From 6179403a529cca054dabf3c1e8d02a46fa7d4f8a Mon Sep 17 00:00:00 2001
From: Dave Arnold <david.j.arnold.jr@census.gov>
Date: Wed, 7 Aug 2024 17:55:57 -0400
Subject: [PATCH] providing safe guards and bypasses

---
 .terraform.lock.hcl | 15 +++++++++++++
 main.tf             | 54 ++++++++++++++++++++++++++++++++++++++-------
 2 files changed, 61 insertions(+), 8 deletions(-)

diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
index b2ea639..d7c91c8 100644
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -6,6 +6,21 @@ provider "registry.terraform.io/hashicorp/aws" {
   constraints = ">= 2.0.0"
   hashes = [
     "h1:3c0jJCaLRgXrOZoGMAOjH+omtHUo96AkukUF4/h9gaE=",
+    "zh:0fff674596251d3f46b5a9e242220871d6c634f7cf69f2741d1c3c8f4baa708c",
+    "zh:1495d0f71bbd849ad286e7afa9d531a45217e6af7e3d165a447809dab364bd9b",
+    "zh:3eab136bd5b6c58a99f5cb588220819c70061b48da98f2b40061ebabfcbe1957",
+    "zh:3faa780ae84db4751d32ce3e7c4797711c9b5c537b67884037f0951a2f93c1ee",
+    "zh:47455bd243986893cc79f3d884633961244faeeef678fd64a37fcc77f3dabe24",
+    "zh:4a26df74f018ea25f3b543e9bc9d5763c7adc0cec647fc1cb1acec47cc331953",
+    "zh:592cebca964f297f569dc86e99789bfcc301904a9c26cd7294dab99e106acf59",
+    "zh:75d5ed50f1f56c484f7fcb1bd1c4ad33e2679ed249cc8db05e561233f8f5781f",
+    "zh:7ec8cce722a91ba141a3b2db0e833acc3be91e4eec6abb41f012bc9d641ca24e",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:cba68f518f794e695b0448be4ff90906a7817f65ca5e4d987720e37fbeea7c90",
+    "zh:e29712ab48d6527253ae4aef3851bd8e831b7b0bb57b5097bef16cbb69af6e85",
+    "zh:ef34bd8ff4e1fb8cc222b78217df917d4833361ea514465e7dae9122a7c7cf7a",
+    "zh:fece9ac372653ab3195630cc9d817ad0f81cce1d2880bec03ffc624591f3702b",
+    "zh:ffd1c3b3e4fa447dd2a78f6696d0dac969cb2996d640e3efbf2a96c49892d298",
   ]
 }
 
diff --git a/main.tf b/main.tf
index 16ea9dc..055d6ae 100644
--- a/main.tf
+++ b/main.tf
@@ -1,10 +1,13 @@
 locals {
    collaborators = {
-    naray007 = "admin",
+    naray007 = "push",
     morga471 = "admin",
-    lolli001 = "admin",
+    lolli001 = "push",
     gomez385 = "admin"
   }
+  pull_request_bypassers = [
+    "arnol377"
+  ]
 }
 
 # Add a team to the organization
@@ -39,6 +42,7 @@ module "elastic_beanstalk" {
   enforce_prs = false
   collaborators = local.collaborators
   admin_teams = [github_team.team.name]
+  pull_request_bypassers = local.pull_request_bypassers
 }
 
 
@@ -54,11 +58,32 @@ module "win_image_pipeline" {
   is_template = true
   force_name = true
   create_codeowners = false
-  enforce_prs = false
+  enforce_prs = true
   collaborators = merge(local.collaborators, { garri325 = "admin" })
   admin_teams = [github_team.team.name]
+  pull_request_bypassers = local.pull_request_bypassers
 }
 
+
+module "linux_image_pipeline" {
+  source                  = "git@github.e.it.census.gov:CSVD/terraform-github-repo"
+  #github_codeowners_team  = "CSVD"
+  github_repo_description = "Template repo for windows image pipelines"
+  repo_org                = "arnol377"
+  name                    = "linux-image-pipeline"
+  github_repo_topics = [
+    "terraform"
+  ]
+  is_template = true
+  force_name = true
+  create_codeowners = false
+  enforce_prs = true
+  collaborators = merge(local.collaborators, { garri325 = "admin" })
+  admin_teams = [github_team.team.name]
+  pull_request_bypassers = local.pull_request_bypassers
+}
+
+
 module "goss-testing" {
   source                  = "git@github.e.it.census.gov:CSVD/terraform-github-repo"
   #github_codeowners_team  = "CSVD"
@@ -71,9 +96,10 @@ module "goss-testing" {
   is_template = true
   force_name = true
   create_codeowners = false
-  enforce_prs = false
+  enforce_prs = true
   collaborators = local.collaborators
   admin_teams = [github_team.team.name]
+  pull_request_bypassers = local.pull_request_bypassers
 }
 
 # terraform-repos
@@ -91,6 +117,7 @@ module "automation-repos" {
   enforce_prs = false
   collaborators = local.collaborators
   admin_teams = [github_team.team.name]
+  pull_request_bypassers = local.pull_request_bypassers
 }
 
 # terraform-github-repo
@@ -108,6 +135,7 @@ module "terraform-github-repo" {
   create_codeowners = false
   collaborators = local.collaborators
   admin_teams = [github_team.team.name]
+  pull_request_bypassers = local.pull_request_bypassers
 }
 
 
@@ -128,6 +156,7 @@ module "elastic_beanstalk_java" {
   template_repo = "aws-beanstalk"
   template_repo_org = "CSVD"  
   admin_teams = [github_team.team.name]
+  pull_request_bypassers = local.pull_request_bypassers
 }
 
 module "elastic_beanstalk_php" {
@@ -147,6 +176,7 @@ module "elastic_beanstalk_php" {
   template_repo = "aws-beanstalk"
   template_repo_org = "CSVD"  
   admin_teams = [github_team.team.name]
+  pull_request_bypassers = local.pull_request_bypassers
 }
 
 module "elastic_beanstalk_nodejs" {
@@ -166,6 +196,7 @@ module "elastic_beanstalk_nodejs" {
   template_repo = "aws-beanstalk"
   template_repo_org = "CSVD"  
   admin_teams = [github_team.team.name]
+  pull_request_bypassers = local.pull_request_bypassers
 }
 
 
@@ -187,6 +218,7 @@ module "elastic_beanstalk_docker" {
   template_repo = "aws-beanstalk"
   template_repo_org = "CSVD"  
   admin_teams = [github_team.team.name]
+  pull_request_bypassers = local.pull_request_bypassers
 }
 
 
@@ -202,9 +234,10 @@ module "image_pipeline" {
   ]
   force_name = true
   create_codeowners = false
-  enforce_prs = false
+  enforce_prs = true
   collaborators = local.collaborators
   admin_teams = [github_team.team.name]
+  pull_request_bypassers = local.pull_request_bypassers
 }
 
 
@@ -223,6 +256,7 @@ module "beanstalk-demo" {
   is_template = true
   collaborators = local.collaborators
   admin_teams = [github_team.team.name]
+  pull_request_bypassers = local.pull_request_bypassers
 }
 
 module "image_pipeline_ansible_playbooks" {
@@ -236,14 +270,15 @@ module "image_pipeline_ansible_playbooks" {
   ]
   force_name = true
   create_codeowners = false
-  enforce_prs = false
+  enforce_prs = true
   collaborators = local.collaborators
   admin_teams = [github_team.team.name]
+  pull_request_bypassers = local.pull_request_bypassers
 }
 
 resource "aws_codecommit_repository" "image-pipeline-ansible-playbooks" {
-  repository_name = module.image_pipeline_ansible_playbooks.github_repo.name
-  description     = module.image_pipeline_ansible_playbooks.github_repo.description
+ repository_name = module.image_pipeline_ansible_playbooks.github_repo.name
+ description     = module.image_pipeline_ansible_playbooks.github_repo.description
 }
 
 
@@ -273,6 +308,7 @@ module "image-pipeline-playbook" {
   is_template = true
   collaborators = local.collaborators
   admin_teams = [github_team.team.name]
+  pull_request_bypassers = local.pull_request_bypassers
 }
  
 
@@ -290,6 +326,7 @@ module "windows-ami-build" {
   create_codeowners = false
   enforce_prs = false
   admin_teams = [github_team.team.name]
+  pull_request_bypassers = local.pull_request_bypassers
 }
 
 
@@ -297,6 +334,7 @@ module "windows-ami-build" {
 resource "aws_codecommit_repository" "goss-testing" {
   repository_name = "image-pipeline-goss-testing"
   description     = "Goss testing suite for ec2 images"
+   default_branch  = "main"
 }