85583a02ad
- Remove woodpecker_repository module and provider (repos managed outside TF) - Add removed block with destroy=false to drop state without destroying - Add module.team to branch_protection depends_on to prevent race condition - Add lifecycle ignore_changes for team permission (provider bug: API returns "none" but rejects it on write)
97 lines
3.7 KiB
Terraform
97 lines
3.7 KiB
Terraform
module "organisation" {
|
|
source = "./modules/organisation"
|
|
|
|
for_each = var.organisation
|
|
|
|
name = each.value.name
|
|
description = each.value.description
|
|
full_name = each.value.full_name
|
|
visibility = each.value.visibility
|
|
website = each.value.website
|
|
location = each.value.location
|
|
repo_admin_change_team_access = each.value.repo_admin_change_team_access
|
|
}
|
|
|
|
module "repository" {
|
|
source = "./modules/repository"
|
|
|
|
for_each = var.repository
|
|
|
|
name = each.value.name
|
|
organisation = each.value.organisation
|
|
description = each.value.description
|
|
private = each.value.private
|
|
default_branch = each.value.default_branch
|
|
has_issues = each.value.has_issues
|
|
has_wiki = each.value.has_wiki
|
|
has_pull_requests = each.value.has_pull_requests
|
|
has_projects = each.value.has_projects
|
|
allow_merge_commits = each.value.allow_merge_commits
|
|
allow_rebase = each.value.allow_rebase
|
|
allow_rebase_explicit = each.value.allow_rebase_explicit
|
|
allow_squash_merge = each.value.allow_squash_merge
|
|
archived = each.value.archived
|
|
repo_template = each.value.repo_template
|
|
website = each.value.website
|
|
autodetect_manual_merge = each.value.autodetect_manual_merge
|
|
|
|
depends_on = [module.organisation]
|
|
}
|
|
|
|
module "team" {
|
|
source = "./modules/team"
|
|
|
|
for_each = var.team
|
|
|
|
name = each.value.name
|
|
organisation = each.value.organisation
|
|
description = each.value.description
|
|
permission = each.value.permission
|
|
include_all_repositories = each.value.include_all_repositories
|
|
can_create_repos = each.value.can_create_repos
|
|
repositories = each.value.repositories
|
|
members = each.value.members
|
|
|
|
depends_on = [module.organisation, module.repository]
|
|
}
|
|
|
|
removed {
|
|
from = module.woodpecker_repository
|
|
|
|
lifecycle {
|
|
destroy = false
|
|
}
|
|
}
|
|
|
|
module "branch_protection" {
|
|
source = "./modules/branch_protection"
|
|
|
|
for_each = var.branch_protection
|
|
|
|
repository = each.value.repository
|
|
organisation = each.value.organisation
|
|
rule_name = each.value.rule_name
|
|
enable_push = each.value.enable_push
|
|
push_whitelist_users = each.value.push_whitelist_users
|
|
push_whitelist_teams = each.value.push_whitelist_teams
|
|
push_whitelist_deploy_keys = each.value.push_whitelist_deploy_keys
|
|
merge_whitelist_users = each.value.merge_whitelist_users
|
|
merge_whitelist_teams = each.value.merge_whitelist_teams
|
|
required_approvals = each.value.required_approvals
|
|
approval_whitelist_users = each.value.approval_whitelist_users
|
|
approval_whitelist_teams = each.value.approval_whitelist_teams
|
|
status_check_contexts = each.value.status_check_contexts
|
|
block_on_rejected_reviews = each.value.block_on_rejected_reviews
|
|
block_on_official_review_requests = each.value.block_on_official_review_requests
|
|
block_on_outdated_branch = each.value.block_on_outdated_branch
|
|
dismiss_stale_approvals = each.value.dismiss_stale_approvals
|
|
require_signed_commits = each.value.require_signed_commits
|
|
protected_file_patterns = each.value.protected_file_patterns
|
|
unprotected_file_patterns = each.value.unprotected_file_patterns
|
|
|
|
depends_on = [module.repository, module.team]
|
|
}
|
|
|
|
# TODO: enable when deploy keys are needed
|
|
# module "deploy_key" { ... }
|