From 4a10081e2be956215ee2174822501239c5858d32 Mon Sep 17 00:00:00 2001 From: Daniel M Date: Tue, 5 Nov 2024 08:05:48 -0500 Subject: [PATCH] fix:GH pages support + manage repo-collaborators (#98) --- terraform/locals.tf | 5 ++ terraform/production/repositories.tfvars | 5 +- terraform/resources-collaborators.tf | 44 +++++++++++++++++ terraform/resources-environments.tf | 4 +- terraform/resources-repo-admin-teams.tf | 6 +-- terraform/resources-repo-committer-teams.tf | 2 +- terraform/resources-repo-teams.tf | 8 ++-- terraform/resources-repos.tf | 21 +++++++- terraform/tfstate.json | 53 ++++++++++++++++++++- terraform/variables.tf | 24 +++++++++- 10 files changed, 154 insertions(+), 18 deletions(-) create mode 100644 terraform/resources-collaborators.tf diff --git a/terraform/locals.tf b/terraform/locals.tf index 0aff6dc..ed45cae 100644 --- a/terraform/locals.tf +++ b/terraform/locals.tf @@ -17,4 +17,9 @@ locals { } users = merge(local.admins, local.members) + + project_repositories = { + for repository_key, repository in var.repositories : repository_key => repository + if !repository.is_django_commons_repo + } } diff --git a/terraform/production/repositories.tfvars b/terraform/production/repositories.tfvars index 3c18e25..19cc376 100644 --- a/terraform/production/repositories.tfvars +++ b/terraform/production/repositories.tfvars @@ -33,8 +33,8 @@ repositories = { } "django-commons-playground" = { - description = "A sample project to test things out" - topics = [] + description = "A sample project with best practices for Django Commons projects." + topics = ["template", "django", "python"] # People with GitHub admin repo permissions admins = [ "cunla", @@ -151,7 +151,6 @@ repositories = { has_wiki = false is_template = false push_allowances = [] - template = "" topics = [ "django", "django-application", diff --git a/terraform/resources-collaborators.tf b/terraform/resources-collaborators.tf new file mode 100644 index 0000000..45fc514 --- /dev/null +++ b/terraform/resources-collaborators.tf @@ -0,0 +1,44 @@ +# This aims to remove all manually added users from the repository collaborators + +locals { + repo_collaborators = { + for key, value in local.project_repositories : key => [ + { + team_id = github_team.repo_admin_team[key].slug + permission = "admin" + }, + { + team_id = github_team.repo_committer_team[key].slug + permission = "maintain" + }, + { + team_id = github_team.repo_team[key].slug + permission = "triage" + }, + { + team_id = github_team.org_teams["security-team"].slug + permission = "pull" + } + ] + } +} + +import { + for_each = local.project_repositories + + id = each.key + to = github_repository_collaborators.this[each.key] +} + +resource "github_repository_collaborators" "this" { + for_each = local.repo_collaborators + + repository = github_repository.this[each.key].name + dynamic "team" { + for_each = local.repo_collaborators[each.key] + content { + team_id = team.value.team_id + permission = team.value.permission + } + } +} \ No newline at end of file diff --git a/terraform/resources-environments.tf b/terraform/resources-environments.tf index e6824c6..ad65c2d 100644 --- a/terraform/resources-environments.tf +++ b/terraform/resources-environments.tf @@ -1,5 +1,5 @@ resource "github_repository_environment" "pypi" { - for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false } + for_each = local.project_repositories environment = "pypi" repository = each.key @@ -10,7 +10,7 @@ resource "github_repository_environment" "pypi" { } resource "github_repository_environment" "testpypi" { - for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false } + for_each = local.project_repositories environment = "testpypi" repository = each.key diff --git a/terraform/resources-repo-admin-teams.tf b/terraform/resources-repo-admin-teams.tf index c26608c..35410bf 100644 --- a/terraform/resources-repo-admin-teams.tf +++ b/terraform/resources-repo-admin-teams.tf @@ -1,6 +1,6 @@ # Define the admin team for each repository resource "github_team" "repo_admin_team" { - for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false } + for_each = local.project_repositories parent_team_id = github_team.repo_team[each.key].id name = "${each.key}-admins" @@ -10,7 +10,7 @@ resource "github_team" "repo_admin_team" { # Add the people to the team resource "github_team_members" "repo_admin_members" { - for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false } + for_each = local.project_repositories team_id = github_team.repo_admin_team[each.key].id @@ -26,7 +26,7 @@ resource "github_team_members" "repo_admin_members" { # Define the team's permissions for the repositories resource "github_team_repository" "repo_admin_team_access" { - for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false } + for_each = local.project_repositories repository = each.key team_id = github_team.repo_admin_team[each.key].id permission = "admin" diff --git a/terraform/resources-repo-committer-teams.tf b/terraform/resources-repo-committer-teams.tf index 8bf5fc0..db82725 100644 --- a/terraform/resources-repo-committer-teams.tf +++ b/terraform/resources-repo-committer-teams.tf @@ -1,6 +1,6 @@ # Define the committers team for each repository resource "github_team" "repo_committer_team" { - for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false } + for_each = local.project_repositories parent_team_id = github_team.repo_team[each.key].id name = "${each.key}-committers" diff --git a/terraform/resources-repo-teams.tf b/terraform/resources-repo-teams.tf index 4dddd5a..99c4d09 100644 --- a/terraform/resources-repo-teams.tf +++ b/terraform/resources-repo-teams.tf @@ -1,6 +1,6 @@ # Create the main repository team for Django Commons. resource "github_team" "repo_team" { - for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false } + for_each = local.project_repositories name = each.key description = "Main team for the ${each.key} repository" @@ -8,7 +8,7 @@ resource "github_team" "repo_team" { } # Add the people to the team resource "github_team_members" "repo_team_members" { - for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false } + for_each = local.project_repositories team_id = github_team.repo_team[each.key].id @@ -27,7 +27,7 @@ resource "github_team_members" "repo_team_members" { } # Define the team's permissions for the repositories resource "github_team_repository" "repo_team_access" { - for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false } + for_each = local.project_repositories repository = each.key team_id = github_team.repo_team[each.key].id permission = "triage" @@ -37,7 +37,7 @@ resource "github_team_repository" "repo_team_access" { # This is used to enable automatic PR review requests resource "github_team_settings" "this" { - for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false } + for_each = local.project_repositories review_request_delegation { algorithm = "LOAD_BALANCE" diff --git a/terraform/resources-repos.tf b/terraform/resources-repos.tf index e9c8afc..eb295c1 100644 --- a/terraform/resources-repos.tf +++ b/terraform/resources-repos.tf @@ -35,13 +35,30 @@ resource "github_repository" "this" { topics = each.value.topics visibility = each.value.visibility vulnerability_alerts = true + dynamic "pages" { + for_each = each.value.pages != null ? [each.value.pages] : [] + content { + dynamic "source" { + for_each = pages.value.source != null ? [pages.value.source] : [] + content { + branch = source.value.branch + path = source.value.path + } + } + build_type = pages.value.build_type + cname = pages.value.cname + html_url = pages.value.html_url + url = pages.value.url + } + } dynamic "template" { for_each = each.value.template != null ? [each.value.template] : [] content { - owner = "django-commons" - repository = template.value + owner = template.value.owner + repository = template.value.repository + include_all_branches = template.value.include_all_branches } } } diff --git a/terraform/tfstate.json b/terraform/tfstate.json index 8003ddf..6756947 100644 --- a/terraform/tfstate.json +++ b/terraform/tfstate.json @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.9.8", - "serial": 310, + "serial": 311, "lineage": "425397de-8394-a003-8a6c-bce854d9cc53", "outputs": {}, "resources": [ @@ -1204,6 +1204,57 @@ } ] }, + { + "mode": "managed", + "type": "github_repository_collaborators", + "name": "this", + "provider": "provider[\"registry.terraform.io/integrations/github\"]", + "instances": [ + { + "index_key": "drf-excel", + "schema_version": 0, + "attributes": { + "id": "drf-excel", + "invitation_ids": {}, + "repository": "drf-excel", + "team": [ + { + "permission": "admin", + "team_id": "drf-excel-admins" + }, + { + "permission": "maintain", + "team_id": "drf-excel-committers" + }, + { + "permission": "pull", + "team_id": "security-team" + }, + { + "permission": "triage", + "team_id": "drf-excel" + } + ], + "user": [ + { + "permission": "admin", + "username": "FlipperPA" + }, + { + "permission": "admin", + "username": "browniebroke" + }, + { + "permission": "maintain", + "username": "rptmat57" + } + ] + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + } + ] + }, { "mode": "managed", "type": "github_repository_environment", diff --git a/terraform/variables.tf b/terraform/variables.tf index b05c444..86a972a 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -32,11 +32,10 @@ variable "repositories" { has_downloads = optional(bool, true) homepage_url = optional(string, "") has_wiki = optional(bool, false) - is_template = optional(bool, false) push_allowances = optional(list(string), []) enable_branch_protection = optional(bool, true) required_status_checks_contexts = optional(list(string), []) - template = optional(string) + is_template = optional(bool, false) # Is the repository a template repository topics = optional(list(string)) visibility = optional(string, "public") is_django_commons_repo = optional(bool, false) # Do not create teams for repository @@ -50,6 +49,27 @@ variable "repositories" { merge_commit_message = optional(string, null) squash_merge_commit_title = optional(string, null) squash_merge_commit_message = optional(string, null) + + # Pages settings + pages = optional(object({ + source = optional(object({ + branch = string + path = optional(string, "") + }), null) + build_type = optional(string, "workflow") # legacy or workflow + cname = optional(string, "") + html_url = optional(string, "") + url = optional(string, "") + custom_404 = optional(bool, null) + status = optional(string, "built") # built or building + }), null) + + # Template of the repository + template = optional(object({ + owner = string + repository = string + include_all_branches = bool + }), null) })) }