upd example

mineiros-io · May 16, 2024 · 06045c4 · 06045c4
1 parent 3e67fed
commit 06045c4
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 38 deletions.
diff --git a/examples/public-repository/main.tf b/examples/public-repository/main.tf
@@ -6,8 +6,7 @@
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 module "repository" {
-  source  = "mineiros-io/repository/github"
-  version = "~> 0.13.0"
+  source  = "../.."
 
   module_depends_on = [
     module.team
@@ -24,7 +23,6 @@ module "repository" {
   allow_rebase_merge = false
   allow_squash_merge = false
   allow_auto_merge   = true
-  has_downloads      = false
   auto_init          = true
   gitignore_template = "Terraform"
   license_template   = "mit"
@@ -47,9 +45,8 @@ module "repository" {
 
   admin_collaborators = ["terraform-test-user-1"]
 
-  branch_protections = [
-    {
-      branch                          = "main"
+  branch_protections = {
+    "main" = {
       enforce_admins                  = true
       require_conversation_resolution = true
       require_signed_commits          = true
@@ -70,16 +67,15 @@ module "repository" {
         teams = [module.team.name]
       }
     }
-  ]
+  }
 }
 
 # ---------------------------------------------------------------------------------------------------------------------
 # TEAM
 # ---------------------------------------------------------------------------------------------------------------------
 
 module "team" {
-  source  = "mineiros-io/team/github"
-  version = "~> 0.8.0"
+  source  = "github.com/kevcube/terraform-github-team?ref=a0b2c37"
 
   name        = "DevOps"
   description = "The DevOps Team"

diff --git a/examples/public-repository/provider.tf b/examples/public-repository/provider.tf
@@ -1,12 +1,12 @@
 provider "github" {}
 
 terraform {
-  required_version = "~> 1.0"
+  required_version = "~> 1.7"
 
   required_providers {
     github = {
       source  = "integrations/github"
-      version = "~> 4.0"
+      version = "~> 6"
     }
   }
 }
diff --git a/main.tf b/main.tf
@@ -5,7 +5,7 @@
 
 locals {
   # for readability
-  var_gh_labels = var.issue_labels_merge_with_github_labels
+  # var_gh_labels = var.issue_labels_merge_with_github_labels
 
   # issue_labels_merge_with_github_labels = var.gh_labels
   # Per default, GitHub activates vulnerability  alerts for public repositories and disables it for private repositories
@@ -146,8 +146,6 @@ resource "github_branch_default" "default" {
 
   repository = github_repository.repository.name
   branch     = var.default_branch
-
-  # depends_on = [github_branch.branch]
 }
 
 # ---------------------------------------------------------------------------------------------------------------------
@@ -172,14 +170,19 @@ resource "github_branch_protection" "branch_protection" {
 
   pattern = each.key
 
-  allows_deletions                = each.value.allows_deletions
-  allows_force_pushes             = each.value.allows_force_pushes
-  blocks_creations                = each.value.blocks_creations
   enforce_admins                  = each.value.enforce_admins
-  push_restrictions               = each.value.push_restrictions
-  require_conversation_resolution = each.value.require_conversation_resolution
   require_signed_commits          = each.value.require_signed_commits
   required_linear_history         = each.value.required_linear_history
+  require_conversation_resolution = each.value.require_conversation_resolution
+
+  dynamic "required_status_checks" {
+    for_each = try([each.value.required_status_checks], [])
+
+    content {
+      strict   = required_status_checks.strict
+      contexts = required_status_checks.contexts
+    }
+  }
 
   dynamic "required_pull_request_reviews" {
     for_each = try([each.value.required_pull_request_reviews], [])
@@ -191,17 +194,23 @@ resource "github_branch_protection" "branch_protection" {
       pull_request_bypassers          = required_pull_request_reviews.value.pull_request_bypassers
       require_code_owner_reviews      = required_pull_request_reviews.value.require_code_owner_reviews
       required_approving_review_count = required_pull_request_reviews.value.required_approving_review_count
+      require_last_push_approval      = required_pull_request_reviews.value.require_last_push_approval
     }
   }
 
-  dynamic "required_status_checks" {
-    for_each = try([each.value.required_status_checks], [])
+  dynamic "restrict_pushes" {
+    for_each = try([each.value.restrict_pushes], [])
 
     content {
-      strict   = required_status_checks.strict
-      checks   = required_status_checks.contexts
+      blocks_creations = restrict_pushes.blocks_creations
+      push_allowances  = restrict_pushes.push_allowances
     }
   }
+
+  force_push_bypassers = each.value.force_push_bypassers
+  allows_deletions     = each.value.allows_deletions
+  allows_force_pushes  = each.value.allows_force_pushes
+  lock_branch          = each.value.lock_branch
 }
 
 # ---------------------------------------------------------------------------------------------------------------------

diff --git a/variables.tf b/variables.tf
@@ -279,29 +279,37 @@ variable "branch_protections" {
   type = map(
     object(
       {
-        allows_deletions                = optional(bool, false)
-        allows_force_pushes             = optional(bool, false)
-        blocks_creations                = optional(bool, false)
         enforce_admins                  = optional(bool, false)
-        push_restrictions               = optional(list(string), [])
-        require_conversation_resolution = optional(bool, false)
         require_signed_commits          = optional(bool, false)
         required_linear_history         = optional(bool, false)
+        require_conversation_resolution = optional(bool, false)
+        required_status_checks = optional(object(
+          {
+            strict   = optional(bool)
+            contexts = optional(list(string))
+          }
+        ))
         required_pull_request_reviews = optional(object(
           {
-            dismiss_stale_reviews           = optional(bool, false)
-            dismissal_restrictions          = optional(list(string), [])
-            pull_request_bypassers          = optional(list(string), [])
-            require_code_owner_reviews      = optional(bool, false)
-            required_approving_review_count = optional(number, 0)
+            dismiss_stale_reviews           = optional(bool)
+            restrict_dismissals             = optional(bool)
+            dismissal_restrictions          = optional(list(string))
+            pull_request_bypassers          = optional(list(string))
+            require_code_owner_reviews      = optional(bool)
+            required_approving_review_count = optional(number)
+            require_last_push_approval      = optional(bool)
           }
         ))
-        required_status_checks = optional(object(
+        restrict_pushes = optional(object(
           {
-            strict = optional(bool, false)
-            checks = optional(list(string), [])
+            blocks_creations = optional(bool)
+            push_allowances  = optional(list(string))
           }
         ))
+        force_push_bypassers = optional(list(string))
+        allows_deletions     = optional(bool, false)
+        allows_force_pushes  = optional(bool, false)
+        lock_branch          = optional(bool, false)
       }
     )
   )

diff --git a/versions.tf b/versions.tf
@@ -3,13 +3,13 @@
 # ---------------------------------------------------------------------------------------------------------------------
 
 terraform {
-  required_version = "~> 1.0"
+  required_version = "~> 1.7"
 
   # branch_protections_v3 are broken in >= 5.3
   required_providers {
     github = {
       source  = "integrations/github"
-      version = ">= 4.20, < 6.0"
+      version = "~> 6"
     }
   }
 }