|
1 | 1 | locals { |
2 | 2 | organization = terraform.workspace |
3 | | - config = yamldecode(file("${path.module}/../github/${local.organization}.yml")) |
4 | | - state = { |
5 | | - for resource in jsondecode(file("${path.module}/${local.organization}.tfstate.json")).values.root_module.resources : |
6 | | - "${resource.mode}.${resource.type}.${resource.name}.${resource.index}" => merge(resource.values, { "index" = resource.index }) |
7 | | - } |
8 | 3 | resource_types = [] |
9 | 4 | advanced_security = false |
10 | | - defaults = { |
11 | | - github_membership = { |
12 | | - username = null |
13 | | - role = null |
14 | | - } |
15 | | - github_repository = { |
16 | | - name = null |
17 | | - allow_auto_merge = null |
18 | | - allow_merge_commit = null |
19 | | - allow_rebase_merge = null |
20 | | - allow_squash_merge = null |
21 | | - allow_update_branch = null |
22 | | - archive_on_destroy = null |
23 | | - archived = null |
24 | | - auto_init = null |
25 | | - default_branch = null |
26 | | - delete_branch_on_merge = null |
27 | | - description = null |
28 | | - gitignore_template = null |
29 | | - has_discussions = null |
30 | | - has_downloads = null |
31 | | - has_issues = null |
32 | | - has_projects = null |
33 | | - has_wiki = null |
34 | | - homepage_url = null |
35 | | - ignore_vulnerability_alerts_during_read = null |
36 | | - is_template = null |
37 | | - license_template = null |
38 | | - merge_commit_message = null |
39 | | - merge_commit_title = null |
40 | | - squash_merge_commit_message = null |
41 | | - squash_merge_commit_title = null |
42 | | - topics = null |
43 | | - visibility = null |
44 | | - vulnerability_alerts = null |
45 | | - security_and_analysis = [] |
46 | | - pages = [] |
47 | | - template = [] |
48 | | - } |
49 | | - github_repository_collaborator = { |
50 | | - repository = null |
51 | | - username = null |
52 | | - permission = null |
53 | | - } |
54 | | - github_branch_protection = { |
55 | | - pattern = null |
56 | | - repository_id = null |
57 | | - allows_deletions = null |
58 | | - allows_force_pushes = null |
59 | | - blocks_creations = null |
60 | | - enforce_admins = null |
61 | | - lock_branch = null |
62 | | - push_restrictions = null |
63 | | - require_conversation_resolution = null |
64 | | - require_signed_commits = null |
65 | | - required_linear_history = null |
66 | | - required_pull_request_reviews = [] |
67 | | - required_status_checks = [] |
68 | | - } |
69 | | - github_team = { |
70 | | - name = null |
71 | | - description = null |
72 | | - parent_team_id = null |
73 | | - privacy = null |
74 | | - } |
75 | | - github_team_repository = { |
76 | | - repository = null |
77 | | - team_id = null |
78 | | - permission = null |
79 | | - } |
80 | | - github_team_membership = { |
81 | | - team_id = null |
82 | | - username = null |
83 | | - role = null |
84 | | - } |
85 | | - github_repository_file = { |
86 | | - repository = null |
87 | | - file = null |
88 | | - content = null |
89 | | - branch = null |
90 | | - overwrite_on_create = null |
91 | | - commit_author = null |
92 | | - commit_email = null |
93 | | - commit_message = null |
94 | | - } |
95 | | - github_issue_label = { |
96 | | - repository = null |
97 | | - name = null |
98 | | - color = null |
99 | | - description = null |
| 5 | + config = yamldecode(file("${path.module}/../github/${local.organization}.yml")) |
| 6 | + state = jsondecode(file("${path.module}/${local.organization}.tfstate.json")) |
| 7 | + resources = { |
| 8 | + "config" = { |
| 9 | + "github_membership" = { |
| 10 | + "this" = { |
| 11 | + for item in flatten([ |
| 12 | + for role, members in lookup(local.config, "members", {}) : [ |
| 13 | + for member in members : { |
| 14 | + username = member |
| 15 | + role = role |
| 16 | + } |
| 17 | + ] |
| 18 | + ]) : lower("${item.username}") => item... |
| 19 | + } |
| 20 | + } |
| 21 | + "github_repository" = { |
| 22 | + "this" = { |
| 23 | + for item in [ |
| 24 | + for repository, config in lookup(local.config, "repositories", {}): merge(config, { |
| 25 | + name = repository |
| 26 | + security_and_analysis = (try(config.visibility, "private") == "public" || local.advanced_security) ? [ |
| 27 | + { |
| 28 | + advanced_security = try(config.visibility, "private") == "public" || !local.advanced_security ? [] : [{ "status" : try(config.advanced_security, false) ? "enabled" : "disabled" }] |
| 29 | + secret_scanning = try(config.visibility, "private") != "public" ? [] : [{ "status" : try(config.secret_scanning, false) ? "enabled" : "disabled" }] |
| 30 | + secret_scanning_push_protection = try(config.visibility, "private") != "public" ? [] : [{ "status" : try(config.secret_scanning_push_protection, false) ? "enabled" : "disabled" }] |
| 31 | + }] : [] |
| 32 | + pages = try(config.pages, null) != null ? [ |
| 33 | + { |
| 34 | + cname = try(config.pages.cname, null) |
| 35 | + source = try(config.pages.source, null) == null ? [] : [ |
| 36 | + { |
| 37 | + branch = config.pages.source.branch |
| 38 | + path = try(config.pages.source.path, null) |
| 39 | + } |
| 40 | + ] |
| 41 | + }] : [] |
| 42 | + template = try([config.template], []) |
| 43 | + }) |
| 44 | + ] : lower("${item.name}") => item... |
| 45 | + } |
| 46 | + } |
| 47 | + "github_repository_collaborator" = { |
| 48 | + "this" = { |
| 49 | + for item in flatten([ |
| 50 | + for repository, config in lookup(local.config, "repositories", {}): flatten([ |
| 51 | + for permission, members in lookup(config, "collaborators", {}) : [ |
| 52 | + for member in members : { |
| 53 | + repository = repository |
| 54 | + username = member |
| 55 | + permission = permission |
| 56 | + } |
| 57 | + ] |
| 58 | + ]) |
| 59 | + ]): lower("${item.repository}:${item.username}") => item... |
| 60 | + } |
| 61 | + } |
| 62 | + "github_branch_protection" = { |
| 63 | + "this" = { |
| 64 | + for item in flatten([ |
| 65 | + for repository, config in lookup(local.config, "repositories", {}): [ |
| 66 | + for pattern, config in lookup(config, "branch_protection", {}) : merge(config, { |
| 67 | + pattern = pattern |
| 68 | + repository = repository |
| 69 | + required_pull_request_reviews = try([config.required_pull_request_reviews], []) |
| 70 | + required_status_checks = try([config.required_status_checks], []) |
| 71 | + }) |
| 72 | + ] |
| 73 | + ]): lower("${item.repository}:${item.username}") => item... |
| 74 | + } |
| 75 | + } |
| 76 | + "github_team" = { |
| 77 | + "this" = { |
| 78 | + for item in [for team, config in lookup(local.config, "teams", {}) : merge(config, { |
| 79 | + name = team |
| 80 | + })] : lower("${item.name}") => item... |
| 81 | + } |
| 82 | + } |
| 83 | + "github_team_repository" = { |
| 84 | + "this" = { |
| 85 | + for item in flatten([ |
| 86 | + for repository, config in lookup(local.config, "repositories", {}): flatten([ |
| 87 | + for permission, teams in lookup(config, "teams", {}) : [ |
| 88 | + for team in teams : { |
| 89 | + repository = repository |
| 90 | + team = team |
| 91 | + permission = permission |
| 92 | + } |
| 93 | + ] |
| 94 | + ]) |
| 95 | + ]): lower("${item.team}:${item.repository}") => item... |
| 96 | + } |
| 97 | + } |
| 98 | + "github_team_membership" = { |
| 99 | + "this" = { |
| 100 | + for item in flatten([ |
| 101 | + for team, config in lookup(local.config, "teams", {}): flatten([ |
| 102 | + for role, members in lookup(config, "members", {}) : [ |
| 103 | + for member in members : { |
| 104 | + team = team |
| 105 | + username = member |
| 106 | + role = role |
| 107 | + } |
| 108 | + ] |
| 109 | + ]) |
| 110 | + ]): lower("${item.repository}:${item.username}") => item... |
| 111 | + } |
| 112 | + } |
| 113 | + "github_repository_file" = { |
| 114 | + "this" = { |
| 115 | + for item in flatten([ |
| 116 | + for repository, config in lookup(local.config, "repositories", {}): [ |
| 117 | + for file, config in lookup(config, "files", {}) : merge(config, { |
| 118 | + repository = repository |
| 119 | + file = file |
| 120 | + content = try(file("${path.module}/../files/${config.content}"), config.content) |
| 121 | + }) |
| 122 | + ] |
| 123 | + ]): lower("${item.repository}/${item.path}") => item... |
| 124 | + } |
| 125 | + } |
| 126 | + "github_issue_label" = { |
| 127 | + "this" = { |
| 128 | + for item in flatten([ |
| 129 | + for repository, config in lookup(local.config, "repositories", {}): [ |
| 130 | + for label, config in lookup(config, "labels", {}) : merge(config, { |
| 131 | + repository = repository |
| 132 | + label = label |
| 133 | + }) |
| 134 | + ] |
| 135 | + ]): lower("${item.repository}:${item.label}") => item... |
| 136 | + } |
| 137 | + } |
100 | 138 | } |
| 139 | + "state" = { |
| 140 | + for mode, item in { |
| 141 | + for item in local.state.values.root_module.resources : item.mode => item... |
| 142 | + } : mode => { |
| 143 | + for type, item in { |
| 144 | + for item in item : item.type => item... |
| 145 | + } : type => { |
| 146 | + for name, item in { |
| 147 | + for item in item : item.name => item... |
| 148 | + } : name => { |
| 149 | + for index, item in { |
| 150 | + for item in item : item.index => item.values |
| 151 | + } : index => item |
| 152 | + } |
| 153 | + } |
| 154 | + } |
| 155 | + }.managed |
101 | 156 | } |
102 | 157 | } |
0 commit comments