Files
unkinben 85583a02ad
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
Remove woodpecker module and fix branch protection dependency
- Remove woodpecker_repository module and provider (repos managed outside TF)
- Add removed block with destroy=false to drop state without destroying
- Add module.team to branch_protection depends_on to prevent race condition
- Add lifecycle ignore_changes for team permission (provider bug: API returns
  "none" but rejects it on write)
2026-06-12 22:26:19 +10:00

97 lines
3.7 KiB
Terraform

module "organisation" {
source = "./modules/organisation"
for_each = var.organisation
name = each.value.name
description = each.value.description
full_name = each.value.full_name
visibility = each.value.visibility
website = each.value.website
location = each.value.location
repo_admin_change_team_access = each.value.repo_admin_change_team_access
}
module "repository" {
source = "./modules/repository"
for_each = var.repository
name = each.value.name
organisation = each.value.organisation
description = each.value.description
private = each.value.private
default_branch = each.value.default_branch
has_issues = each.value.has_issues
has_wiki = each.value.has_wiki
has_pull_requests = each.value.has_pull_requests
has_projects = each.value.has_projects
allow_merge_commits = each.value.allow_merge_commits
allow_rebase = each.value.allow_rebase
allow_rebase_explicit = each.value.allow_rebase_explicit
allow_squash_merge = each.value.allow_squash_merge
archived = each.value.archived
repo_template = each.value.repo_template
website = each.value.website
autodetect_manual_merge = each.value.autodetect_manual_merge
depends_on = [module.organisation]
}
module "team" {
source = "./modules/team"
for_each = var.team
name = each.value.name
organisation = each.value.organisation
description = each.value.description
permission = each.value.permission
include_all_repositories = each.value.include_all_repositories
can_create_repos = each.value.can_create_repos
repositories = each.value.repositories
members = each.value.members
depends_on = [module.organisation, module.repository]
}
removed {
from = module.woodpecker_repository
lifecycle {
destroy = false
}
}
module "branch_protection" {
source = "./modules/branch_protection"
for_each = var.branch_protection
repository = each.value.repository
organisation = each.value.organisation
rule_name = each.value.rule_name
enable_push = each.value.enable_push
push_whitelist_users = each.value.push_whitelist_users
push_whitelist_teams = each.value.push_whitelist_teams
push_whitelist_deploy_keys = each.value.push_whitelist_deploy_keys
merge_whitelist_users = each.value.merge_whitelist_users
merge_whitelist_teams = each.value.merge_whitelist_teams
required_approvals = each.value.required_approvals
approval_whitelist_users = each.value.approval_whitelist_users
approval_whitelist_teams = each.value.approval_whitelist_teams
status_check_contexts = each.value.status_check_contexts
block_on_rejected_reviews = each.value.block_on_rejected_reviews
block_on_official_review_requests = each.value.block_on_official_review_requests
block_on_outdated_branch = each.value.block_on_outdated_branch
dismiss_stale_approvals = each.value.dismiss_stale_approvals
require_signed_commits = each.value.require_signed_commits
protected_file_patterns = each.value.protected_file_patterns
unprotected_file_patterns = each.value.unprotected_file_patterns
depends_on = [module.repository, module.team]
}
# TODO: enable when deploy keys are needed
# module "deploy_key" { ... }