From 2f65ea63ed12cfd98bdd4f6fd64f44a19a02038d Mon Sep 17 00:00:00 2001
From: Hayden <22327045+hbjydev@users.noreply.github.com>
Date: Fri, 5 Jan 2024 02:23:59 +0000
Subject: [PATCH] feat(teams): allow multiple team associations
* feat(teams): allow assigning multiple teams, given a permission
* feat(dev): switch to just from make
* docs: update README
* docs: update README
* docs(teams): update description of var.teams
* fix(teams): update default for var.teams to {} instead of null
* feat(ci): move check to just for local testing, use in ci
* fix(teams): use count.index to find the correct team id
---
.github/workflows/flake.yaml | 2 +-
README.md | 4 ++--
data.tf | 4 ++--
flake.nix | 4 +++-
makefile => justfile | 3 +++
main.tf | 6 +++---
variables.tf | 26 ++++++++++++++++++++++----
7 files changed, 36 insertions(+), 13 deletions(-)
rename makefile => justfile (62%)
diff --git a/.github/workflows/flake.yaml b/.github/workflows/flake.yaml
index 7e4bdc9..4cba552 100644
--- a/.github/workflows/flake.yaml
+++ b/.github/workflows/flake.yaml
@@ -14,4 +14,4 @@ jobs:
- uses: DeterminateSystems/nix-installer-action@v4
- uses: DeterminateSystems/magic-nix-cache-action@v2
- run: nix flake check
- - run: nix build --json --no-link --print-build-logs
+ - run: nix develop -c just check
diff --git a/README.md b/README.md
index 9d6e274..7879440 100644
--- a/README.md
+++ b/README.md
@@ -46,7 +46,7 @@ No modules.
| [name](#input\_name) | The name of the repository | `string` | n/a | yes |
| [owner](#input\_owner) | The name of the repository | `string` | n/a | yes |
| [required\_status\_checks\_contexts](#input\_required\_status\_checks\_contexts) | The list of status checks to require in order to merge into this branch | `list(string)` | `[]` | no |
-| [team\_slug](#input\_team\_slug) | The slug of the team to grant access to | `string` | `null` | no |
+| [teams](#input\_teams) | The teams to grant access to, and their permission levels | `map(string)` | `{}` | no |
| [topics](#input\_topics) | The topics of the repository | `list(string)` | `[]` | no |
| [visibility](#input\_visibility) | The visibility of the repository | `string` | `"private"` | no |
| [vulnerability\_alerts](#input\_vulnerability\_alerts) | Whether the repository has vulnerability alerts enabled | `bool` | `false` | no |
@@ -63,4 +63,4 @@ No modules.
| [repo\_id](#output\_repo\_id) | The ID of the repository. |
| [ssh\_clone\_url](#output\_ssh\_clone\_url) | The SSH URL of the repository. |
| [svn\_url](#output\_svn\_url) | The SVN URL of the repository. |
-
\ No newline at end of file
+
diff --git a/data.tf b/data.tf
index 522c72a..5de98fb 100644
--- a/data.tf
+++ b/data.tf
@@ -1,5 +1,5 @@
data "github_team" "self" {
- count = var.team_slug != null ? 1 : 0
+ count = length(keys(var.teams))
- slug = var.team_slug
+ slug = keys(var.teams)[count.index]
}
diff --git a/flake.nix b/flake.nix
index af0b13b..dabebeb 100644
--- a/flake.nix
+++ b/flake.nix
@@ -8,6 +8,7 @@
systems = [ "x86_64-linux" "aarch64-darwin" "x86_64-darwin" ];
perSystem = { config, self', inputs', pkgs, system, ... }:
let
+ inherit (pkgs) just terraform terraform-docs;
terraform-github = pkgs.terraform-providers.mkProvider {
homepage = "https://registry.terraform.io/providers/integrations/github";
owner = "integrations";
@@ -42,7 +43,8 @@
devShells = {
default = pkgs.mkShell {
- buildInputs = with pkgs; [
+ buildInputs = [
+ just
terraform
terraform-docs
];
diff --git a/makefile b/justfile
similarity index 62%
rename from makefile
rename to justfile
index 2d6ad33..e3647b0 100644
--- a/makefile
+++ b/justfile
@@ -1,3 +1,6 @@
+check:
+ nix build --json --no-link --print-build-logs
+
docs:
terraform-docs markdown table \
--output-file README.md \
diff --git a/main.tf b/main.tf
index 4f4a614..969118b 100644
--- a/main.tf
+++ b/main.tf
@@ -1,9 +1,9 @@
resource "github_team_repository" "self" {
- count = var.team_slug != null ? 1 : 0
+ count = length(keys(var.teams))
- permission = "admin"
+ permission = var.teams[keys(var.teams)[count.index]]
repository = github_repository.self.name
- team_id = data.github_team.self[0].id
+ team_id = data.github_team.self[count.index].id
}
resource "github_repository" "self" {
diff --git a/variables.tf b/variables.tf
index 967d380..703eeac 100644
--- a/variables.tf
+++ b/variables.tf
@@ -85,10 +85,28 @@ variable "required_status_checks_contexts" {
type = list(string)
}
-variable "team_slug" {
- default = null
- description = "The slug of the team to grant access to"
- type = string
+variable "teams" {
+ default = {}
+ description = "The teams to grant access to, and their permission levels"
+ type = map(string)
+
+ validation {
+ condition = alltrue([
+ for value in var.teams : contains(
+ [
+ // https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team_repository#permission
+ "pull",
+ "triage",
+ "push",
+ "maintain",
+ "admin"
+ ],
+ value
+ )
+ ])
+
+ error_message = "Team permissions must be one of 'pull', 'triage', 'push', 'maintain', 'admin'."
+ }
}
variable "topics" {