Remove woodpecker module and fix branch protection dependency
- Remove woodpecker_repository module and provider (repos managed outside TF) - Add removed block with destroy=false to drop state without destroying - Add module.team to branch_protection depends_on to prevent race condition - Add lifecycle ignore_changes for team permission (provider bug: API returns "none" but rejects it on write)
This commit is contained in:
@@ -10,4 +10,3 @@ branch_protection:
|
|||||||
- "ci/woodpecker/pr/kubeconform"
|
- "ci/woodpecker/pr/kubeconform"
|
||||||
approval_whitelist_users:
|
approval_whitelist_users:
|
||||||
- "unkinben"
|
- "unkinben"
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -12,4 +12,3 @@ branch_protection:
|
|||||||
- "ci/woodpecker/pr/build"
|
- "ci/woodpecker/pr/build"
|
||||||
approval_whitelist_users:
|
approval_whitelist_users:
|
||||||
- "unkinben"
|
- "unkinben"
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -9,4 +9,3 @@ branch_protection:
|
|||||||
- "unkinben"
|
- "unkinben"
|
||||||
approval_whitelist_users:
|
approval_whitelist_users:
|
||||||
- "unkinben"
|
- "unkinben"
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -12,4 +12,3 @@ branch_protection:
|
|||||||
- "forgebot"
|
- "forgebot"
|
||||||
merge_whitelist_teams:
|
merge_whitelist_teams:
|
||||||
- "forgebot"
|
- "forgebot"
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -14,4 +14,3 @@ branch_protection:
|
|||||||
- "forgebot"
|
- "forgebot"
|
||||||
merge_whitelist_teams:
|
merge_whitelist_teams:
|
||||||
- "forgebot"
|
- "forgebot"
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -12,4 +12,3 @@ branch_protection:
|
|||||||
- "ci/woodpecker/pr/unit-tests"
|
- "ci/woodpecker/pr/unit-tests"
|
||||||
approval_whitelist_users:
|
approval_whitelist_users:
|
||||||
- "unkinben"
|
- "unkinben"
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -35,4 +35,3 @@ branch_protection:
|
|||||||
- "ci/woodpecker/pr/yamllint"
|
- "ci/woodpecker/pr/yamllint"
|
||||||
approval_whitelist_teams:
|
approval_whitelist_teams:
|
||||||
- "puppet"
|
- "puppet"
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -13,4 +13,3 @@ branch_protection:
|
|||||||
approval_whitelist_teams:
|
approval_whitelist_teams:
|
||||||
- "puppet"
|
- "puppet"
|
||||||
block_on_rejected_reviews: true
|
block_on_rejected_reviews: true
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -18,4 +18,3 @@ branch_protection:
|
|||||||
approval_whitelist_teams:
|
approval_whitelist_teams:
|
||||||
- "rpmbuild"
|
- "rpmbuild"
|
||||||
block_on_rejected_reviews: true
|
block_on_rejected_reviews: true
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -16,4 +16,3 @@ branch_protection:
|
|||||||
- "unkinben"
|
- "unkinben"
|
||||||
approval_whitelist_teams:
|
approval_whitelist_teams:
|
||||||
- "Owners"
|
- "Owners"
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -1,7 +1,6 @@
|
|||||||
description: "Manage Gitea resources, teams, repos, and Woodpecker CI via Terraform"
|
description: "Manage Gitea resources, teams, repos, and Woodpecker CI via Terraform"
|
||||||
private: false
|
private: false
|
||||||
default_branch: "main"
|
default_branch: "main"
|
||||||
woodpecker: true
|
|
||||||
branch_protection:
|
branch_protection:
|
||||||
- rule_name: "main"
|
- rule_name: "main"
|
||||||
enable_push: false
|
enable_push: false
|
||||||
|
|||||||
@@ -6,4 +6,3 @@ branch_protection:
|
|||||||
enable_push: false
|
enable_push: false
|
||||||
approval_whitelist_teams:
|
approval_whitelist_teams:
|
||||||
- "Owners"
|
- "Owners"
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -16,4 +16,3 @@ branch_protection:
|
|||||||
- "unkinben"
|
- "unkinben"
|
||||||
approval_whitelist_teams:
|
approval_whitelist_teams:
|
||||||
- "Owners"
|
- "Owners"
|
||||||
woodpecker: true
|
|
||||||
|
|||||||
@@ -198,58 +198,8 @@ import {
|
|||||||
id = "12"
|
id = "12"
|
||||||
}
|
}
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/puppet-prod"].woodpecker_repository.this
|
|
||||||
id = "unkin/puppet-prod"
|
|
||||||
}
|
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/puppet-r10k"].woodpecker_repository.this
|
|
||||||
id = "unkin/puppet-r10k"
|
|
||||||
}
|
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/terraform-vault"].woodpecker_repository.this
|
|
||||||
id = "unkin/terraform-vault"
|
|
||||||
}
|
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/rpmbuilder"].woodpecker_repository.this
|
|
||||||
id = "unkin/rpmbuilder"
|
|
||||||
}
|
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/artifactapi"].woodpecker_repository.this
|
|
||||||
id = "unkin/artifactapi"
|
|
||||||
}
|
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/argocd-apps"].woodpecker_repository.this
|
|
||||||
id = "unkin/argocd-apps"
|
|
||||||
}
|
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/certmanager"].woodpecker_repository.this
|
|
||||||
id = "unkin/certmanager"
|
|
||||||
}
|
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/node-lookup"].woodpecker_repository.this
|
|
||||||
id = "unkin/node-lookup"
|
|
||||||
}
|
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/terraform-provider-artifactapi"].woodpecker_repository.this
|
|
||||||
id = "unkin/terraform-provider-artifactapi"
|
|
||||||
}
|
|
||||||
|
|
||||||
import {
|
import {
|
||||||
to = module.repository["git.unkin.net/unkin/terraform-git"].gitea_repository.this
|
to = module.repository["git.unkin.net/unkin/terraform-git"].gitea_repository.this
|
||||||
id = "144"
|
id = "144"
|
||||||
}
|
}
|
||||||
|
|
||||||
import {
|
|
||||||
to = module.woodpecker_repository["git.unkin.net/unkin/terraform-git"].woodpecker_repository.this
|
|
||||||
id = "unkin/terraform-git"
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|||||||
@@ -55,18 +55,12 @@ module "team" {
|
|||||||
depends_on = [module.organisation, module.repository]
|
depends_on = [module.organisation, module.repository]
|
||||||
}
|
}
|
||||||
|
|
||||||
module "woodpecker_repository" {
|
removed {
|
||||||
source = "./modules/woodpecker_repository"
|
from = module.woodpecker_repository
|
||||||
|
|
||||||
for_each = {
|
lifecycle {
|
||||||
for k, v in var.repository : k => v
|
destroy = false
|
||||||
if try(v.woodpecker, false)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
full_name = "${each.value.organisation}/${each.value.name}"
|
|
||||||
visibility = each.value.private ? "private" : "public"
|
|
||||||
|
|
||||||
depends_on = [module.repository]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
module "branch_protection" {
|
module "branch_protection" {
|
||||||
@@ -95,7 +89,7 @@ module "branch_protection" {
|
|||||||
protected_file_patterns = each.value.protected_file_patterns
|
protected_file_patterns = each.value.protected_file_patterns
|
||||||
unprotected_file_patterns = each.value.unprotected_file_patterns
|
unprotected_file_patterns = each.value.unprotected_file_patterns
|
||||||
|
|
||||||
depends_on = [module.repository]
|
depends_on = [module.repository, module.team]
|
||||||
}
|
}
|
||||||
|
|
||||||
# TODO: enable when deploy keys are needed
|
# TODO: enable when deploy keys are needed
|
||||||
|
|||||||
@@ -6,6 +6,10 @@ resource "gitea_team" "this" {
|
|||||||
include_all_repositories = var.include_all_repositories
|
include_all_repositories = var.include_all_repositories
|
||||||
can_create_repos = var.can_create_repos
|
can_create_repos = var.can_create_repos
|
||||||
repositories = var.repositories
|
repositories = var.repositories
|
||||||
|
|
||||||
|
lifecycle {
|
||||||
|
ignore_changes = [permission]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "gitea_team_members" "this" {
|
resource "gitea_team_members" "this" {
|
||||||
|
|||||||
@@ -1,4 +0,0 @@
|
|||||||
resource "woodpecker_repository" "this" {
|
|
||||||
full_name = var.full_name
|
|
||||||
visibility = var.visibility
|
|
||||||
}
|
|
||||||
@@ -1,9 +0,0 @@
|
|||||||
terraform {
|
|
||||||
required_version = ">= 1.10"
|
|
||||||
required_providers {
|
|
||||||
woodpecker = {
|
|
||||||
source = "Kichiyaki/woodpecker"
|
|
||||||
version = "0.5.0"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -1,8 +0,0 @@
|
|||||||
variable "full_name" {
|
|
||||||
type = string
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "visibility" {
|
|
||||||
type = string
|
|
||||||
default = "internal"
|
|
||||||
}
|
|
||||||
@@ -32,7 +32,6 @@ variable "repository" {
|
|||||||
repo_template = optional(bool)
|
repo_template = optional(bool)
|
||||||
website = optional(string)
|
website = optional(string)
|
||||||
autodetect_manual_merge = optional(bool)
|
autodetect_manual_merge = optional(bool)
|
||||||
woodpecker = optional(bool, false)
|
|
||||||
}))
|
}))
|
||||||
default = {}
|
default = {}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user