Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BREAKING: remove v3 and deprecations #168

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
wip removing v3 branch protections and all deprecated variables
kevcube committed May 16, 2024
commit 3e67feda50ce3429d8d19ffa9a2c16f516a2ddb4
2 changes: 1 addition & 1 deletion examples/public-repository/README.md
Original file line number Diff line number Diff line change
@@ -62,7 +62,7 @@ module "repository" {

required_status_checks = {
strict = true
contexts = ["ci/travis"]
checks = ["ci/travis"]
}

required_pull_request_reviews = {
2 changes: 1 addition & 1 deletion examples/public-repository/main.tf
Original file line number Diff line number Diff line change
@@ -56,7 +56,7 @@ module "repository" {

required_status_checks = {
strict = true
contexts = ["ci/travis"]
checks = ["ci/travis"]
}

required_pull_request_reviews = {
14 changes: 7 additions & 7 deletions secrets.tf
Original file line number Diff line number Diff line change
@@ -2,18 +2,18 @@
# Action Secrets
# ---------------------------------------------------------------------------------------------------------------------

locals {
plaintext_secrets = { for name, value in var.plaintext_secrets : name => { plaintext = value } }
encrypted_secrets = { for name, value in var.encrypted_secrets : name => { encrypted = value } }
resource "github_actions_secret" "plaintext_repository_secret" {
for_each = var.plaintext_secrets

secrets = merge(local.plaintext_secrets, local.encrypted_secrets)
repository = github_repository.repository.name
secret_name = each.key
plaintext_value = each.value
}

resource "github_actions_secret" "repository_secret" {
for_each = local.secrets
for_each = var.encrypted_secrets

repository = github_repository.repository.name
secret_name = each.key
plaintext_value = try(each.value.plaintext, null)
encrypted_value = try(each.value.encrypted, null)
encrypted_value = each.value.encrypted
}
16 changes: 9 additions & 7 deletions test/unit-complete/main.tf
Original file line number Diff line number Diff line change
@@ -48,6 +48,7 @@ module "repository" {
license_template = var.license_template
archived = false
topics = var.topics
archive_on_destroy = false

branches = [
{
@@ -58,7 +59,7 @@ module "repository" {
},
]

admin_collaborators = ["terraform-test-user-1"]
admin_collaborators = ["kevcube"]

admin_team_ids = [
github_team.team.id
@@ -118,8 +119,8 @@ module "repository" {
require_signed_commits = true

required_status_checks = {
strict = true
contexts = ["ci/travis"]
strict = true
checks = ["ci/travis"]
}

required_pull_request_reviews = {
@@ -169,10 +170,11 @@ module "repository" {
module "repository-with-defaults" {
source = "../.."

name = var.repository_with_defaults_name
description = var.repository_with_defaults_description
defaults = var.repository_defaults
default_branch = "development"
name = var.repository_with_defaults_name
description = var.repository_with_defaults_description
defaults = var.repository_defaults
default_branch = "development"
archive_on_destroy = false

branches = [
{ name = "development" },
6 changes: 4 additions & 2 deletions test/unit-complete/provider.tf
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
provider "github" {}
provider "github" {
owner = "kbc-trading"
}

terraform {
required_version = "~> 1.0"
@@ -11,7 +13,7 @@ terraform {
}
tls = {
source = "hashicorp/tls"
version = "~> 2.1"
version = "~> 4"
}
}
}
2 changes: 1 addition & 1 deletion test/unit-complete/variables.tf
Original file line number Diff line number Diff line change
@@ -146,7 +146,7 @@ variable "team_description" {
variable "team_user" {
description = "The user that should be added to the created team."
type = string
default = "terraform-test-user"
default = "kevcube"
}

variable "repository_defaults" {
184 changes: 54 additions & 130 deletions variables.tf
Original file line number Diff line number Diff line change
@@ -15,25 +15,17 @@ variable "name" {

variable "branches" {
description = "(Optional) A list of branches to be created in this repository."
type = any
# type = list(object({
# name = string
# source_branch = optional(string)
# source_sha = optional(string)
# }))
default = []
}

variable "defaults" {
description = "(Deprecated) DEPRECATED. Please convert defaults to Terraform Module for_each"
type = any
default = {}
type = map(object({
source_branch = optional(string)
source_sha = optional(string)
}))
default = {}
}

variable "description" {
description = "(Optional) A description of the repository."
type = string
default = ""
default = null
}

variable "homepage_url" {
@@ -42,14 +34,8 @@ variable "homepage_url" {
default = null
}

variable "private" {
description = "(Optional) (DEPRECATED: use visibility)"
type = bool
default = null
}

variable "visibility" {
description = "(Optional) Can be 'public', 'private' or 'internal' (GHE only).The visibility parameter overrides the private parameter. Defaults to 'private' if neither private nor visibility are set, default to state of private parameter if it is set."
description = "(Optional) Can be 'public', 'private' or 'internal' (GHE only). The visibility parameter overrides the private parameter. Defaults to 'private' if neither private nor visibility are set, default to state of private parameter if it is set."
type = string
default = null
}
@@ -102,12 +88,6 @@ variable "delete_branch_on_merge" {
default = null
}

variable "has_downloads" {
description = "(Optional) Set to true to enable the (deprecated) downloads features on the repository. (Default: false)"
type = bool
default = null
}

variable "auto_init" {
description = "(Optional) Wether or not to produce an initial commit in the repository. (Default: true)"
type = bool
@@ -116,12 +96,15 @@ variable "auto_init" {

variable "pages" {
description = "(Optional) The repository's GitHub Pages configuration. (Default: {})"
# type = object({
# branch = string
# path = string
# cname = string
# })
type = any
type = object({
source = optional(object({
branch = string
path = optional(string)
}), null)
build_type = optional(string) # Can be `legacy` or `workflow`
cname = optional(string) # Can only be set after repository is created
})

default = null
}

@@ -144,7 +127,7 @@ variable "license_template" {
}

variable "default_branch" {
description = "(Optional) The name of the default branch of the repository. NOTE: This can only be set after a repository has already been created, and after a correct reference has been created for the target branch inside the repository. This means a user will have to omit this parameter from the initial repository creation and create the target branch inside of the repository prior to setting this attribute."
description = "(Optional) The name of the default branch of the repository."
type = string
default = null
}
@@ -194,8 +177,9 @@ variable "extra_topics" {
variable "template" {
description = "(Optional) Template repository to use. (Default: {})"
type = object({
owner = string
repository = string
owner = string
repository = string
include_all_branches = optional(bool, false)
})
default = null
}
@@ -290,110 +274,50 @@ variable "maintain_teams" {
default = []
}

variable "branch_protections_v3" {
description = "(Optional) A list of branch protections to apply to the repository. Default is [] unless branch_protections is set."
type = any

# We can't use a detailed type specification due to a terraform limitation. However, this might be changed in a future
# Terraform version. See https://github.com/hashicorp/terraform/issues/19898 and https://github.com/hashicorp/terraform/issues/22449
#
# type = list(object({
# branch = string
# enforce_admins = bool
# require_signed_commits = bool
# required_status_checks = object({
# strict = bool
# contexts = list(string)
# })
# required_pull_request_reviews = object({
# dismiss_stale_reviews = bool
# dismissal_users = list(string)
# dismissal_teams = list(string)
# require_code_owner_reviews = bool
# required_approving_review_count = number
# })
# restrictions = object({
# users = list(string)
# teams = list(string)
# })
# }))

default = []

# Example:
# branch_protections = [
# {
# branch = "main"
# enforce_admins = true
# require_signed_commits = true
#
# required_status_checks = {
# strict = false
# contexts = ["ci/travis"]
# }
#
# required_pull_request_reviews = {
# dismiss_stale_reviews = true
# dismissal_users = ["user1", "user2"]
# dismissal_teams = ["team-slug-1", "team-slug-2"]
# require_code_owner_reviews = true
# required_approving_review_count = 1
# }
#
# restrictions = {
# users = ["user1"]
# teams = ["team-slug-1"]
# }
# }
# ]
}

variable "branch_protections_v4" {
description = "(Optional) A list of v4 branch protections to apply to the repository. Default is []."
type = any
# type = list(
# object(
# {
# pattern = string
# allows_deletions = optional(bool, false)
# allows_force_pushes = optional(bool, false)
# blocks_creations = optional(bool, false)
# enforce_admins = optional(bool, false)
# push_restrictions = optional(list(string), [])
# require_conversation_resolution = optional(bool, false)
# require_signed_commits = optional(bool, false)
# required_linear_history = optional(bool, false)
# required_pull_request_reviews = optional(object(
# {
# dismiss_stale_reviews = optional(bool, false)
# dismissal_restrictions = optional(list(string), [])
# pull_request_bypassers = optional(list(string), [])
# require_code_owner_reviews = optional(bool, false)
# required_approving_review_count = optional(number, 0)
# }
# ))
# required_status_checks = optional(object(
# {
# strict = optional(bool, false)
# contexts = optional(list(string), [])
# }
# ))
# }
# )
# )
default = []
variable "branch_protections" {
description = "(Optional) A list of v4 branch protections to apply to the repository. A map of `pattern` to branch protection config."
type = map(
object(
{
allows_deletions = optional(bool, false)
allows_force_pushes = optional(bool, false)
blocks_creations = optional(bool, false)
enforce_admins = optional(bool, false)
push_restrictions = optional(list(string), [])
require_conversation_resolution = optional(bool, false)
require_signed_commits = optional(bool, false)
required_linear_history = optional(bool, false)
required_pull_request_reviews = optional(object(
{
dismiss_stale_reviews = optional(bool, false)
dismissal_restrictions = optional(list(string), [])
pull_request_bypassers = optional(list(string), [])
require_code_owner_reviews = optional(bool, false)
required_approving_review_count = optional(number, 0)
}
))
required_status_checks = optional(object(
{
strict = optional(bool, false)
checks = optional(list(string), [])
}
))
}
)
)
default = {}

validation {
condition = alltrue(
[
for cfg in var.branch_protections_v4 : try(
for cfg in var.branch_protections : try(
cfg.required_pull_request_reviews.required_approving_review_count >= 0
&& cfg.required_pull_request_reviews.required_approving_review_count <= 6,
true
)
]
)
error_message = "The value for branch_protections_v4.required_pull_request_reviews.required_approving_review_count must be between 0 and 6, inclusively."
error_message = "The value for branch_protections.required_pull_request_reviews.required_approving_review_count must be between 0 and 6, inclusively."
}
}