Skip to content

Commit

Permalink
Update resources.tf
Browse files Browse the repository at this point in the history
  • Loading branch information
@galargh
galargh authored Feb 15, 2024
1 parent 57d867b commit 791166a
Showing 1 changed file with 136 additions and 124 deletions.
260 changes: 136 additions & 124 deletions terraform/resources.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,10 @@ resource "github_membership" "this" {
resource "github_repository" "this" {
for_each = {
for repository, config in lookup(local.config, "repositories", {}) : lower(repository) =>
try(config.archived, false) ?
tomap(local.state["managed.github_repository.this.${repository}"]) :
tomap(merge(config, {
{
key = try(repository_config.archived, false) ? "state" : "config"
state = local.state["managed.github_repository.this.${repository}"]
config = merge(config, {
name = repository
security_and_analysis = (try(config.visibility, "private") == "public" || local.advanced_security) ? [
{
Expand All @@ -42,41 +43,42 @@ resource "github_repository" "this" {
}
]
template = try([config.template], [])
}))
})
}
}

name = each.value.name
allow_auto_merge = try(each.value.allow_auto_merge, null)
allow_merge_commit = try(each.value.allow_merge_commit, null)
allow_rebase_merge = try(each.value.allow_rebase_merge, null)
allow_squash_merge = try(each.value.allow_squash_merge, null)
allow_update_branch = try(each.value.allow_update_branch, null)
archive_on_destroy = try(each.value.archive_on_destroy, null)
archived = try(each.value.archived, null)
auto_init = try(each.value.auto_init, null)
default_branch = try(each.value.default_branch, null)
delete_branch_on_merge = try(each.value.delete_branch_on_merge, null)
description = try(each.value.description, null)
gitignore_template = try(each.value.gitignore_template, null)
has_discussions = try(each.value.has_discussions, null)
has_downloads = try(each.value.has_downloads, null)
has_issues = try(each.value.has_issues, null)
has_projects = try(each.value.has_projects, null)
has_wiki = try(each.value.has_wiki, null)
homepage_url = try(each.value.homepage_url, null)
ignore_vulnerability_alerts_during_read = try(each.value.ignore_vulnerability_alerts_during_read, null)
is_template = try(each.value.is_template, null)
license_template = try(each.value.license_template, null)
merge_commit_message = try(each.value.merge_commit_message, null)
merge_commit_title = try(each.value.merge_commit_title, null)
squash_merge_commit_message = try(each.value.squash_merge_commit_message, null)
squash_merge_commit_title = try(each.value.squash_merge_commit_title, null)
topics = try(each.value.topics, null)
visibility = try(each.value.visibility, null)
vulnerability_alerts = try(each.value.vulnerability_alerts, null)
name = each.value[each.value.key].name
allow_auto_merge = try(each.value[each.value.key].allow_auto_merge, null)
allow_merge_commit = try(each.value[each.value.key].allow_merge_commit, null)
allow_rebase_merge = try(each.value[each.value.key].allow_rebase_merge, null)
allow_squash_merge = try(each.value[each.value.key].allow_squash_merge, null)
allow_update_branch = try(each.value[each.value.key].allow_update_branch, null)
archive_on_destroy = try(each.value[each.value.key].archive_on_destroy, null)
archived = try(each.value[each.value.key].archived, null)
auto_init = try(each.value[each.value.key].auto_init, null)
default_branch = try(each.value[each.value.key].default_branch, null)
delete_branch_on_merge = try(each.value[each.value.key].delete_branch_on_merge, null)
description = try(each.value[each.value.key].description, null)
gitignore_template = try(each.value[each.value.key].gitignore_template, null)
has_discussions = try(each.value[each.value.key].has_discussions, null)
has_downloads = try(each.value[each.value.key].has_downloads, null)
has_issues = try(each.value[each.value.key].has_issues, null)
has_projects = try(each.value[each.value.key].has_projects, null)
has_wiki = try(each.value[each.value.key].has_wiki, null)
homepage_url = try(each.value[each.value.key].homepage_url, null)
ignore_vulnerability_alerts_during_read = try(each.value[each.value.key].ignore_vulnerability_alerts_during_read, null)
is_template = try(each.value[each.value.key].is_template, null)
license_template = try(each.value[each.value.key].license_template, null)
merge_commit_message = try(each.value[each.value.key].merge_commit_message, null)
merge_commit_title = try(each.value[each.value.key].merge_commit_title, null)
squash_merge_commit_message = try(each.value[each.value.key].squash_merge_commit_message, null)
squash_merge_commit_title = try(each.value[each.value.key].squash_merge_commit_title, null)
topics = try(each.value[each.value.key].topics, null)
visibility = try(each.value[each.value.key].visibility, null)
vulnerability_alerts = try(each.value[each.value.key].vulnerability_alerts, null)

dynamic "security_and_analysis" {
for_each = try(each.value.security_and_analysis, [])
for_each = try(each.value[each.value.key].security_and_analysis, [])

content {
dynamic "advanced_security" {
Expand All @@ -101,7 +103,7 @@ resource "github_repository" "this" {
}

dynamic "pages" {
for_each = try(each.value.pages, [])
for_each = try(each.value[each.value.key].pages, [])
content {
cname = try(pages.value["cname"], null)
dynamic "source" {
Expand All @@ -114,7 +116,7 @@ resource "github_repository" "this" {
}
}
dynamic "template" {
for_each = try(each.value.template, [])
for_each = try(each.value[each.value.key].template, [])
content {
owner = template.value["owner"]
repository = template.value["repository"]
Expand All @@ -130,13 +132,14 @@ resource "github_repository" "this" {
resource "github_repository_collaborator" "this" {
for_each = merge(flatten([
for repository, repository_config in lookup(local.config, "repositories", {}) :
try(repository_config.archived, false) ?
[
{
key = try(repository_config.archived, false) ? "state" : "config"
state = [
{
for address, resource in local.state : resource.index => resource if startswith(address, "managed.github_repository_collaborator.this.${repository}:")
}
] :
[
]
config = [
for permission, members in lookup(repository_config, "collaborators", {}) : {
for member in members : lower("${repository}:${member}") => {
repository = repository
Expand All @@ -145,13 +148,14 @@ resource "github_repository_collaborator" "this" {
}
}
]
}
])...)

depends_on = [github_repository.this]

repository = each.value.repository
username = each.value.username
permission = each.value.permission
repository = each.value[each.value.key].repository
username = each.value[each.value.key].username
permission = each.value[each.value.key].permission

lifecycle {
ignore_changes = []
Expand All @@ -161,34 +165,36 @@ resource "github_repository_collaborator" "this" {
resource "github_branch_protection" "this" {
for_each = merge([
for repository, repository_config in lookup(local.config, "repositories", {}) :
try(repository_config.archived, false) ?
{
for address, resource in local.state : resource.index => merge(resource, {
repository_key = split(":", resource.index)[0]
}) if startswith(address, "managed.github_branch_protection.this.${repository}:")
} :
{
for pattern, config in lookup(repository_config, "branch_protection", {}) : lower("${repository}:${pattern}") => merge(config, {
pattern = pattern
repository_key = lower(repository)
})
key = try(repository_config.archived, false) ? "state" : "config"
state = {
for address, resource in local.state : resource.index => merge(resource, {
repository_key = split(":", resource.index)[0]
}) if startswith(address, "managed.github_branch_protection.this.${repository}:")
}
config = {
for pattern, config in lookup(repository_config, "branch_protection", {}) : lower("${repository}:${pattern}") => merge(config, {
pattern = pattern
repository_key = lower(repository)
})
}
}
]...)

pattern = each.value.pattern
repository_id = github_repository.this[each.value.repository_key].node_id
allows_deletions = try(each.value.allows_deletions, null)
allows_force_pushes = try(each.value.allows_force_pushes, null)
blocks_creations = try(each.value.blocks_creations, null)
enforce_admins = try(each.value.enforce_admins, null)
lock_branch = try(each.value.lock_branch, null)
push_restrictions = try(each.value.push_restrictions, null)
require_conversation_resolution = try(each.value.require_conversation_resolution, null)
require_signed_commits = try(each.value.require_signed_commits, null)
required_linear_history = try(each.value.required_linear_history, null)
pattern = each.value[each.value.key].pattern
repository_id = github_repository.this[each.value[each.value.key].repository_key].node_id
allows_deletions = try(each.value[each.value.key].allows_deletions, null)
allows_force_pushes = try(each.value[each.value.key].allows_force_pushes, null)
blocks_creations = try(each.value[each.value.key].blocks_creations, null)
enforce_admins = try(each.value[each.value.key].enforce_admins, null)
lock_branch = try(each.value[each.value.key].lock_branch, null)
push_restrictions = try(each.value[each.value.key].push_restrictions, null)
require_conversation_resolution = try(each.value[each.value.key].require_conversation_resolution, null)
require_signed_commits = try(each.value[each.value.key].require_signed_commits, null)
required_linear_history = try(each.value[each.value.key].required_linear_history, null)

dynamic "required_pull_request_reviews" {
for_each = try([each.value.required_pull_request_reviews], [])
for_each = try([each.value[each.value.key].required_pull_request_reviews], [])
content {
dismiss_stale_reviews = try(required_pull_request_reviews.value["dismiss_stale_reviews"], null)
dismissal_restrictions = try(required_pull_request_reviews.value["dismissal_restrictions"], null)
Expand All @@ -199,7 +205,7 @@ resource "github_branch_protection" "this" {
}
}
dynamic "required_status_checks" {
for_each = try([each.value.required_status_checks], [])
for_each = try([each.value[each.value.key].required_status_checks], [])
content {
contexts = try(required_status_checks.value["contexts"], null)
strict = try(required_status_checks.value["strict"], null)
Expand Down Expand Up @@ -228,33 +234,35 @@ resource "github_team" "this" {
resource "github_team_repository" "this" {
for_each = merge(flatten([
for repository, repository_config in lookup(local.config, "repositories", {}) :
try(repository_config.archived, false) ?
[
{
for address, resource in local.state : resource.index => merge(resource, {
team_key = split(":", resource.index)[1]
}) if startswith(address, "managed.github_team_repository.this.${repository}:")
}
] :
[
for permission, teams in lookup(repository_config, "teams", {}) : {
for team in teams : lower("${team}:${repository}") => {
repository = repository
team_key = lower(team)
permission = permission
{
key = try(repository_config.archived, false) ? "state" : "config"
state = [
{
for address, resource in local.state : resource.index => merge(resource, {
team_key = split(":", resource.index)[1]
}) if startswith(address, "managed.github_team_repository.this.${repository}:")
}
}
]
]
config = [
for permission, teams in lookup(repository_config, "teams", {}) : {
for team in teams : lower("${team}:${repository}") => {
repository = repository
team_key = lower(team)
permission = permission
}
}
]
}
])...)

depends_on = [
github_repository.this
]

repository = each.value.repository
team_id = github_team.this[each.value.team_key].id
repository = each.value[each.value.key].repository
team_id = github_team.this[each.value[each.value.key].team_key].id

permission = try(each.value.permission, null)
permission = try(each.value[each.value.key].permission, null)

lifecycle {
ignore_changes = []
Expand Down Expand Up @@ -287,40 +295,42 @@ resource "github_team_membership" "this" {
resource "github_repository_file" "this" {
for_each = merge([
for repository, repository_config in lookup(local.config, "repositories", {}) :
try(repository_config.archived, false) ?
{
for address, resource in local.state : resource.index => merge(resource, {
repository_key = split("/", resource.index)[0]
}) if startswith(address, "managed.github_repository_file.this.${repository}:")
} :
{
for obj in [
for file, config in lookup(repository_config, "files", {}) : {
config = merge(config, {
repository = repository
file = file
repository_key = lower(repository)
content = try(file("${path.module}/../files/${config.content}"), config.content)
})
state = merge(try(local.state["managed.github_repository_file.this.${lower("${repository}/${file}")}"], {}), {
repository_key = lower(repository)
})
} if contains(keys(config), "content")
] : lower("${obj.config.repository}/${obj.config.file}") => try(obj.state.content, "") == obj.config.content ? obj.state : obj.config
key = try(repository_config.archived, false) ? "state" : "config"
state = {
for address, resource in local.state : resource.index => merge(resource, {
repository_key = split("/", resource.index)[0]
}) if startswith(address, "managed.github_repository_file.this.${repository}:")
}
config = {
for obj in [
for file, config in lookup(repository_config, "files", {}) : {
config = merge(config, {
repository = repository
file = file
repository_key = lower(repository)
content = try(file("${path.module}/../files/${config.content}"), config.content)
})
state = merge(try(local.state["managed.github_repository_file.this.${lower("${repository}/${file}")}"], {}), {
repository_key = lower(repository)
})
} if contains(keys(config), "content")
] : lower("${obj.config.repository}/${obj.config.file}") => try(obj.state.content, "") == obj.config.content ? obj.state : obj.config
}
}
]...)

repository = each.value.repository
file = each.value.file
content = each.value.content
repository = each.value[each.value.key].repository
file = each.value[each.value.key].file
content = each.value[each.value.key].content
# Since 5.25.0 the branch attribute defaults to the default branch of the repository
# branch = try(each.value.branch, null)
branch = try(each.value.branch, github_repository.this[each.value.repository_key].default_branch)
overwrite_on_create = try(each.value.overwrite_on_create, true)
branch = try(each.value[each.value.key].branch, github_repository.this[each.value[each.value.key].repository_key].default_branch)
overwrite_on_create = try(each.value[each.value.key].overwrite_on_create, true)
# Keep the defaults from 4.x
commit_author = try(each.value.commit_author, "GitHub")
commit_email = try(each.value.commit_email, "noreply@github.com")
commit_message = try(each.value.commit_message, "chore: Update ${each.value.file} [skip ci]")
commit_author = try(each.value[each.value.key].commit_author, "GitHub")
commit_email = try(each.value[each.value.key].commit_email, "noreply@github.com")
commit_message = try(each.value[each.value.key].commit_message, "chore: Update ${each.value[each.value.key].file} [skip ci]")

lifecycle {
ignore_changes = []
Expand All @@ -330,24 +340,26 @@ resource "github_repository_file" "this" {
resource "github_issue_label" "this" {
for_each = merge([
for repository, repository_config in lookup(local.config, "repositories", {}) :
try(repository_config.archived, false) ?
{
for address, resource in local.state : resource.index => resource if startswith(address, "managed.github_issue_label.this.${repository}:")
} :
{
for label, config in lookup(repository_config, "labels", {}) : lower("${repository}:${label}") => merge(config, {
repository = repository
label = label
})
key = try(repository_config.archived, false) ? "state" : "config"
state = {
for address, resource in local.state : resource.index => resource if startswith(address, "managed.github_issue_label.this.${repository}:")
}
config = {
for label, config in lookup(repository_config, "labels", {}) : lower("${repository}:${label}") => merge(config, {
repository = repository
label = label
})
}
}
]...)

depends_on = [github_repository.this]

repository = each.value.repository
name = each.value.label
color = try(each.value.color, null)
description = try(each.value.description, null)
repository = each.value[each.value.key].repository
name = each.value[each.value.key].label
color = try(each.value[each.value.key].color, null)
description = try(each.value[each.value.key].description, null)

lifecycle {
ignore_changes = []
Expand Down

0 comments on commit 791166a

Please sign in to comment.