From 7ca3d0b56e5d57970b8f9e55009d573791d92879 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Wed, 3 Jul 2024 10:10:32 -0700 Subject: [PATCH 01/10] Initial commit --- .gitignore | 34 ++++++++++++++++++++++++++++++++++ README.md | 2 ++ 2 files changed, 36 insertions(+) create mode 100644 .gitignore create mode 100644 README.md diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9b8a46e --- /dev/null +++ b/.gitignore @@ -0,0 +1,34 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc diff --git a/README.md b/README.md new file mode 100644 index 0000000..8f5d8f9 --- /dev/null +++ b/README.md @@ -0,0 +1,2 @@ +# terraform-github-repo +Terraform Module for managing github repos From 5ac31a51ea97cab4a39f76660a6dcf5e6b54259a Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Wed, 3 Jul 2024 11:04:44 -0700 Subject: [PATCH 02/10] Update collaborators.tf --- collaborators.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/collaborators.tf b/collaborators.tf index 2f51727..f403f85 100644 --- a/collaborators.tf +++ b/collaborators.tf @@ -4,9 +4,9 @@ resource "github_repository_collaborator" "collaborators" { repository = github_repository.repo.name username = each.key permission = each.value - lifecycle { - ignore_changes = [ - permission - ] - } +# lifecycle { +# ignore_changes = [ +# permission +# ] +# } } From 0c4725b3c8909e9521bff8625f3be4af73306407 Mon Sep 17 00:00:00 2001 From: David Arnold <10138997+djaboxx@users.noreply.github.com> Date: Wed, 4 Dec 2024 11:49:36 -0800 Subject: [PATCH 03/10] Update github_branch.tf --- github_branch.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github_branch.tf b/github_branch.tf index 642037a..cce7ccd 100644 --- a/github_branch.tf +++ b/github_branch.tf @@ -34,7 +34,7 @@ locals { # https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_protection resource "github_branch_protection" "main" { - count = var.enforce_prs ? 1 : 0 + count = var.enforce_prs && !var.github_is_private ? 1 : 0 enforce_admins = var.github_enforce_admins_branch_protection pattern = var.github_default_branch # push_restrictions = var.github_push_restrictions From 85aa6f47a5e158010fbec171580984ecacf2ba10 Mon Sep 17 00:00:00 2001 From: David Arnold <10138997+djaboxx@users.noreply.github.com> Date: Wed, 11 Dec 2024 12:53:14 -0800 Subject: [PATCH 04/10] Add README.md --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..3ccb028 --- /dev/null +++ b/README.md @@ -0,0 +1,10 @@ + + +[![Terraform Validation](https://github.com/HappyPathway/terraform-github-repo/actions/workflows/terraform.yaml/badge.svg)](https://github.com/HappyPathway/terraform-github-repo/actions/workflows/terraform.yaml) + + +[![Modtest Dev](https://github.com/HappyPathway/terraform-github-repo/actions/workflows/modtest-dev.yaml/badge.svg)](https://github.com/HappyPathway/terraform-github-repo/actions/workflows/modtest-dev.yaml) + + +{{ .Content }} + \ No newline at end of file From 600202670441272bf8c362804d8d0b690fe0c286 Mon Sep 17 00:00:00 2001 From: David Arnold <10138997+djaboxx@users.noreply.github.com> Date: Wed, 11 Dec 2024 12:53:17 -0800 Subject: [PATCH 05/10] Add .github/workflows/modtest-dev.yaml --- .github/workflows/modtest-dev.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 .github/workflows/modtest-dev.yaml diff --git a/.github/workflows/modtest-dev.yaml b/.github/workflows/modtest-dev.yaml new file mode 100644 index 0000000..c98e5f1 --- /dev/null +++ b/.github/workflows/modtest-dev.yaml @@ -0,0 +1,29 @@ +name: "ModTest: dev" + +on: + pull_request: + push: + branches: + - main + +jobs: + modtest: + if : ${{ github.event_name }} == "pull_request" + uses: HappyPathway/centralized-actions/.github/workflows/modtest.yml@main + with: + workspace: dev + workspace_repo: github-repos + workspace_branch: main + repo_clone_type: https + mod_source: repo/github + + github_server: ${{vars.GH_SERVER}} + github_org: ${{ github.repository_owner }} + branch: ${{ github.head_ref }} + terraform_version: ${{vars.TERRAFORM_VERSION}} + terraform_api_token_name: ${{ vars.TERRAFORM_API_TOKEN_NAME }} + terraform_api: ${{vars.TERRAFORM_API}} + + secrets: + TFE_TOKEN: ${{ secrets.TFE_TOKEN }} + GH_TOKEN: ${{ secrets.GH_TOKEN }} \ No newline at end of file From dacc9a0615c9a46305bb6fec320eeb21d1292b34 Mon Sep 17 00:00:00 2001 From: David Arnold <10138997+djaboxx@users.noreply.github.com> Date: Wed, 29 Jan 2025 12:57:14 -0800 Subject: [PATCH 06/10] Update .github/workflows/terraform.yaml --- .github/workflows/terraform.yaml | 84 -------------------------------- 1 file changed, 84 deletions(-) delete mode 100644 .github/workflows/terraform.yaml diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml deleted file mode 100644 index 0df3f90..0000000 --- a/.github/workflows/terraform.yaml +++ /dev/null @@ -1,84 +0,0 @@ -name: "Terraform Validate" - -on: - workflow_dispatch: - push: - branches: - - main - -env: - GITHUB_OWNER: ${{ vars.GH_ORG }} - GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} - GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} - TF_WORKSPACE: happypathway - TFE_TOKEN: ${{ secrets.TFE_TOKEN }} - -jobs: - setup-terraform: - outputs: - commit_sha: ${{ steps.checkout.outputs.commit }} - - runs-on: ubuntu-latest - steps: - - name: Checkout Code - uses: actions/checkout@v4 - id: checkout - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v3.1.2 - with: - terraform_version: ${{ vars.terraform_version }} - cli_config_credentials_token: ${{ secrets.TFE_TOKEN }} - cli_config_credentials_hostname: ${{ vars.terraform_api }} - - - name: terraform init - run: terraform init -upgrade - - - uses: actions/upload-artifact@master - name: Archive Configuration - if: github.ref == 'refs/heads/main' - with: - name: terraform_dir - path: .terraform - retention-days: 1 - include-hidden-files: true - - - uses: actions/upload-artifact@master - name: Archive Lockfile - if: github.ref == 'refs/heads/main' - with: - name: terraform_lockfile - path: .terraform.lock.hcl - retention-days: 1 - include-hidden-files: true - - terraform-validate: - needs: setup-terraform - uses: HappyPathway/centralized-actions/.github/workflows/terraform-test.yml@main - with: - terraform_version: ${{ vars.terraform_version }} - terraform_api: ${{ vars.terraform_api }} - github_username: ${{ github.actor }} - github_email: ${{ github.actor }}@roknsound.com - github_org: ${{ github.repository_owner }} - setup_terraform: true - terraform_init: false - cache: ${{ github.workspace }} - download_cache: true - commit_sha: ${{ needs.setup-terraform.outputs.commit_sha }} - secrets: - TFE_TOKEN: ${{ secrets.TFE_TOKEN }} - GH_TOKEN: ${{ secrets.GH_TOKEN }} - GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} - - gtag: - needs: terraform-validate - if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request' - uses: HappyPathway/centralized-actions/.github/workflows/gtag.yml@main - with: - patch: true - github_org: ${{ vars.GH_ORG }} - github_username: ${{ vars.GH_USERNAME }} - github_email: ${{ vars.GH_EMAIL }} - secrets: - GH_TOKEN: ${{ secrets.GH_TOKEN }} From fddbd2fcb298544aef0edd814cd7b08b3dd710bd Mon Sep 17 00:00:00 2001 From: David Arnold <10138997+djaboxx@users.noreply.github.com> Date: Wed, 29 Jan 2025 12:58:08 -0800 Subject: [PATCH 07/10] Add .github/workflows/terraform.yaml --- .github/workflows/terraform.yaml | 84 ++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 .github/workflows/terraform.yaml diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml new file mode 100644 index 0000000..0df3f90 --- /dev/null +++ b/.github/workflows/terraform.yaml @@ -0,0 +1,84 @@ +name: "Terraform Validate" + +on: + workflow_dispatch: + push: + branches: + - main + +env: + GITHUB_OWNER: ${{ vars.GH_ORG }} + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} + TF_WORKSPACE: happypathway + TFE_TOKEN: ${{ secrets.TFE_TOKEN }} + +jobs: + setup-terraform: + outputs: + commit_sha: ${{ steps.checkout.outputs.commit }} + + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v4 + id: checkout + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3.1.2 + with: + terraform_version: ${{ vars.terraform_version }} + cli_config_credentials_token: ${{ secrets.TFE_TOKEN }} + cli_config_credentials_hostname: ${{ vars.terraform_api }} + + - name: terraform init + run: terraform init -upgrade + + - uses: actions/upload-artifact@master + name: Archive Configuration + if: github.ref == 'refs/heads/main' + with: + name: terraform_dir + path: .terraform + retention-days: 1 + include-hidden-files: true + + - uses: actions/upload-artifact@master + name: Archive Lockfile + if: github.ref == 'refs/heads/main' + with: + name: terraform_lockfile + path: .terraform.lock.hcl + retention-days: 1 + include-hidden-files: true + + terraform-validate: + needs: setup-terraform + uses: HappyPathway/centralized-actions/.github/workflows/terraform-test.yml@main + with: + terraform_version: ${{ vars.terraform_version }} + terraform_api: ${{ vars.terraform_api }} + github_username: ${{ github.actor }} + github_email: ${{ github.actor }}@roknsound.com + github_org: ${{ github.repository_owner }} + setup_terraform: true + terraform_init: false + cache: ${{ github.workspace }} + download_cache: true + commit_sha: ${{ needs.setup-terraform.outputs.commit_sha }} + secrets: + TFE_TOKEN: ${{ secrets.TFE_TOKEN }} + GH_TOKEN: ${{ secrets.GH_TOKEN }} + GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} + + gtag: + needs: terraform-validate + if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request' + uses: HappyPathway/centralized-actions/.github/workflows/gtag.yml@main + with: + patch: true + github_org: ${{ vars.GH_ORG }} + github_username: ${{ vars.GH_USERNAME }} + github_email: ${{ vars.GH_EMAIL }} + secrets: + GH_TOKEN: ${{ secrets.GH_TOKEN }} From 0cefe5ee5e655fa0e8371a4bca4f737cb82cda00 Mon Sep 17 00:00:00 2001 From: David Arnold <10138997+djaboxx@users.noreply.github.com> Date: Wed, 29 Jan 2025 12:58:10 -0800 Subject: [PATCH 08/10] Add .github/workflows/terraform-doc.yaml --- .github/workflows/terraform-doc.yaml | 45 ++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 .github/workflows/terraform-doc.yaml diff --git a/.github/workflows/terraform-doc.yaml b/.github/workflows/terraform-doc.yaml new file mode 100644 index 0000000..aeb3272 --- /dev/null +++ b/.github/workflows/terraform-doc.yaml @@ -0,0 +1,45 @@ +name: "Terraform Doc" + +on: + pull_request: + +env: + GITHUB_OWNER: ${{ vars.GH_ORG }} + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} + TF_WORKSPACE: happypathway + TFE_TOKEN: ${{ secrets.TFE_TOKEN }} + +jobs: + tf-doc: + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v4 + id: checkout + with: + ref: ${{ github.event.pull_request.head.ref }} + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3.1.2 + with: + terraform_version: ${{ vars.terraform_version }} + cli_config_credentials_token: ${{ secrets.TFE_TOKEN }} + cli_config_credentials_hostname: ${{ vars.terraform_api }} + + - name: terraform init + run: terraform init -upgrade + + - name: Render terraform docs inside the README.md and push changes back to PR branch + uses: terraform-docs/gh-actions@v1.2.0 + with: + working-dir: . + output-file: README.md + output-method: inject + git-push: "true" + + # terraform-docs/gh-actions@v1.0.0 modifies .git files with owner root:root, and the following steps fail with + # insufficient permission for adding an object to repository database .git/objects + # since the expected user is runner:docker. See https://github.com/terraform-docs/gh-actions/issues/90 + - name: Fix .git owner + run: sudo chown runner:docker -R .git \ No newline at end of file From 85f8429b09325346493108da99049688f6f99fa4 Mon Sep 17 00:00:00 2001 From: David Arnold <10138997+djaboxx@users.noreply.github.com> Date: Fri, 14 Feb 2025 12:50:28 -0800 Subject: [PATCH 09/10] Update variables.tf --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 128c9f6..717a775 100644 --- a/variables.tf +++ b/variables.tf @@ -47,7 +47,7 @@ variable "github_has_projects" { default = true } variable "github_has_issues" { - default = false + default = true } variable "github_has_wiki" { default = true From cff8f42498f69dc402af0acbf599a4e5b581550a Mon Sep 17 00:00:00 2001 From: David Arnold <10138997+djaboxx@users.noreply.github.com> Date: Fri, 14 Feb 2025 13:06:07 -0800 Subject: [PATCH 10/10] Update github_repo.tf --- github_repo.tf | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/github_repo.tf b/github_repo.tf index c000836..e642209 100644 --- a/github_repo.tf +++ b/github_repo.tf @@ -22,13 +22,7 @@ resource "github_repository" "repo" { archived = var.archived homepage_url = var.homepage_url vulnerability_alerts = var.vulnerability_alerts - lifecycle { - ignore_changes = [ - has_issues, - has_projects, - has_wiki - ] - } + dynamic "template" { # A bogus map for a conditional block for_each = var.template_repo == null ? [] : ["*"]