution = optional(bool)<br>      }))<br>      required_status_checks = optional(object({<br>        required_check = list(object({<br>          context        = string<br>          integration_id = optional(number)<br>        }))<br>        strict_required_status_check_policy = optional(bool)<br>      }))<br>      required_deployment_environments = optional(list(string))<br>    })<br>    target      = string<br>    enforcement = string<br>  }))</pre> | `{}` | no |
 | <a name="input_template_repository"></a> [template\_repository](#input\_template\_repository) | A (Optional) list of template repositories to use for the repository | <pre>object({<br>    owner                = string<br>    repository           = string<br>    include_all_branches = bool<br>  })</pre> | `null` | no |

diff --git a/modules/public_repository/repository.tf b/modules/public_repository/repository.tf
@@ -13,6 +13,7 @@ module "repository_base" {
   has_discussions = true
 
   repository_team_permissions = var.repository_team_permissions
+  repository_user_permissions = var.repository_user_permissions
 
   default_branch       = var.default_branch
   protected_branches   = var.protected_branches

diff --git a/modules/public_repository/variables.tf b/modules/public_repository/variables.tf
@@ -20,6 +20,11 @@ variable "repository_team_permissions" {
   description = "A map where the keys are github team slugs and the value is the permissions the team should have in the repository"
 }
 
+variable "repository_user_permissions" {
+  type        = map(string)
+  description = "A map where the keys are github usernames and the value is the permissions the user should have in the repository"
+}
+
 variable "protected_branches" {
   type        = list(string)
   description = "A list of ref names or patterns that should be protected. Defaults `[\"main\"]`"

diff --git a/modules/repository_base/README.md b/modules/repository_base/README.md
@@ -60,6 +60,7 @@
 | <a name="input_name"></a> [name](#input\_name) | The name of the repository to create/import. | `string` | n/a | yes |
 | <a name="input_protected_branches"></a> [protected\_branches](#input\_protected\_branches) | A list of ref names or patterns that should be protected. Setting to `[]` means no protection. Defaults `["~DEFAULT_BRANCH"]` | `list(string)` | <pre>[<br>  "~DEFAULT_BRANCH"<br>]</pre> | no |
 | <a name="input_repository_team_permissions"></a> [repository\_team\_permissions](#input\_repository\_team\_permissions) | A map where the keys are github team slugs and the value is the permissions the team should have in the repository | `map(string)` | n/a | yes |
+| <a name="input_repository_user_permissions"></a> [repository\_user\_permissions](#input\_repository\_user\_permissions) | A map where the keys are github usernames and the value is the permissions the user should have in the repository | `map(string)` | n/a | yes |
 | <a name="input_requires_web_commit_signing"></a> [requires\_web\_commit\_signing](#input\_requires\_web\_commit\_signing) | If set commit signatures are required for commits to the organization. Defaults to `false`. | `bool` | `false` | no |
 | <a name="input_rulesets"></a> [rulesets](#input\_rulesets) | n/a | <pre>map(object({<br>    bypass_actors = optional(object({<br>      repository_roles = optional(list(object({<br>        role          = string<br>        always_bypass = optional(bool)<br>      })))<br>      teams = optional(list(object({<br>        team          = string<br>        always_bypass = optional(bool)<br>      })))<br>      integrations = optional(list(object({<br>        installation_id = number<br>        always_bypass   = optional(bool)<br>      })))<br>      organization_admins = optional(list(object({<br>        user          = string<br>        always_bypass = optional(bool)<br>      })))<br>    }))<br>    conditions = optional(object({<br>      ref_name = object({<br>        include = list(string)<br>        exclude = list(string)<br>      })<br>    }))<br>    rules = object({<br>      branch_name_pattern = optional(object({<br>        operator = string<br>        pattern  = string<br>        name     = optional(string)<br>        negate   = optional(bool)<br>      }))<br>      tag_name_pattern = optional(object({<br>        operator = string<br>        pattern  = string<br>        name     = optional(string)<br>        negate   = optional(bool)<br>      }))<br>      commit_author_email_pattern = optional(object({<br>        operator = string<br>        pattern  = string<br>        name     = optional(string)<br>        negate   = optional(bool)<br>      }))<br>      commit_message_pattern = optional(object({<br>        operator = string<br>        pattern  = string<br>        name     = optional(string)<br>        negate   = optional(bool)<br>      }))<br>      committer_email_pattern = optional(object({<br>        operator = string<br>        pattern  = string<br>        name     = optional(string)<br>        negate   = optional(bool)<br>      }))<br>      creation                      = optional(bool)<br>      deletion                      = optional(bool)<br>      update                        = optional(bool)<br>      non_fast_forward              = optional(bool)<br>      required_linear_history       = optional(bool)<br>      required_signatures           = optional(bool)<br>      update_allows_fetch_and_merge = optional(bool)<br>      pull_request = optional(object({<br>        dismiss_stale_reviews_on_push     = optional(bool)<br>        require_code_owner_review         = optional(bool)<br>        require_last_push_approval        = optional(bool)<br>        required_approving_review_count   = optional(number)<br>        required_review_thread_resolution = optional(bool)<br>      }))<br>      required_status_checks = optional(object({<br>        required_check = list(object({<br>          context        = string<br>          integration_id = optional(number)<br>        }))<br>        strict_required_status_check_policy = optional(bool)<br>      }))<br>      required_deployment_environments = optional(list(string))<br>    })<br>    target      = string<br>    enforcement = string<br>  }))</pre> | `{}` | no |
 | <a name="input_secret_scanning"></a> [secret\_scanning](#input\_secret\_scanning) | Enables secret scanning for the repository. If repository is private `advance_security` must also be enabled. | `bool` | `true` | no |

diff --git a/modules/repository_base/teams.tf → modules/repository_base/collaborators.tf b/modules/repository_base/teams.tf → modules/repository_base/collaborators.tf
@@ -8,4 +8,12 @@ resource "github_repository_collaborators" "collaborators" {
       team_id    = team.key
     }
   }
+
+  dynamic "user" {
+    for_each = var.repository_user_permissions
+    content {
+      permission = user.value
+      username   = user.key
+    }
+  }
 }
diff --git a/modules/repository_base/variables.tf b/modules/repository_base/variables.tf
@@ -20,6 +20,11 @@ variable "repository_team_permissions" {
   description = "A map where the keys are github team slugs and the value is the permissions the team should have in the repository"
 }
 
+variable "repository_user_permissions" {
+  type        = map(string)
+  description = "A map where the keys are github usernames and the value is the permissions the user should have in the repository"
+}
+
 variable "protected_branches" {
   type        = list(string)
   description = "A list of ref names or patterns that should be protected. Setting to `[]` means no protection. Defaults `[\"~DEFAULT_BRANCH\"]`"