From 85583a02adbbda6742d63da78fb47ce6804024cd Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Fri, 12 Jun 2026 22:26:19 +1000 Subject: [PATCH] Remove woodpecker module and fix branch protection dependency - Remove woodpecker_repository module and provider (repos managed outside TF) - Add removed block with destroy=false to drop state without destroying - Add module.team to branch_protection depends_on to prevent race condition - Add lifecycle ignore_changes for team permission (provider bug: API returns "none" but rejects it on write) --- .../unkin/repository/argocd-apps.yaml | 1 - .../unkin/repository/artifactapi.yaml | 1 - .../unkin/repository/certmanager.yaml | 1 - .../unkin/repository/forgebot-skills.yaml | 1 - .../unkin/repository/forgebot.yaml | 1 - .../unkin/repository/node-lookup.yaml | 1 - .../unkin/repository/puppet-prod.yaml | 1 - .../unkin/repository/puppet-r10k.yaml | 1 - .../unkin/repository/rpmbuilder.yaml | 1 - .../repository/terraform-artifactapi.yaml | 1 - .../unkin/repository/terraform-git.yaml | 1 - .../terraform-provider-artifactapi.yaml | 1 - .../unkin/repository/terraform-vault.yaml | 1 - modules/gitea_instance/imports.tf | 50 ------------------- modules/gitea_instance/main.tf | 16 ++---- modules/gitea_instance/modules/team/main.tf | 4 ++ .../modules/woodpecker_repository/main.tf | 4 -- .../woodpecker_repository/terraform.tf | 9 ---- .../woodpecker_repository/variables.tf | 8 --- modules/gitea_instance/variables.tf | 1 - 20 files changed, 9 insertions(+), 96 deletions(-) delete mode 100644 modules/gitea_instance/modules/woodpecker_repository/main.tf delete mode 100644 modules/gitea_instance/modules/woodpecker_repository/terraform.tf delete mode 100644 modules/gitea_instance/modules/woodpecker_repository/variables.tf diff --git a/config/git.unkin.net/unkin/repository/argocd-apps.yaml b/config/git.unkin.net/unkin/repository/argocd-apps.yaml index 1a6e1d0..44c53ef 100644 --- a/config/git.unkin.net/unkin/repository/argocd-apps.yaml +++ b/config/git.unkin.net/unkin/repository/argocd-apps.yaml @@ -10,4 +10,3 @@ branch_protection: - "ci/woodpecker/pr/kubeconform" approval_whitelist_users: - "unkinben" -woodpecker: true diff --git a/config/git.unkin.net/unkin/repository/artifactapi.yaml b/config/git.unkin.net/unkin/repository/artifactapi.yaml index d4fc949..f40493f 100644 --- a/config/git.unkin.net/unkin/repository/artifactapi.yaml +++ b/config/git.unkin.net/unkin/repository/artifactapi.yaml @@ -12,4 +12,3 @@ branch_protection: - "ci/woodpecker/pr/build" approval_whitelist_users: - "unkinben" -woodpecker: true diff --git a/config/git.unkin.net/unkin/repository/certmanager.yaml b/config/git.unkin.net/unkin/repository/certmanager.yaml index 092bda9..80c756e 100644 --- a/config/git.unkin.net/unkin/repository/certmanager.yaml +++ b/config/git.unkin.net/unkin/repository/certmanager.yaml @@ -9,4 +9,3 @@ branch_protection: - "unkinben" approval_whitelist_users: - "unkinben" -woodpecker: true diff --git a/config/git.unkin.net/unkin/repository/forgebot-skills.yaml b/config/git.unkin.net/unkin/repository/forgebot-skills.yaml index bc6539f..8446da1 100644 --- a/config/git.unkin.net/unkin/repository/forgebot-skills.yaml +++ b/config/git.unkin.net/unkin/repository/forgebot-skills.yaml @@ -12,4 +12,3 @@ branch_protection: - "forgebot" merge_whitelist_teams: - "forgebot" -woodpecker: true diff --git a/config/git.unkin.net/unkin/repository/forgebot.yaml b/config/git.unkin.net/unkin/repository/forgebot.yaml index dfbf3c2..ee5f2ed 100644 --- a/config/git.unkin.net/unkin/repository/forgebot.yaml +++ b/config/git.unkin.net/unkin/repository/forgebot.yaml @@ -14,4 +14,3 @@ branch_protection: - "forgebot" merge_whitelist_teams: - "forgebot" -woodpecker: true diff --git a/config/git.unkin.net/unkin/repository/node-lookup.yaml b/config/git.unkin.net/unkin/repository/node-lookup.yaml index f5cf984..6e82d98 100644 --- a/config/git.unkin.net/unkin/repository/node-lookup.yaml +++ b/config/git.unkin.net/unkin/repository/node-lookup.yaml @@ -12,4 +12,3 @@ branch_protection: - "ci/woodpecker/pr/unit-tests" approval_whitelist_users: - "unkinben" -woodpecker: true diff --git a/config/git.unkin.net/unkin/repository/puppet-prod.yaml b/config/git.unkin.net/unkin/repository/puppet-prod.yaml index f081992..b9667d0 100644 --- a/config/git.unkin.net/unkin/repository/puppet-prod.yaml +++ b/config/git.unkin.net/unkin/repository/puppet-prod.yaml @@ -35,4 +35,3 @@ branch_protection: - "ci/woodpecker/pr/yamllint" approval_whitelist_teams: - "puppet" -woodpecker: true diff --git a/config/git.unkin.net/unkin/repository/puppet-r10k.yaml b/config/git.unkin.net/unkin/repository/puppet-r10k.yaml index 7087627..53e30bf 100644 --- a/config/git.unkin.net/unkin/repository/puppet-r10k.yaml +++ b/config/git.unkin.net/unkin/repository/puppet-r10k.yaml @@ -13,4 +13,3 @@ branch_protection: approval_whitelist_teams: - "puppet" block_on_rejected_reviews: true -woodpecker: true diff --git a/config/git.unkin.net/unkin/repository/rpmbuilder.yaml b/config/git.unkin.net/unkin/repository/rpmbuilder.yaml index af5ebcb..4d551c3 100644 --- a/config/git.unkin.net/unkin/repository/rpmbuilder.yaml +++ b/config/git.unkin.net/unkin/repository/rpmbuilder.yaml @@ -18,4 +18,3 @@ branch_protection: approval_whitelist_teams: - "rpmbuild" block_on_rejected_reviews: true -woodpecker: true diff --git a/config/git.unkin.net/unkin/repository/terraform-artifactapi.yaml b/config/git.unkin.net/unkin/repository/terraform-artifactapi.yaml index 29e0328..0ddfb29 100644 --- a/config/git.unkin.net/unkin/repository/terraform-artifactapi.yaml +++ b/config/git.unkin.net/unkin/repository/terraform-artifactapi.yaml @@ -16,4 +16,3 @@ branch_protection: - "unkinben" approval_whitelist_teams: - "Owners" -woodpecker: true diff --git a/config/git.unkin.net/unkin/repository/terraform-git.yaml b/config/git.unkin.net/unkin/repository/terraform-git.yaml index bb42939..a2abcdc 100644 --- a/config/git.unkin.net/unkin/repository/terraform-git.yaml +++ b/config/git.unkin.net/unkin/repository/terraform-git.yaml @@ -1,7 +1,6 @@ description: "Manage Gitea resources, teams, repos, and Woodpecker CI via Terraform" private: false default_branch: "main" -woodpecker: true branch_protection: - rule_name: "main" enable_push: false diff --git a/config/git.unkin.net/unkin/repository/terraform-provider-artifactapi.yaml b/config/git.unkin.net/unkin/repository/terraform-provider-artifactapi.yaml index 205406f..4abebb2 100644 --- a/config/git.unkin.net/unkin/repository/terraform-provider-artifactapi.yaml +++ b/config/git.unkin.net/unkin/repository/terraform-provider-artifactapi.yaml @@ -6,4 +6,3 @@ branch_protection: enable_push: false approval_whitelist_teams: - "Owners" -woodpecker: true diff --git a/config/git.unkin.net/unkin/repository/terraform-vault.yaml b/config/git.unkin.net/unkin/repository/terraform-vault.yaml index 840d32f..7bde41a 100644 --- a/config/git.unkin.net/unkin/repository/terraform-vault.yaml +++ b/config/git.unkin.net/unkin/repository/terraform-vault.yaml @@ -16,4 +16,3 @@ branch_protection: - "unkinben" approval_whitelist_teams: - "Owners" -woodpecker: true diff --git a/modules/gitea_instance/imports.tf b/modules/gitea_instance/imports.tf index 2731c2b..0c6849c 100644 --- a/modules/gitea_instance/imports.tf +++ b/modules/gitea_instance/imports.tf @@ -198,58 +198,8 @@ import { id = "12" } -import { - to = module.woodpecker_repository["git.unkin.net/unkin/puppet-prod"].woodpecker_repository.this - id = "unkin/puppet-prod" -} - -import { - to = module.woodpecker_repository["git.unkin.net/unkin/puppet-r10k"].woodpecker_repository.this - id = "unkin/puppet-r10k" -} - -import { - to = module.woodpecker_repository["git.unkin.net/unkin/terraform-vault"].woodpecker_repository.this - id = "unkin/terraform-vault" -} - -import { - to = module.woodpecker_repository["git.unkin.net/unkin/rpmbuilder"].woodpecker_repository.this - id = "unkin/rpmbuilder" -} - -import { - to = module.woodpecker_repository["git.unkin.net/unkin/artifactapi"].woodpecker_repository.this - id = "unkin/artifactapi" -} - -import { - to = module.woodpecker_repository["git.unkin.net/unkin/argocd-apps"].woodpecker_repository.this - id = "unkin/argocd-apps" -} - -import { - to = module.woodpecker_repository["git.unkin.net/unkin/certmanager"].woodpecker_repository.this - id = "unkin/certmanager" -} - -import { - to = module.woodpecker_repository["git.unkin.net/unkin/node-lookup"].woodpecker_repository.this - id = "unkin/node-lookup" -} - -import { - to = module.woodpecker_repository["git.unkin.net/unkin/terraform-provider-artifactapi"].woodpecker_repository.this - id = "unkin/terraform-provider-artifactapi" -} - import { to = module.repository["git.unkin.net/unkin/terraform-git"].gitea_repository.this id = "144" } -import { - to = module.woodpecker_repository["git.unkin.net/unkin/terraform-git"].woodpecker_repository.this - id = "unkin/terraform-git" -} - diff --git a/modules/gitea_instance/main.tf b/modules/gitea_instance/main.tf index 52b23cb..c25e538 100644 --- a/modules/gitea_instance/main.tf +++ b/modules/gitea_instance/main.tf @@ -55,18 +55,12 @@ module "team" { depends_on = [module.organisation, module.repository] } -module "woodpecker_repository" { - source = "./modules/woodpecker_repository" +removed { + from = module.woodpecker_repository - for_each = { - for k, v in var.repository : k => v - if try(v.woodpecker, false) + lifecycle { + destroy = false } - - full_name = "${each.value.organisation}/${each.value.name}" - visibility = each.value.private ? "private" : "public" - - depends_on = [module.repository] } module "branch_protection" { @@ -95,7 +89,7 @@ module "branch_protection" { protected_file_patterns = each.value.protected_file_patterns unprotected_file_patterns = each.value.unprotected_file_patterns - depends_on = [module.repository] + depends_on = [module.repository, module.team] } # TODO: enable when deploy keys are needed diff --git a/modules/gitea_instance/modules/team/main.tf b/modules/gitea_instance/modules/team/main.tf index cb55295..a305bf5 100644 --- a/modules/gitea_instance/modules/team/main.tf +++ b/modules/gitea_instance/modules/team/main.tf @@ -6,6 +6,10 @@ resource "gitea_team" "this" { include_all_repositories = var.include_all_repositories can_create_repos = var.can_create_repos repositories = var.repositories + + lifecycle { + ignore_changes = [permission] + } } resource "gitea_team_members" "this" { diff --git a/modules/gitea_instance/modules/woodpecker_repository/main.tf b/modules/gitea_instance/modules/woodpecker_repository/main.tf deleted file mode 100644 index df929d5..0000000 --- a/modules/gitea_instance/modules/woodpecker_repository/main.tf +++ /dev/null @@ -1,4 +0,0 @@ -resource "woodpecker_repository" "this" { - full_name = var.full_name - visibility = var.visibility -} diff --git a/modules/gitea_instance/modules/woodpecker_repository/terraform.tf b/modules/gitea_instance/modules/woodpecker_repository/terraform.tf deleted file mode 100644 index 25c5cdb..0000000 --- a/modules/gitea_instance/modules/woodpecker_repository/terraform.tf +++ /dev/null @@ -1,9 +0,0 @@ -terraform { - required_version = ">= 1.10" - required_providers { - woodpecker = { - source = "Kichiyaki/woodpecker" - version = "0.5.0" - } - } -} diff --git a/modules/gitea_instance/modules/woodpecker_repository/variables.tf b/modules/gitea_instance/modules/woodpecker_repository/variables.tf deleted file mode 100644 index 4c10ed3..0000000 --- a/modules/gitea_instance/modules/woodpecker_repository/variables.tf +++ /dev/null @@ -1,8 +0,0 @@ -variable "full_name" { - type = string -} - -variable "visibility" { - type = string - default = "internal" -} diff --git a/modules/gitea_instance/variables.tf b/modules/gitea_instance/variables.tf index a4b0324..6ce9653 100644 --- a/modules/gitea_instance/variables.tf +++ b/modules/gitea_instance/variables.tf @@ -32,7 +32,6 @@ variable "repository" { repo_template = optional(bool) website = optional(string) autodetect_manual_merge = optional(bool) - woodpecker = optional(bool, false) })) default = {} }