merging

.github/workflows/modtest-dev.yaml

@@ -2,6 +2,9 @@ name: "ModTest: dev"
 
 on:
   pull_request:
+  push:
+    branches:
+      - main
 
 jobs:
   modtest:

.github/workflows/terraform.yaml

@@ -1,33 +1,84 @@
-name: "Gtag"
+name: "Terraform Validate"
 
 on:
   workflow_dispatch:
-  pull_request:
   push:
     branches:
       - main
-
+
+env:
+  GITHUB_OWNER: ${{ vars.GH_ORG }}
+  GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+  GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}
+  TF_WORKSPACE: happypathway
+  TFE_TOKEN: ${{ secrets.TFE_TOKEN }}
+
 jobs:
-  terraform:
+  setup-terraform:
+    outputs:
+      commit_sha: ${{ steps.checkout.outputs.commit }}
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        id: checkout
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3.1.2
+        with:
+          terraform_version: ${{ vars.terraform_version }}
+          cli_config_credentials_token: ${{ secrets.TFE_TOKEN }}
+          cli_config_credentials_hostname: ${{ vars.terraform_api }}
+
+      - name: terraform init
+        run: terraform init -upgrade
+
+      - uses: actions/upload-artifact@master
+        name: Archive Configuration
+        if: github.ref == 'refs/heads/main'
+        with:
+          name: terraform_dir
+          path: .terraform
+          retention-days: 1
+          include-hidden-files: true
+
+      - uses: actions/upload-artifact@master
+        name: Archive Lockfile
+        if: github.ref == 'refs/heads/main'
+        with:
+          name: terraform_lockfile
+          path: .terraform.lock.hcl
+          retention-days: 1
+          include-hidden-files: true
+
+  terraform-validate:
+    needs: setup-terraform
     uses: HappyPathway/centralized-actions/.github/workflows/terraform-test.yml@main
     with:
-      terraform_version: ${{vars.TERRAFORM_VERSION}}
-      terraform_api: ${{vars.TERRAFORM_API}}
-      github_username: ${{vars.GH_USERNAME}}
-      github_email: ${{vars.GH_EMAIL}}
-      github_org: ${{ vars.GH_ORG }}
+      terraform_version: ${{ vars.terraform_version }}
+      terraform_api: ${{ vars.terraform_api }}
+      github_username: ${{ github.actor }}
+      github_email: ${{ github.actor }}@roknsound.com
+      github_org: ${{ github.repository_owner }}
+      setup_terraform: true
+      terraform_init: false
+      cache: ${{ github.workspace }}
+      download_cache: true
+      commit_sha: ${{ needs.setup-terraform.outputs.commit_sha }}
     secrets:
       TFE_TOKEN: ${{ secrets.TFE_TOKEN }}
       GH_TOKEN: ${{ secrets.GH_TOKEN }}
-
+      GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}
+
   gtag:
-    if: ${{ github.event_name }} != "pull_request"
-    needs: terraform
+    needs: terraform-validate
+    if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request'
     uses: HappyPathway/centralized-actions/.github/workflows/gtag.yml@main
     with:
       patch: true
       github_org: ${{ vars.GH_ORG }}
       github_username: ${{ vars.GH_USERNAME }}
       github_email: ${{ vars.GH_EMAIL }}
     secrets:
-      GH_TOKEN: ${{ secrets.GH_TOKEN }}
+      GH_TOKEN: ${{ secrets.GH_TOKEN }}

collaborators.tf

@@ -4,9 +4,7 @@ resource "github_repository_collaborator" "collaborators" {
   repository = github_repository.repo.name
   username   = each.key
   permission = each.value
-  lifecycle {
-    ignore_changes = [
-      permission
-    ]
-  }
+  depends_on = [
+    github_repository.repo
+  ]
 }

github_repo.tf

@@ -17,9 +17,10 @@ resource "github_repository" "repo" {
   has_issues             = var.github_has_issues
   has_wiki               = var.github_has_wiki
   topics                 = var.github_repo_topics
-  gitignore_template     = "Terraform"
+  gitignore_template     = var.gitignore_template
   is_template            = var.is_template
   archived               = var.archived
+  homepage_url           = var.homepage_url
   vulnerability_alerts   = var.vulnerability_alerts
   lifecycle {
     ignore_changes = [

github_team_access.tf

@@ -24,4 +24,7 @@ resource "github_team_repository" "admin" {
       team_id
     ]
   }
-}
+  depends_on = [
+    github_repository.repo
+  ]
+}

variables.tf

@@ -203,3 +203,35 @@ variable "vulnerability_alerts" {
   type    = bool
   default = false
 }
+
+variable gitignore_template {
+  default = null
+}
+
+variable homepage_url {
+  default = null
+}
+
+variable security_and_analysis {
+  description = <<EOT
+  Security and Analysis Configuration
+The security_and_analysis block supports the following:
+
+advanced_security - (Optional) The advanced security configuration for the repository. See Advanced Security Configuration below for details. If a repository's visibility is public, advanced security is always enabled and cannot be changed, so this setting cannot be supplied.
+
+secret_scanning - (Optional) The secret scanning configuration for the repository. See Secret Scanning Configuration below for details.
+
+secret_scanning_push_protection - (Optional) The secret scanning push protection configuration for the repository. See Secret Scanning Push Protection Configuration below for details.
+EOT
+  type = object({
+    advanced_security = optional(object({
+      status = string
+    }, { status = "disabled" })
+    secret_scanning = optional(object({
+      status = string
+    }, { status = "disabled" })
+    secret_scanning_push_protection = optional(object({
+      status = string
+    }, { status = "disabled" })
+  })
+}

versions.tf

@@ -2,7 +2,6 @@ terraform {
   required_providers {
     github = {
       source  = "integrations/github"
-      version = ">= 6.2.2"
     }
   }
 }