fix existing repo reference, tflint

cloudposse · Jan 25, 2024 · 393fa12 · 393fa12
1 parent b66bdf8
commit 393fa12
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 40 deletions.
diff --git a/modules/argocd-repo/README.md b/modules/argocd-repo/README.md
@@ -153,11 +153,8 @@ $ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file="
 | <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
 | <a name="input_permissions"></a> [permissions](#input\_permissions) | A list of Repository Permission objects used to configure the team permissions of the repository<br><br>`team_slug` should be the name of the team without the `@{org}` e.g. `@cloudposse/team` => `team`<br>`permission` is just one of the available values listed below | <pre>list(object({<br>    team_slug  = string,<br>    permission = string<br>  }))</pre> | `[]` | no |
-| <a name="input_push_restrictions_enabled"></a> [push\_restrictions\_enabled](#input\_push\_restrictions\_enabled) | Enforce who can push to the main branch | `bool` | `true` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS Region | `string` | n/a | yes |
-| <a name="input_required_pull_request_reviews"></a> [required\_pull\_request\_reviews](#input\_required\_pull\_request\_reviews) | Enforce restrictions for pull request reviews | `bool` | `true` | no |
-| <a name="input_slack_notifications_channel"></a> [slack\_notifications\_channel](#input\_slack\_notifications\_channel) | If given, the Slack channel to for deployment notifications. | `string` | `""` | no |
 | <a name="input_ssm_github_api_key"></a> [ssm\_github\_api\_key](#input\_ssm\_github\_api\_key) | SSM path to the GitHub API key | `string` | `"/argocd/github/api_key"` | no |
 | <a name="input_ssm_github_deploy_key_format"></a> [ssm\_github\_deploy\_key\_format](#input\_ssm\_github\_deploy\_key\_format) | Format string of the SSM parameter path to which the deploy keys will be written to (%s will be replaced with the environment name) | `string` | `"/argocd/deploy_keys/%s"` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
@@ -179,7 +176,7 @@ $ terraform import -var "import_profile_name=eg-mgmt-gbl-corp-admin" -var-file="
 
 
 ## References
-  * [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/main/modules/argocd-repo) - Cloud Posse's upstream component
+  * [cloudposse/terraform-aws-components](https://github.com/cloudposse/terraform-aws-components/tree/master/modules/argocd-repo) - Cloud Posse's upstream component
 
 
 [<img src="https://cloudposse.com/logo-300x69.svg" height="32" align="right"/>](https://cpco.io/component)
diff --git a/modules/argocd-repo/applicationset.tf b/modules/argocd-repo/applicationset.tf
@@ -5,14 +5,13 @@ resource "github_repository_file" "application_set" {
   branch     = local.github_repository.default_branch
   file       = "${each.value.tenant != null ? format("%s/", each.value.tenant) : ""}${each.value.environment}-${each.value.stage}${length(each.value.attributes) > 0 ? format("-%s", join("-", each.value.attributes)) : ""}/${local.manifest_kubernetes_namespace}/applicationset.yaml"
   content = templatefile("${path.module}/templates/applicationset.yaml.tpl", {
-    environment                 = each.key
-    auto-sync                   = each.value.auto-sync
-    ignore-differences          = each.value.ignore-differences
-    name                        = module.this.namespace
-    namespace                   = local.manifest_kubernetes_namespace
-    ssh_url                     = local.github_repository.ssh_clone_url
-    notifications               = var.github_default_notifications_enabled
-    slack_notifications_channel = var.slack_notifications_channel
+    environment        = each.key
+    auto-sync          = each.value.auto-sync
+    ignore-differences = each.value.ignore-differences
+    name               = module.this.namespace
+    namespace          = local.manifest_kubernetes_namespace
+    ssh_url            = local.github_repository.ssh_clone_url
+    notifications      = var.github_default_notifications_enabled
   })
   commit_message      = "Initialize environment: `${each.key}`."
   commit_author       = var.github_user

diff --git a/modules/argocd-repo/main.tf b/modules/argocd-repo/main.tf
@@ -76,18 +76,15 @@ resource "github_branch_protection" "default" {
   enforce_admins   = false # needs to be false in order to allow automation user to push
   allows_deletions = true
 
-  dynamic "required_pull_request_reviews" {
-    for_each = var.required_pull_request_reviews ? [0] : []
-    content {
-      dismiss_stale_reviews      = true
-      restrict_dismissals        = true
-      require_code_owner_reviews = true
-    }
+  required_pull_request_reviews {
+    dismiss_stale_reviews      = true
+    restrict_dismissals        = true
+    require_code_owner_reviews = true
   }
 
-  push_restrictions = var.push_restrictions_enabled ? [
+  push_restrictions = [
     join("", data.github_user.automation_user[*].node_id),
-  ] : []
+  ]
 }
 
 data "github_team" "default" {
@@ -115,7 +112,7 @@ resource "github_repository_deploy_key" "default" {
   for_each = local.environments
 
   title      = "Deploy key for ArgoCD environment: ${each.key} (${local.github_repository.default_branch} branch)"
-  repository = join("", github_repository.default[*].name)
+  repository = local.github_repository.name
   key        = tls_private_key.default[each.key].public_key_openssh
   read_only  = true
 }
diff --git a/modules/argocd-repo/variables.tf b/modules/argocd-repo/variables.tf
@@ -138,21 +138,3 @@ variable "create_repo" {
   description = "Whether or not to create the repository or use an existing one"
   default     = true
 }
-
-variable "required_pull_request_reviews" {
-  type        = bool
-  description = "Enforce restrictions for pull request reviews"
-  default     = true
-}
-
-variable "push_restrictions_enabled" {
-  type        = bool
-  description = "Enforce who can push to the main branch"
-  default     = true
-}
-
-variable "slack_notifications_channel" {
-  type        = string
-  default     = ""
-  description = "If given, the Slack channel to for deployment notifications."
-}