Skip to content

Commit

Permalink
Merge pull request #57 from Flaconi/plt-878
Browse files Browse the repository at this point in the history 
PLT-878 - Add support for rulesets
  • Loading branch information
@Engerim
Engerim authored Jul 22, 2024
2 parents 934a7ba + 3b48afe commit c7d4fdd
Show file tree
Hide file tree
Showing 3 changed files with 102 additions and 0 deletions.
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,7 @@ module "example_repo" {
| [github_repository_collaborator.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_collaborator) | resource |
| [github_repository_deploy_key.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_deploy_key) | resource |
| [github_repository_environment.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_environment) | resource |
| [github_repository_ruleset.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_ruleset) | resource |
| [github_repository_webhook.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_webhook) | resource |
| [github_team_repository.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team_repository) | resource |
| [github_team.this](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/team) | data source |
Expand Down Expand Up @@ -203,6 +204,7 @@ module "example_repo" {
| <a name="input_merge_commit_title"></a> [merge\_commit\_title](#input\_merge\_commit\_title) | Can be `PR_TITLE` or `MERGE_MESSAGE` for a default merge commit title. | `string` | `"MERGE_MESSAGE"` | no |
| <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace, e.g. `terraform`, `product`, `mobile` etc. | `string` | `null` | no |
| <a name="input_pages"></a> [pages](#input\_pages) | The repository's GitHub Pages configuration. | <pre>object({<br> source = object({<br> branch = string<br> path = string<br> })<br> })</pre> | `null` | no |
| <a name="input_rulesets"></a> [rulesets](#input\_rulesets) | n/a | <pre>map(object({<br> required_linear_history = optional(bool, true)<br> deletion = optional(bool, true)<br> creation = optional(bool, true)<br> update = optional(bool, false)<br> target = optional(string, "branch")<br> enforcement = optional(string, "active")<br> includes = optional(list(string), ["~DEFAULT_BRANCH"])<br> excludes = optional(list(string), [])<br> non_fast_forward = optional(bool, true)<br> required_signatures = optional(bool, true)<br> bypass_actors = optional(map(object({<br> actor_id = number<br> actor_type = string<br> bypass_mode = optional(string, "always")<br> })), {})<br> pull_request = optional(object({<br> enabled = optional(bool, true)<br> dismiss_stale_reviews_on_push = optional(bool, true)<br> require_code_owner_review = optional(bool, true)<br> required_approving_review_count = optional(number, 1)<br> required_review_thread_resolution = optional(bool, true)<br> require_last_push_approval = optional(bool, true)<br> }), {})<br> required_status_checks = optional(object({<br> enabled = optional(bool, true)<br> strict_required_status_checks_policy = optional(bool, false)<br> contexts = optional(list(object({<br> integration_id = optional(number, 0)<br> context = string<br> })), [])<br> }))<br> }))</pre> | `{}` | no |
| <a name="input_secrets"></a> [secrets](#input\_secrets) | Repository secrets. | <pre>map(object({<br> encrypted_value = optional(string)<br> plaintext_value = optional(string)<br> }))</pre> | `{}` | no |
| <a name="input_squash_merge_commit_message"></a> [squash\_merge\_commit\_message](#input\_squash\_merge\_commit\_message) | Can be `PR_BODY`, `COMMIT_MESSAGES`, or `BLANK` for a default squash merge commit message. | `string` | `"COMMIT_MESSAGES"` | no |
| <a name="input_squash_merge_commit_title"></a> [squash\_merge\_commit\_title](#input\_squash\_merge\_commit\_title) | Can be `PR_TITLE` or `COMMIT_OR_PR_TITLE` for a default squash merge commit title. | `string` | `"COMMIT_OR_PR_TITLE"` | no |
Expand Down
63 changes: 63 additions & 0 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -261,3 +261,66 @@ resource "github_repository_webhook" "this" {
insecure_ssl = each.value["configuration"]["insecure_ssl"]
}
}

resource "github_repository_ruleset" "this" {
for_each = var.rulesets != null ? var.rulesets : {}
name = each.key
repository = github_repository.this.name
target = each.value.target
enforcement = each.value.enforcement

conditions {
ref_name {
include = each.value.includes
exclude = each.value.excludes
}
}

dynamic "bypass_actors" {
iterator = actors
for_each = each.value.bypass_actors
content {
actor_id = actors.value.actor_id
actor_type = actors.value.actor_type
bypass_mode = actors.value.bypass_mode
}
}

rules {
creation = each.value.creation
update = each.value.update
deletion = each.value.deletion
non_fast_forward = each.value.non_fast_forward
required_linear_history = each.value.required_linear_history
required_signatures = each.value.required_signatures

dynamic "pull_request" {
for_each = each.value.pull_request.enabled ? [each.value.pull_request] : []
iterator = reviews
content {
dismiss_stale_reviews_on_push = reviews.value["dismiss_stale_reviews_on_push"]
require_code_owner_review = reviews.value["require_code_owner_review"]
required_approving_review_count = reviews.value["required_approving_review_count"]
required_review_thread_resolution = reviews.value["required_review_thread_resolution"]
require_last_push_approval = reviews.value["require_last_push_approval"]
}
}

dynamic "required_status_checks" {
for_each = each.value.required_status_checks != null ? each.value.required_status_checks.enabled ? [each.value.required_status_checks] : [] : []
iterator = checks
content {

dynamic "required_check" {
for_each = checks.value.contexts
iterator = contexts
content {
context = contexts.value.context
integration_id = contexts.value.integration_id
}
}
strict_required_status_checks_policy = checks.value.strict_required_status_checks_policy
}
}
}
}
37 changes: 37 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,43 @@ variable "default_branch_protection_enabled" {
description = "Set to `false` if you want to disable branch protection for default branch"
}

variable "rulesets" {
type = map(object({
required_linear_history = optional(bool, true)
deletion = optional(bool, true)
creation = optional(bool, true)
update = optional(bool, false)
target = optional(string, "branch")
enforcement = optional(string, "active")
includes = optional(list(string), ["~DEFAULT_BRANCH"])
excludes = optional(list(string), [])
non_fast_forward = optional(bool, true)
required_signatures = optional(bool, true)
bypass_actors = optional(map(object({
actor_id = number
actor_type = string
bypass_mode = optional(string, "always")
})), {})
pull_request = optional(object({
enabled = optional(bool, true)
dismiss_stale_reviews_on_push = optional(bool, true)
require_code_owner_review = optional(bool, true)
required_approving_review_count = optional(number, 1)
required_review_thread_resolution = optional(bool, true)
require_last_push_approval = optional(bool, true)
}), {})
required_status_checks = optional(object({
enabled = optional(bool, true)
strict_required_status_checks_policy = optional(bool, false)
contexts = optional(list(object({
integration_id = optional(number, 0)
context = string
})), [])
}))
}))
default = {}
}

variable "default_branch_protection" {
type = object({
enforce_admins = optional(bool, true)
Expand Down

0 comments on commit c7d4fdd

Please sign in to comment.