Files
unkinben c87b3ac471 feat: initial terraform-git project
Manage Gitea resources via Terraform/Terragrunt with YAML-driven config.

Resources managed:
- Organisation (unkin)
- 28 repositories with settings
- 6 teams with members
- 13 branch protection rules
- 9 Woodpecker CI repo activations
- Deploy key module (ready, no keys yet)

Config structure: config/<service>/<org>/<type>/<object>.yaml
Consul backend for state, Vault for auth tokens.
2026-06-10 23:45:41 +10:00

103 lines
3.9 KiB
Terraform

module "organisation" {
source = "./modules/organisation"
for_each = var.organisation
name = each.value.name
description = each.value.description
full_name = each.value.full_name
visibility = each.value.visibility
website = each.value.website
location = each.value.location
repo_admin_change_team_access = each.value.repo_admin_change_team_access
}
module "repository" {
source = "./modules/repository"
for_each = var.repository
name = each.value.name
organisation = each.value.organisation
description = each.value.description
private = each.value.private
default_branch = each.value.default_branch
has_issues = each.value.has_issues
has_wiki = each.value.has_wiki
has_pull_requests = each.value.has_pull_requests
has_projects = each.value.has_projects
allow_merge_commits = each.value.allow_merge_commits
allow_rebase = each.value.allow_rebase
allow_rebase_explicit = each.value.allow_rebase_explicit
allow_squash_merge = each.value.allow_squash_merge
archived = each.value.archived
repo_template = each.value.repo_template
website = each.value.website
autodetect_manual_merge = each.value.autodetect_manual_merge
depends_on = [module.organisation]
}
module "team" {
source = "./modules/team"
for_each = var.team
name = each.value.name
organisation = each.value.organisation
description = each.value.description
permission = each.value.permission
include_all_repositories = each.value.include_all_repositories
can_create_repos = each.value.can_create_repos
repositories = each.value.repositories
members = each.value.members
depends_on = [module.organisation, module.repository]
}
module "woodpecker_repository" {
source = "./modules/woodpecker_repository"
for_each = {
for k, v in var.repository : k => v
if try(v.woodpecker, false)
}
full_name = "${each.value.organisation}/${each.value.name}"
visibility = each.value.private ? "private" : "public"
depends_on = [module.repository]
}
module "branch_protection" {
source = "./modules/branch_protection"
for_each = var.branch_protection
repository = each.value.repository
organisation = each.value.organisation
rule_name = each.value.rule_name
enable_push = each.value.enable_push
push_whitelist_users = each.value.push_whitelist_users
push_whitelist_teams = each.value.push_whitelist_teams
push_whitelist_deploy_keys = each.value.push_whitelist_deploy_keys
merge_whitelist_users = each.value.merge_whitelist_users
merge_whitelist_teams = each.value.merge_whitelist_teams
required_approvals = each.value.required_approvals
approval_whitelist_users = each.value.approval_whitelist_users
approval_whitelist_teams = each.value.approval_whitelist_teams
status_check_contexts = each.value.status_check_contexts
block_on_rejected_reviews = each.value.block_on_rejected_reviews
block_on_official_review_requests = each.value.block_on_official_review_requests
block_on_outdated_branch = each.value.block_on_outdated_branch
dismiss_stale_approvals = each.value.dismiss_stale_approvals
require_signed_commits = each.value.require_signed_commits
protected_file_patterns = each.value.protected_file_patterns
unprotected_file_patterns = each.value.unprotected_file_patterns
depends_on = [module.repository]
}
# TODO: enable when deploy keys are needed
# module "deploy_key" { ... }