diff --git a/.github/workflows/modtest-dev.yaml b/.github/workflows/modtest-dev.yaml new file mode 100644 index 0000000..c98e5f1 --- /dev/null +++ b/.github/workflows/modtest-dev.yaml @@ -0,0 +1,29 @@ +name: "ModTest: dev" + +on: + pull_request: + push: + branches: + - main + +jobs: + modtest: + if : ${{ github.event_name }} == "pull_request" + uses: HappyPathway/centralized-actions/.github/workflows/modtest.yml@main + with: + workspace: dev + workspace_repo: github-repos + workspace_branch: main + repo_clone_type: https + mod_source: repo/github + + github_server: ${{vars.GH_SERVER}} + github_org: ${{ github.repository_owner }} + branch: ${{ github.head_ref }} + terraform_version: ${{vars.TERRAFORM_VERSION}} + terraform_api_token_name: ${{ vars.TERRAFORM_API_TOKEN_NAME }} + terraform_api: ${{vars.TERRAFORM_API}} + + secrets: + TFE_TOKEN: ${{ secrets.TFE_TOKEN }} + GH_TOKEN: ${{ secrets.GH_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/terraform-doc.yaml b/.github/workflows/terraform-doc.yaml new file mode 100644 index 0000000..aeb3272 --- /dev/null +++ b/.github/workflows/terraform-doc.yaml @@ -0,0 +1,45 @@ +name: "Terraform Doc" + +on: + pull_request: + +env: + GITHUB_OWNER: ${{ vars.GH_ORG }} + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} + TF_WORKSPACE: happypathway + TFE_TOKEN: ${{ secrets.TFE_TOKEN }} + +jobs: + tf-doc: + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v4 + id: checkout + with: + ref: ${{ github.event.pull_request.head.ref }} + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3.1.2 + with: + terraform_version: ${{ vars.terraform_version }} + cli_config_credentials_token: ${{ secrets.TFE_TOKEN }} + cli_config_credentials_hostname: ${{ vars.terraform_api }} + + - name: terraform init + run: terraform init -upgrade + + - name: Render terraform docs inside the README.md and push changes back to PR branch + uses: terraform-docs/gh-actions@v1.2.0 + with: + working-dir: . + output-file: README.md + output-method: inject + git-push: "true" + + # terraform-docs/gh-actions@v1.0.0 modifies .git files with owner root:root, and the following steps fail with + # insufficient permission for adding an object to repository database .git/objects + # since the expected user is runner:docker. See https://github.com/terraform-docs/gh-actions/issues/90 + - name: Fix .git owner + run: sudo chown runner:docker -R .git \ No newline at end of file diff --git a/README.md b/README.md index 2ab323e..d2d1411 100644 --- a/README.md +++ b/README.md @@ -45,43 +45,6 @@ module "repository" { } ``` -## Requirements - -| Name | Version | -|------|---------| -| terraform | >= 1.0.0 | -| github | >= 5.0.0 | - -## Providers - -| Name | Version | -|------|---------| -| github | >= 5.0.0 | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| name | Repository name | `string` | n/a | yes | -| repo_org | GitHub organization name | `string` | n/a | yes | -| force_name | Force the repository name | `bool` | `false` | no | -| github_repo_description | Repository description | `string` | `""` | no | -| github_repo_topics | Repository topics | `list(string)` | `[]` | no | -| github_is_private | Private repository flag | `bool` | `true` | no | -| github_has_issues | Enable issues | `bool` | `true` | no | -| github_has_projects | Enable projects | `bool` | `false` | no | -| github_has_wiki | Enable wiki | `bool` | `false` | no | -| vulnerability_alerts | Enable vulnerability alerts | `bool` | `true` | no | -| gitignore_template | GitIgnore template name | `string` | `null` | no | -| managed_extra_files | Map of files to manage in the repository | `map(object({ content = string, overwrite = bool }))` | `{}` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| github_repo | The complete GitHub repository object | -| repo_full_name | The full name of the repository (org/name) | - ## Examples ### Basic Repository @@ -154,4 +117,14 @@ terraform test ## License -MIT License - see [LICENSE](LICENSE) for details \ No newline at end of file +MIT License - see [LICENSE](LICENSE) for details + + +[![Terraform Validation](https://github.com/HappyPathway/terraform-github-repo/actions/workflows/terraform.yaml/badge.svg)](https://github.com/HappyPathway/terraform-github-repo/actions/workflows/terraform.yaml) + + +[![Modtest Dev](https://github.com/HappyPathway/terraform-github-repo/actions/workflows/modtest-dev.yaml/badge.svg)](https://github.com/HappyPathway/terraform-github-repo/actions/workflows/modtest-dev.yaml) + + +{{ .Content }} + diff --git a/github_branch.tf b/github_branch.tf index 642037a..cce7ccd 100644 --- a/github_branch.tf +++ b/github_branch.tf @@ -34,7 +34,7 @@ locals { # https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_protection resource "github_branch_protection" "main" { - count = var.enforce_prs ? 1 : 0 + count = var.enforce_prs && !var.github_is_private ? 1 : 0 enforce_admins = var.github_enforce_admins_branch_protection pattern = var.github_default_branch # push_restrictions = var.github_push_restrictions diff --git a/github_repo.tf b/github_repo.tf index c000836..e642209 100644 --- a/github_repo.tf +++ b/github_repo.tf @@ -22,13 +22,7 @@ resource "github_repository" "repo" { archived = var.archived homepage_url = var.homepage_url vulnerability_alerts = var.vulnerability_alerts - lifecycle { - ignore_changes = [ - has_issues, - has_projects, - has_wiki - ] - } + dynamic "template" { # A bogus map for a conditional block for_each = var.template_repo == null ? [] : ["*"] diff --git a/variables.tf b/variables.tf index 128c9f6..717a775 100644 --- a/variables.tf +++ b/variables.tf @@ -47,7 +47,7 @@ variable "github_has_projects" { default = true } variable "github_has_issues" { - default = false + default = true } variable "github_has_wiki" { default = true