-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathrvo.tf
126 lines (108 loc) · 3.24 KB
/
rvo.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
resource "github_repository" "rvo" {
name = "rvo"
description = "Work in Progress: RVO Design System based on the NL Design System architecture. Rijksdienst voor Ondernemend Nederland / rvo.nl"
allow_merge_commit = false
allow_rebase_merge = true
allow_squash_merge = true
allow_auto_merge = true
delete_branch_on_merge = true
has_issues = true
has_downloads = true
has_projects = false
has_wiki = false
vulnerability_alerts = true
homepage_url = "https://rvo.nl/roos/"
squash_merge_commit_title = "COMMIT_OR_PR_TITLE"
squash_merge_commit_message = "COMMIT_MESSAGES"
topics = ["nl-design-system"]
template {
include_all_branches = false
owner = "nl-design-system"
repository = "example"
}
pages {
source {
branch = "gh-pages"
path = "/"
}
}
lifecycle {
prevent_destroy = true
}
security_and_analysis {
secret_scanning {
status = "enabled"
}
secret_scanning_push_protection {
status = "enabled"
}
}
}
resource "github_branch_protection" "rvo-master" {
repository_id = github_repository.rvo.node_id
pattern = "master"
enforce_admins = false
allows_deletions = false
require_signed_commits = false
required_linear_history = true
require_conversation_resolution = false
allows_force_pushes = true
lock_branch = false
restrict_pushes {
blocks_creations = false
push_allowances = [
"/${data.github_user.nl-design-system-ci.username}",
"nl-design-system/${github_team.kernteam-maintainer.name}",
"nl-design-system/${github_team.rvo-committer.name}",
"nl-design-system/${github_team.rvo-maintainer.name}",
]
}
required_status_checks {
strict = false
contexts = []
}
required_pull_request_reviews {
# As agreed with the RVO team mainainer, no PR approvals are needed
required_approving_review_count = 0
dismiss_stale_reviews = true
restrict_dismissals = false
pull_request_bypassers = [
"/${data.github_user.nl-design-system-ci.username}",
]
}
}
resource "github_branch_protection" "rvo-gh-pages" {
repository_id = github_repository.rvo.node_id
pattern = "gh-pages"
enforce_admins = true
allows_deletions = false
required_linear_history = true
allows_force_pushes = false
}
resource "github_repository_collaborators" "rvo" {
repository = github_repository.rvo.name
team {
permission = "admin"
team_id = github_team.kernteam-admin.id
}
team {
permission = "maintain"
team_id = github_team.kernteam-maintainer.id
}
team {
permission = "push"
team_id = github_team.kernteam-committer.id
}
team {
permission = "triage"
team_id = github_team.kernteam-triage.id
}
team {
permission = "push"
team_id = github_team.rvo-committer.id
}
team {
permission = "maintain"
team_id = github_team.rvo-maintainer.id
}
}