-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
98 lines (83 loc) · 3.38 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
resource "github_membership" "members" {
for_each = {
for member in local.members_data.members :
member.username => member
}
username = each.value.username
role = each.value.role
}
resource "github_team" "team" {
for_each = {
for team_name, team_config in local.teams_data.teams :
team_name => team_config
}
name = each.value.name
description = each.value.description
privacy = each.value.privacy
create_default_maintainer = true
}
resource "github_team_membership" "members" {
for_each = {
for team_name, team_config in local.teams_data.teams :
team_name => team_config.members
}
team_id = github_team.team[each.key].id
username = each.value[0].username
role = each.value[0].role
}
resource "github_repository" "github_repo" {
for_each = {
for repo in local.repositories_data.organization_repositories :
repo.name => repo
}
name = each.value.name
description = each.value.description
visibility = try(each.value.visibility, "private")
archive_on_destroy = try(each.value.archive_on_destroy, true)
has_discussions = try(each.value.has_discussions, true)
has_issues = try(each.value.has_issues, true)
has_wiki = try(each.value.has_wiki, true)
has_projects = try(each.value.has_wiki, true)
allow_merge_commit = try(each.value.allow_merge_commit, false)
allow_squash_merge = try(each.value.allow_squash_merge, true)
allow_rebase_merge = try(each.value.allow_rebase_merge, true)
auto_init = try(each.value.auto_init, false)
license_template = try(each.value.license_template, "mit")
gitignore_template = try(each.value.gitignore_template, "")
is_template = try(each.value.is_template, false)
vulnerability_alerts = true
#!FIXME. Enabling the security scan it makes the apply fail.
# security_and_analysis {
# secret_scanning {
# status = "disabled"
# }
# secret_scanning_push_protection {
# status = "disabled"
# }
# }
}
#!FIXME. Only possible for github pro account or if we make this repos public
#resource "github_branch_protection" "github_repo-branch-protection" {
# for_each = toset([for repo in local.repositories_data.organization_repositories : repo.name])
# repository_id = github_repository.github_repo[each.key].node_id
# pattern = "main"
# enforce_admins = true
# allows_deletions = false
# require_signed_commits = true
#}
#!FIXME. Only possible for github pro account or if we make this repos public
# Error: POST https://api.github.com/repos/***/voxsamrt-service-api/tags/protection: 403 Upgrade to GitHub Pro or make this repository public to enable this feature. []
#resource "github_repository_tag_protection" "github_repo-tag-protection" {
# for_each = toset([for repo in local.repositories_data.organization_repositories : repo.name])
# repository = github_repository.github_repo[each.key].name
# pattern = "v*"
#}
resource "github_team_repository" "team_repo" {
for_each = {
for item in local.team_repository_permissions :
"${item.repository_name}-${item.team_name}" => item
}
team_id = lookup(github_team.team, each.value.team_name, null) != null ? github_team.team[each.value.team_name].id : null
repository = each.value.repository_name
permission = each.value.permission
}