Git Product home page Git Product logo

terraform-github-repository's Introduction

terraform-github-repository

License: MIT CI GitHub Release

Terraform module to create GitHub repository and relevant resources.

Requirements

Name Version
terraform ~> 1.0
github ~> 6.2

Providers

Name Version
github 6.2.1

Modules

Name Source Version
actions ./modules/actions n/a
rulesets ./modules/rulesets n/a
secrets_and_variables ./modules/secrets-and-variables n/a

Resources

Name Type
github_branch.this resource
github_branch_default.this resource
github_branch_protection.this resource
github_issue_label.this resource
github_issue_labels.this resource
github_repository.this resource
github_repository_autolink_reference.this resource
github_repository_collaborator.this resource
github_repository_collaborators.this resource
github_repository_dependabot_security_updates.this resource
github_repository_file.this resource
github_repository_tag_protection.this resource
github_repository_webhook.this resource

Inputs

Name Description Type Default Required
actions_repository_access_level Where the actions or reusable workflows of the repository may be used. Possible values are "none", "user", "organization", or "enterprise".

If null, skip creation of github_actions_repository_access_level resource.		 string null no
actions_repository_permissions GitHub Actions permissions for a given repository. 
object({
    allowed_actions = optional(string)
    enabled         = optional(bool)
    allowed_actions_config = optional(object({
      github_owned_allowed = bool
      patterns_allowed     = optional(set(string))
      verified_allowed     = optional(bool)
    }))
  })
 null no
allow_auto_merge Set to true to allow auto-merging pull requests on the repository. bool false no
allow_merge_commit Set to false to disable merge commits on the repository. bool true no
allow_rebase_merge Set to false to disable rebase merges on the repository. bool true no
allow_squash_merge Set to false to disable squash merges on the repository. bool true no
allow_update_branch Set to true to always suggest updating pull request branches. bool null no
archive_on_destroy Set to true to archive the repository instead of deleting on destroy. bool true no
archived Specifies if the repository should be archived.

NOTE Currently, the API does not support unarchiving.		 bool false no
auto_init Set to true to produce an initial commit in the repository. bool null no
autolink_references Autolink references. 
list(object({
    key_prefix          = string
    target_url_template = string
    is_alphanumeric     = optional(bool)
  }))
 [] no
branch_protections Branch protection rules. 
list(object({
    pattern                         = string
    enforce_admins                  = optional(bool)
    require_signed_commits          = optional(bool)
    required_linear_history         = optional(bool)
    require_conversation_resolution = optional(bool)
    required_status_checks = optional(object({
      strict   = optional(bool)
      contexts = optional(set(string))
    }))
    required_pull_request_reviews = optional(object({
      dismiss_stale_reviews           = optional(bool)
      restrict_dismissals             = optional(bool)
      dismissal_restrictions          = optional(set(string))
      pull_request_bypassers          = optional(set(string))
      require_code_owner_reviews      = optional(bool)
      required_approving_review_count = optional(number)
      require_last_push_approval      = optional(bool)
    }))
    restrict_pushes = optional(object({
      blocks_creations = optional(bool)
      push_allowances  = optional(set(string))
    }))
    force_push_bypassers = optional(set(string))
    allows_deletions     = optional(bool)
    allows_force_pushes  = optional(bool)
    lock_branch          = optional(bool)
  }))
 [] no
branches Map of branch name and configuration to create. 
map(object({
    source_branch = optional(string)
    source_sha    = optional(string)
  }))
 {} no
collaborators List of collaboratos. 
object({
    non_authoritative = optional(list(object({
      username                    = string
      permission                  = optional(string)
      permission_diff_suppression = optional(bool)
    })))
    authoritative = optional(object({
      users = optional(list(object({
        username   = string
        permission = optional(string)
      })))
      teams = optional(list(object({
        team_id    = string
        permission = optional(string)
      })))
    }))
  })
 {} no
collaborators_authoritative Whether collaborators should be managed in authoritative way. If set true, github_repository_collaborators resource will be used. bool false no
create Whether to create this module or not. bool true no
default_branch The name of the default branch of the repository. string "main" no
default_branch_rename Indicate if it should rename the branch rather than use an existing branch. bool false no
delete_branch_on_merge Automatically delete head branch after a pull request is merged. bool false no
dependabot_security_updates_enabled Whether to enable Dependabot security updates. bool false no
deploy_keys Deploy keys. 
list(object({
    key       = string
    read_only = bool
    title     = string
  }))
 [] no
deployment_branch_policies Deployment branch policies. 
list(object({
    environment    = string
    branch_pattern = string
  }))
 [] no
description A description of the repository. string null no
environments List of GitHub repository environments. 
map(object({
    wait_timer          = optional(number)
    can_admins_bypass   = optional(bool)
    prevent_self_review = optional(bool)
    reviewers = optional(object({
      teams = optional(set(string))
      users = optional(set(string))
    }))
    deployment_branch_policy = optional(object({
      protected_branches     = bool
      custom_branch_policies = bool
    }))
  }))
 {} no
files Repository files. 
list(object({
    file                = string
    content             = string
    branch              = optional(string)
    commit_author       = optional(string)
    commit_email        = optional(string)
    commit_message      = optional(string)
    overwrite_on_create = optional(bool)
  }))
 [] no
gitignore_template Use the name of the template without the extension. For example, "Haskell". string null no
has_discussions Set to true to enable GitHub Discussions on the repository. bool false no
has_downloads Set to true to enable the (deprecated) downloads features on the repository. bool null no
has_issues Set to true to enable the GitHub Issues features on the repository. bool true no
has_projects Set to true to enable the GitHub Projects features on the repository.

Per the GitHub documentation when in an organization that has disabled repository projects it will default to false and will otherwise default to true.
If you specify true when it has been disabled it will return an error.		 bool false no
has_wiki Set to true to enable the GitHub Wiki features on the repository. bool false no
homepage_url URL of a page describing the project. string null no
ignore_vulnerability_alerts_during_read Set to true to not call the vulnerability alerts endpoint so the resource can also be used without admin permissions during read. bool null no
is_template Set to true to tell GitHub that this is a template repository. bool false no
issue_labels Issue labels. Starting prefix "#" in color will be ignored. 
list(object({
    name        = string
    color       = string
    description = optional(string)
  }))
 [] no
issue_labels_authoritative Whether issue labels managed in authoritative ways. If true, issue labels will be created using github_issue_labels resource type, possibly causing all the labels not listed removed. bool false no
license_template Use the name of the template without the extension. For example, "mit" or "mpl-2.0". string null no
merge_commit_message Can be "PR_BODY", "PR_TITLE", or "BLANK" for a default merge commit message. Applicable only if allow_merge_commit is true. string null no
merge_commit_title Can be "PR_TITLE" or "MERGE_MESSAGE" for a default merge commit title. Applicable only if allow_merge_commit is true. string null no
name The name of the repository. string n/a yes
pages The repository's GitHub Pages configuration.

See GitHub Pages Configuration for details.		 
object({
    source = optional(object({
      branch = string
      path   = optional(string)
    }))
    build_type = optional(string)
    cname      = optional(string)
  })
 null no
rulesets Repository rulesets. 
list(object({
    enforcement = string
    name        = string
    rules = object({
      branch_name_pattern = optional(object({
        operator = string
        pattern  = string
        name     = optional(string)
        negate   = optional(bool)
      }))
      commit_author_email_pattern = optional(object({
        operator = string
        pattern  = string
        name     = optional(string)
        negate   = optional(bool)
      }))
      commit_message_pattern = optional(object({
        operator = string
        pattern  = string
        name     = optional(string)
        negate   = optional(bool)
      }))
      committer_email_pattern = optional(object({
        operator = string
        pattern  = string
        name     = optional(string)
        negate   = optional(bool)
      }))
      creation         = optional(bool)
      deletion         = optional(bool)
      non_fast_forward = optional(bool)
      pull_request = optional(object({
        dismiss_stale_reviews_on_push     = optional(bool)
        require_code_owner_review         = optional(bool)
        require_last_push_approval        = optional(bool)
        required_approving_review_count   = optional(number)
        required_review_thread_resolution = optional(bool)
      }))
      required_deployments = optional(object({
        required_deployment_environments = set(string)
      }))
      required_linear_history = optional(bool)
      required_signatures     = optional(bool)
      required_status_checks = optional(object({
        required_check = list(object({
          context        = string
          integration_id = optional(number)
        }))
        strict_required_status_checks_policy = optional(bool)
      }))
      tag_name_pattern = optional(object({
        operator = string
        pattern  = string
        name     = optional(string)
        negate   = optional(bool)
      }))
      update                        = optional(bool)
      update_allows_fetch_and_merge = optional(bool)
    })
    target = string
    bypass_actors = optional(list(object({
      actor_id    = number
      actor_type  = string
      bypass_mode = optional(string)
    })))
    conditions = optional(object({
      ref_name = object({
        exclude = set(string)
        include = set(string)
      })
    }))
  }))
 [] no
secrets GitHub Actions secrets for this repository.

- Available values for subject are "actions", "codespaces", "dependabot".
- github_actions_environment_secret resource will be created if environment key specified.		 
list(object({
    subjects        = set(string)
    environment     = optional(string)
    secret_name     = string
    encrypted_value = optional(string)
    plaintext_value = optional(string)
  }))
 [] no
security_and_analysis The repository's security and analysis configuration.

See Security and Analysis Configuration for details.		 
object({
    advanced_security = optional(object({
      status = string
    }))
    secret_scanning = optional(object({
      status = string
    }))
    secret_scanning_push_protection = optional(object({
      status = string
    }))
  })
 null no
squash_merge_commit_message Can be "PR_BODY", "COMMIT_MESSAGES", or "BLANK" for a default squash merge commit message. Applicable only if allow_squash_merge is true. string null no
squash_merge_commit_title Can be "PR_TITLE" or "COMMIT_OR_PR_TITLE" for a default squash merge commit title. Applicable only if allow_squash_merge is true. string null no
tag_protections Tag protection rules. list(string) [] no
template Use a template repository to create this resource.

See Template Repositories for details.		 
object({
    owner                = string
    repository           = string
    include_all_branches = optional(bool)
  })
 null no
topics The list of topics of the repository.

NOTE: This attribute is not compatible with the github_repository_topics resource. Use one of them.
github_repository_topics is only meant to be used if the repository itself is not handled via terraform, for example if it's only read as a datasource (see issue #1845).		 set(string) null no
variables GitHub Actions variables for this repository. Create github_actions_environment_variable resource if environment key specified. 
list(object({
    environment   = optional(string)
    variable_name = string
    value         = optional(string)
  }))
 [] no
visibility Can be "public" or "private".

If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be "internal".
The visibility parameter overrides the private parameter."		 string "private" no
vulnerability_alerts Set to true to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. (Note for importing: GitHub enables the alerts on public repos but disables them on private repos by default.) See GitHub Documentation for details. Note that vulnerability alerts have not been successfully tested on any GitHub Enterprise instance and may be unavailable in those settings. bool true no
web_commit_signoff_required Require contributors to sign off on web-based commits. See more here. bool false no
webhooks List of webhooks. 
list(object({
    events = set(string)
    configuration = object({
      url          = string
      content_type = string
      secret       = optional(string)
      insecure_ssl = optional(bool)
    })
    active = optional(bool)
  }))
 [] no

Outputs

Name Description
actions GitHub Actions module outputs.
autolink_references Autolink references.
branch_default Default branch name.
branch_protections Branch protection rules.
branches Branches in repository.
collaborators List of repository collaborators.
dependabot_security_updates_enabled Whether dependabot security updates enabled for this repository.
files Files managed by this module.
issue_labels Repository issue labels.
repository Repository details.
rulesets Repository rulesets.
secrets_and_variables Repository Actions, Codespaces and Dependabot secrets and variables.
tag_protections Tag protection rules.
webhooks Repository webhooks.

terraform-github-repository's People

Contributors

dependabot[bot] avatar lasuillard avatar

Watchers

avatar

terraform-github-repository's Issues

`github_repository_dependabot_security_updates.this[0]` resource can't be created

While updating resource after version updates:

Terraform will perform the following actions:

  # github_repository_dependabot_security_updates.this[0] will be created
  + resource "github_repository_dependabot_security_updates" "this" {
      + enabled    = false
      + id         = (known after apply)
      + repository = "<REPOSITORY_NAME>"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Following error occurs:

github_repository_dependabot_security_updates.this[0]: Creating...
╷
│ Error: DELETE https://api.github.com/repos/<ORGANIZATION>/<REPOSITORY_NAME>/automated-security-fixes: 422 Vulnerability alerts must be enabled to configure automated security fixes. []
│ 
│   with github_repository_dependabot_security_updates.this[0],
│   on main.tf line 278, in resource "github_repository_dependabot_security_updates" "this":
│  278: resource "github_repository_dependabot_security_updates" "this" {
│ 
╵

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.