Revise team structures.

Admins shouldn't be in the committers team. Their admin
permissions allow them all the same permissions as the
committers team. It allows repos to split notifications
a bit better. If a person wants to be in both, that can
be controlled in the variables file.

I attempted to clean up the comments a bit more with the
refactor. Some of the comments no longer made sense.

I reduced some of the code with a concat function call
which should help make the repo team definition a bit
easier to understand.

terraform/production/repositories.tfvars

@@ -3,7 +3,7 @@ repositories = {
   # Keep the following repositories in alphabetical order
 
   ".github" = {
-    description              = "A Special Repository."
+    description = "A Special Repository."
     enable_branch_protection = false
 
     topics = []
@@ -12,7 +12,7 @@ repositories = {
   }
 
   "controls" = {
-    description              = "The controls for managing Django Commons projects"
+    description = "The controls for managing Django Commons projects"
     enable_branch_protection = false
 
     topics = []
@@ -32,17 +32,20 @@ repositories = {
   "django-commons-playground" = {
     description = "A sample project to test things out"
     topics = []
+    # People with GitHub admin repo permissions
     admins = [
       "tim-schilling",
       "williln",
       "ryancheley",
       "Stormheg",
       "cunla",
     ]
+    # People with GitHub maintain repo permissions
     committers = [
       "priyapahwa",
     ]
-    members = [ # Add members with triage permissions
+    # People with GitHub triage repo permissions
+    members = [
     ]
   }
 }

terraform/resources-repo-admin-teams.tf

@@ -8,6 +8,7 @@ resource "github_team" "repo_admin_team" {
   privacy        = "closed"
 }
 
+# Add the people to the team
 resource "github_team_members" "repo_admin_members" {
   for_each = {for k, v in var.repositories : k => v if v.skip_team_creation == false}
 
@@ -17,13 +18,13 @@ resource "github_team_members" "repo_admin_members" {
     for_each = each.value.admins
 
     content {
-      # members here references the dynamic name, not the looped entity.
       username = members.value
-      role     = "maintainer"
+      role     = "member"
     }
   }
 }
 
+# Define the team's permissions for the repositories
 resource "github_team_repository" "repo_admin_team_access" {
   for_each   = {for k, v in var.repositories : k => v if v.skip_team_creation == false}
   repository = each.key

terraform/resources-repo-committer-teams.tf

@@ -8,31 +8,22 @@ resource "github_team" "repo_committer_team" {
   privacy        = "closed"
 }
 
+# Add the people to the team
 resource "github_team_members" "repo_committer_team_members" {
   for_each = {for k, v in var.repositories : k => v if v.skip_team_creation == false}
 
   team_id = github_team.repo_committer_team[each.key].id
 
-  dynamic "members" {
-    for_each = each.value.admins
-
-    content {
-      # members here references the dynamic name, not the looped entity.
-      username = members.value
-      role     = "maintainer"
-    }
-  }
-
   dynamic "members" {
     for_each = each.value.committers
 
     content {
-      # members here references the dynamic name, not the looped entity.
       username = members.value
       role     = "member"
     }
   }
 }
+# Define the team's permissions for the repositories
 resource "github_team_repository" "repo_committer_team_access" {
   for_each   = {for k, v in var.repositories : k => v if v.skip_team_creation == false}
   repository = each.key

terraform/resources-repo-teams.tf

@@ -6,35 +6,17 @@ resource "github_team" "repo_team" {
   description = "Main team for the ${each.key} repository"
   privacy     = "closed"
 }
+# Add the people to the team
 resource "github_team_members" "repo_team_members" {
   for_each = {for k, v in var.repositories : k => v if v.skip_team_creation == false}
 
   team_id = github_team.repo_team[each.key].id
 
-
-  dynamic "members" {
-    for_each = each.value.members
-
-    content {
-      # members here references the dynamic name, not the looped entity.
-      username = members.value
-      role     = "member"
-    }
-  }
-  dynamic "members" {
-    for_each = each.value.committers
-
-    content {
-      # members here references the dynamic name, not the looped entity.
-      username = members.value
-      role     = "member"
-    }
-  }
-
-  # Maintainer here means the maintainer role for the team.
-  # It's not a maintainer of the repo.
   dynamic "members" {
-    for_each = each.value.admins
+    # Add the admins and committers as members because this is the parent
+    # team for the organization. If the team is mentioned in a discussion,
+    # they too should be notified.
+    for_each = concat(each.value.members, each.value.committers, each.value.admins)
 
     content {
       # members here references the dynamic name, not the looped entity.
@@ -43,6 +25,7 @@ resource "github_team_members" "repo_team_members" {
     }
   }
 }
+# Define the team's permissions for the repositories
 resource "github_team_repository" "repo_team_access" {
   for_each   = {for k, v in var.repositories : k => v if v.skip_team_creation == false}
   repository = each.key

terraform/variables.tf

@@ -38,9 +38,9 @@ variable "repositories" {
     topics = optional(list(string))
     visibility = optional(string, "public")
     skip_team_creation = optional(bool, false) # Do not create teams for repository
-    admins = optional(set(string), []) # Members of the repository admin team and the committers team
-    committers = optional(set(string), []) # Members of the repository committers team
-    members = optional(set(string), []) # Members of the repository team with triage permissions
+    admins = optional(set(string), []) # Members of the repository admin and repository teams. Have admin permissions
+    committers = optional(set(string), []) # Members of the repository committers and repository teams. Have write permissions
+    members = optional(set(string), []) # Members of the repository team. Have triage permissions
   }))
 }