From 1a4ac488326b1d75cf0bf2679275f22ccd6ffea7 Mon Sep 17 00:00:00 2001
From: Dave Arnold <dave@roknsound.com>
Date: Tue, 1 Apr 2025 11:46:09 -0700
Subject: [PATCH] feat: implement GitHub deploy keys generation and add output
 for generated keys

---
 github_deploy_keys.tf | 23 ++++++++++++++++++-----
 outputs.tf            |  9 +++++++++
 variables.tf          |  6 +++++-
 3 files changed, 32 insertions(+), 6 deletions(-)

diff --git a/github_deploy_keys.tf b/github_deploy_keys.tf
index 76b7aa3..a8fed24 100644
--- a/github_deploy_keys.tf
+++ b/github_deploy_keys.tf
@@ -1,14 +1,27 @@
-// This file implements GitHub Deploy Keys functionality for the repository
+// Generate SSH keys when create is true
+resource "tls_private_key" "deploy_key" {
+  for_each = {
+    for k, v in var.deploy_keys : k => v
+    if v.create == true
+  }
+  
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
 
+// Create GitHub deploy keys for all entries
 resource "github_repository_deploy_key" "deploy_key" {
-  for_each = { for k, v in var.deploy_keys : k => v }
+  for_each = {
+    for k, v in var.deploy_keys : k => v
+  }
 
   title      = each.value.title
   repository = local.github_repo.name
-  key        = each.value.key
+  key        = each.value.create ? tls_private_key.deploy_key[each.key].public_key_openssh : each.value.key
   read_only  = each.value.read_only
 
   depends_on = [
-    github_repository.repo
+    github_repository.repo,
+    data.github_repository.existing
   ]
-}
\ No newline at end of file
+}
diff --git a/outputs.tf b/outputs.tf
index 5afc19d..78c4f3d 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -57,3 +57,12 @@ output "template" {
   description = "Template repository this repository was created from"
   value       = local.github_repo.template
 }
+
+
+output "generated_deploy_keys" {
+  description = "Generated private keys for deploy keys with create=true"
+  value = {
+    for k, v in tls_private_key.deploy_key : k => v.private_key_pem
+  }
+  sensitive = true
+}
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 21c9187..47e5469 100644
--- a/variables.tf
+++ b/variables.tf
@@ -413,8 +413,12 @@ variable "deploy_keys" {
   description = "List of SSH deploy keys to add to the repository"
   type = list(object({
     title     = string
-    key       = string
+    key       = optional(string, "")
+    # The key is optional because it can be generated
+    # by the module itself if create is set to true
+    # and the key is not provided
     read_only = optional(bool, true)
+    create = optional(bool, false)
   }))
   default = []
 }