c87b3ac471
Manage Gitea resources via Terraform/Terragrunt with YAML-driven config. Resources managed: - Organisation (unkin) - 28 repositories with settings - 6 teams with members - 13 branch protection rules - 9 Woodpecker CI repo activations - Deploy key module (ready, no keys yet) Config structure: config/<service>/<org>/<type>/<object>.yaml Consul backend for state, Vault for auth tokens.
103 lines
3.9 KiB
Terraform
103 lines
3.9 KiB
Terraform
module "organisation" {
|
|
source = "./modules/organisation"
|
|
|
|
for_each = var.organisation
|
|
|
|
name = each.value.name
|
|
description = each.value.description
|
|
full_name = each.value.full_name
|
|
visibility = each.value.visibility
|
|
website = each.value.website
|
|
location = each.value.location
|
|
repo_admin_change_team_access = each.value.repo_admin_change_team_access
|
|
}
|
|
|
|
module "repository" {
|
|
source = "./modules/repository"
|
|
|
|
for_each = var.repository
|
|
|
|
name = each.value.name
|
|
organisation = each.value.organisation
|
|
description = each.value.description
|
|
private = each.value.private
|
|
default_branch = each.value.default_branch
|
|
has_issues = each.value.has_issues
|
|
has_wiki = each.value.has_wiki
|
|
has_pull_requests = each.value.has_pull_requests
|
|
has_projects = each.value.has_projects
|
|
allow_merge_commits = each.value.allow_merge_commits
|
|
allow_rebase = each.value.allow_rebase
|
|
allow_rebase_explicit = each.value.allow_rebase_explicit
|
|
allow_squash_merge = each.value.allow_squash_merge
|
|
archived = each.value.archived
|
|
repo_template = each.value.repo_template
|
|
website = each.value.website
|
|
autodetect_manual_merge = each.value.autodetect_manual_merge
|
|
|
|
depends_on = [module.organisation]
|
|
}
|
|
|
|
module "team" {
|
|
source = "./modules/team"
|
|
|
|
for_each = var.team
|
|
|
|
name = each.value.name
|
|
organisation = each.value.organisation
|
|
description = each.value.description
|
|
permission = each.value.permission
|
|
include_all_repositories = each.value.include_all_repositories
|
|
can_create_repos = each.value.can_create_repos
|
|
repositories = each.value.repositories
|
|
members = each.value.members
|
|
|
|
depends_on = [module.organisation, module.repository]
|
|
}
|
|
|
|
module "woodpecker_repository" {
|
|
source = "./modules/woodpecker_repository"
|
|
|
|
for_each = {
|
|
for k, v in var.repository : k => v
|
|
if try(v.woodpecker, false)
|
|
}
|
|
|
|
full_name = "${each.value.organisation}/${each.value.name}"
|
|
visibility = each.value.private ? "private" : "public"
|
|
|
|
depends_on = [module.repository]
|
|
}
|
|
|
|
module "branch_protection" {
|
|
source = "./modules/branch_protection"
|
|
|
|
for_each = var.branch_protection
|
|
|
|
repository = each.value.repository
|
|
organisation = each.value.organisation
|
|
rule_name = each.value.rule_name
|
|
enable_push = each.value.enable_push
|
|
push_whitelist_users = each.value.push_whitelist_users
|
|
push_whitelist_teams = each.value.push_whitelist_teams
|
|
push_whitelist_deploy_keys = each.value.push_whitelist_deploy_keys
|
|
merge_whitelist_users = each.value.merge_whitelist_users
|
|
merge_whitelist_teams = each.value.merge_whitelist_teams
|
|
required_approvals = each.value.required_approvals
|
|
approval_whitelist_users = each.value.approval_whitelist_users
|
|
approval_whitelist_teams = each.value.approval_whitelist_teams
|
|
status_check_contexts = each.value.status_check_contexts
|
|
block_on_rejected_reviews = each.value.block_on_rejected_reviews
|
|
block_on_official_review_requests = each.value.block_on_official_review_requests
|
|
block_on_outdated_branch = each.value.block_on_outdated_branch
|
|
dismiss_stale_approvals = each.value.dismiss_stale_approvals
|
|
require_signed_commits = each.value.require_signed_commits
|
|
protected_file_patterns = each.value.protected_file_patterns
|
|
unprotected_file_patterns = each.value.unprotected_file_patterns
|
|
|
|
depends_on = [module.repository]
|
|
}
|
|
|
|
# TODO: enable when deploy keys are needed
|
|
# module "deploy_key" { ... }
|