forked from mineiros-io/terraform-github-repository
-
Notifications
You must be signed in to change notification settings - Fork 1
/
README.tfdoc.hcl
1544 lines (1345 loc) · 52.4 KB
/
README.tfdoc.hcl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
header {
image = "https://raw.githubusercontent.com/mineiros-io/brand/3bffd30e8bdbbde32c143e2650b2faa55f1df3ea/mineiros-primary-logo.svg"
url = "https://mineiros.io/?ref=terraform-github-repository"
badge "build" {
image = "https://github.com/mineiros-io/terraform-github-repository/workflows/CI/CD%20Pipeline/badge.svg"
url = "https://github.com/mineiros-io/terraform-github-repository/actions"
text = "Build Status"
}
badge "semver)" {
image = "https://img.shields.io/github/v/tag/mineiros-io/terraform-github-repository.svg?label=latest&sort=semver"
url = "https://github.com/mineiros-io/terraform-github-repository/releases"
text = "GitHub tag (latest SemVer)"
}
badge "terraform" {
image = "https://img.shields.io/badge/terraform-1.x-623CE4.svg?logo=terraform"
url = "https://github.com/hashicorp/terraform/releases"
text = "Terraform Version"
}
badge "tf-gh" {
image = "https://img.shields.io/badge/GH-4.10+-F8991D.svg?logo=terraform"
url = "https://github.com/terraform-providers/terraform-provider-github/releases"
text = "Github Provider Version"
}
badge "slack" {
image = "https://img.shields.io/badge/[email protected]?logo=slack"
url = "https://join.slack.com/t/mineiros-community/shared_invite/zt-ehidestg-aLGoIENLVs6tvwJ11w9WGg"
text = "Join Slack"
}
}
section {
title = "terraform-github-repository"
toc = true
content = <<-END
A [Terraform] module for creating a public or private repository on [Github].
**_This module supports Terraform v1.x and is compatible with the Official Terraform GitHub Provider v4.20 and above from `integrations/github`._**
**Attention: This module is incompatible with the Hashicorp GitHub Provider! The latest version of this module supporting `hashicorp/github` provider is `~> 0.10.0`**
** Note: Versions 5.3.0, 5.4.0, and 5.5.0 of the Terraform Github Provider have broken branch protections support and should not be used.**
END
section {
title = "GitHub as Code"
content = <<-END
[GitHub as Code][github-as-code] is a commercial solution built on top of
our open-source Terraform modules for GitHub. It helps our customers to
manage their GitHub organization more efficiently by enabling anyone in
their organization to **self-service** manage **on- and offboarding of users**,
**repositories**, and settings such as **branch protections**, **secrets**, and more
through code. GitHub as Code comes with **pre-configured GitHub Actions
pipelines** for **change pre-view in Pull Requests**, **fully automated
rollouts** and **rollbacks**. It's a comprehensive, ready-to-use blueprint
maintained by our team of platform engineering experts and saves
companies such as yours tons of time by building on top of a pre-configured
solution instead of building and maintaining it yourself.
For details please see [https://mineiros.io/github-as-code][github-as-code].
END
}
section {
title = "Module Features"
content = <<-END
In contrast to the plain `github_repository` resource this module enables various other
features like Branch Protection or Collaborator Management.
- **Default Security Settings**:
This module creates a `private` repository by default,
Deploy keys are `read-only` by default
- **Standard Repository Features**:
Setting basic Metadata,
Merge Strategy,
Auto Init,
License Template,
Gitignore Template,
Template Repository
- **Extended Repository Features**:
Branches,
Branch Protection,
Issue Labels,
Handle Github Default Issue Labels,
Collaborators,
Teams,
Deploy Keys,
Projects,
Repository Webhooks
- _Features not yet implemented_:
Project Columns support,
Actions,
Repository File
END
}
section {
title = "Getting Started"
content = <<-END
Most basic usage creating a new private github repository.
```hcl
module "repository" {
source = "mineiros-io/repository/github"
version = "~> 0.18.0"
name = "terraform-github-repository"
license_template = "apache-2.0"
gitignore_template = "Terraform"
}
```
END
}
section {
title = "Module Argument Reference"
content = <<-END
See [variables.tf] and [examples/] for details and use-cases.
END
section {
title = "Main Resource Configuration"
variable "name" {
required = true
type = string
description = <<-END
The name of the repository.
END
}
variable "defaults" {
type = object(defaults)
default = {}
description = <<-END
DEPRECATED:
This variable will be removed in future releases.
It was needed in times when Terraform Module for each was not available to provide default values for multiple repositories.
Please convert your code accordingly to stay compatible with future releases.
END
}
variable "pages" {
type = object(pages)
default = {}
description = <<-END
A object of settings to configure GitHub Pages in this repository.
See below for a list of supported arguments.
END
attribute "branch" {
required = true
type = string
description = <<-END
The repository branch used to publish the site's source files.
END
}
attribute "path" {
type = string
description = <<-END
The repository directory from which the site publishes.
END
}
attribute "cname" {
type = string
description = <<-END
The custom domain for the repository. This can only be set after the
repository has been created.
END
}
}
variable "allow_merge_commit" {
type = bool
default = true
description = <<-END
Set to `false` to disable merge commits on the repository.
If you set this to `false` you have to enable either `allow_squash_merge`
or `allow_rebase_merge`.
END
}
variable "allow_squash_merge" {
type = bool
default = false
description = <<-END
Set to `true` to enable squash merges on the repository.
END
}
variable "allow_rebase_merge" {
type = bool
default = false
description = <<-END
Set to `true` to enable rebase merges on the repository.
END
}
variable "allow_auto_merge" {
type = bool
default = false
description = <<-END
Set to `true` to allow [auto-merging](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request)
pull requests on the repository. If you enable auto-merge for a pull
request, the pull request will merge automatically when all required
reviews are met and status checks have passed.
END
}
variable "description" {
type = string
default = ""
description = <<-END
A description of the repository.
END
}
variable "delete_branch_on_merge" {
type = bool
default = true
description = <<-END
Set to `false` to disable the automatic deletion of head branches after pull requests are merged.
END
}
variable "homepage_url" {
type = string
default = ""
description = <<-END
URL of a page describing the project.
END
}
variable "private" {
type = bool
description = <<-END
**_DEPRECATED_**: Please use `visibility` instead and update your code. parameter will be removed in a future version
END
}
variable "visibility" {
type = string
default = "private"
description = <<-END
Can be `public` or `private`.
If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, `visibility` can also be `internal`.
The `visibility` parameter overrides the deprecated `private` parameter.
END
}
variable "has_issues" {
type = bool
default = false
description = <<-END
Set to true to enable the GitHub Issues features on the repository.
END
}
variable "has_projects" {
type = bool
default = false
description = <<-END
Set to true to enable the GitHub Projects features on the repository.
END
}
variable "has_wiki" {
type = bool
default = false
description = <<-END
Set to true to enable the GitHub Wiki features on the repository.
END
}
variable "has_downloads" {
type = bool
default = false
description = <<-END
Set to `true` to enable the (deprecated) downloads features on the repository.
END
}
variable "is_template" {
type = bool
default = false
description = <<-END
Set to `true` to tell GitHub that this is a template repository.
END
}
variable "default_branch" {
type = string
default = ""
description = <<-END
The name of the default branch of the repository.
NOTE: The configured default branch must exist in the repository.
If the branch doesn't exist yet, or if you are creating a new
repository, please add the desired default branch to the `branches`
variable, which will cause Terraform to create it for you.
END
}
variable "archived" {
type = bool
default = false
description = <<-END
Specifies if the repository should be archived.
NOTE: Currently, the API does not support unarchiving.
END
}
variable "topics" {
type = list(string)
default = []
description = <<-END
The list of topics of the repository.
END
}
variable "extra_topics" {
type = list(string)
default = []
description = <<-END
A list of additional topics of the repository. Those topics will be added to the list of `topics`. This is useful if `default.topics` are used and the list should be extended with more topics.
END
}
variable "vulnerability_alerts" {
type = bool
description = <<-END
Set to `false` to disable security alerts for vulnerable dependencies.
Enabling requires alerts to be enabled on the owner level.
END
}
variable "archive_on_destroy" {
type = bool
default = true
description = <<-END
Set to `false` to not archive the repository instead of deleting on destroy.
END
}
}
section {
title = "Extended Resource Configuration"
section {
title = "Repository Creation Configuration"
content = <<-END
The following four arguments can only be set at repository creation and
changes will be ignored for repository updates and
will not show a diff in plan or apply phase.
END
variable "auto_init" {
type = bool
default = true
description = <<-END
Set to `false` to not produce an initial commit in the repository.
END
}
variable "gitignore_template" {
type = string
default = ""
description = <<-END
Use the name of the template without the extension.
END
}
variable "license_template" {
type = string
default = ""
description = <<-END
Use the name of the template without the extension.
END
}
variable "template" {
type = object(template)
default = {}
description = <<-END
Use a template repository to create this resource.
END
attribute "owner" {
required = true
type = string
description = <<-END
The GitHub organization or user the template repository is owned by.
END
}
attribute "repository" {
required = true
type = string
description = <<-END
The name of the template repository.
END
}
}
}
section {
title = "Teams Configuration"
content = <<-END
Your can use non-computed (known at `terraform plan`) team names or slugs (`*_teams` Attributes)
or computed (only known in `terraform apply` phase) team IDs (`*_team_ids` Attributes).
**When using non-computed names/slugs teams need to exist before running plan.**
This is due to some terraform limitation and we will update the module once terraform removed this limitation.
END
variable "pull_teams" {
type = list(string)
default = []
description = <<-END
Can also be `pull_team_ids`. A list of teams to grant pull (read-only) permission.
Recommended for non-code contributors who want to view or discuss your project.
END
}
variable "triage_teams" {
type = list(string)
default = []
description = <<-END
Can also be `triage_team_ids`. A list of teams to grant triage permission.
Recommended for contributors who need to proactively manage issues and pull requests
without write access.
END
}
variable "push_teams" {
type = list(string)
default = []
description = <<-END
Can also be `push_team_ids`. A list of teams to grant push (read-write) permission.
Recommended for contributors who actively push to your project.
END
}
variable "maintain_teams" {
type = list(string)
default = []
description = <<-END
Can also be `maintain_team_ids`. A list of teams to grant maintain permission.
Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
END
}
variable "admin_teams" {
type = list(string)
default = []
description = <<-END
Can also be `admin_team_ids`. A list of teams to grant admin (full) permission.
Recommended for people who need full access to the project, including sensitive and destructive actions like managing security or deleting a repository.
END
}
}
section {
title = "Collaborator Configuration"
variable "pull_collaborators" {
type = list(string)
default = []
description = <<-END
A list of user names to add as collaborators granting them pull (read-only) permission.
Recommended for non-code contributors who want to view or discuss your project.
END
}
variable "triage_collaborators" {
type = list(string)
default = []
description = <<-END
A list of user names to add as collaborators granting them triage permission.
Recommended for contributors who need to proactively manage issues and pull requests without write access.
END
}
variable "push_collaborators" {
type = list(string)
default = []
description = <<-END
A list of user names to add as collaborators granting them push (read-write) permission.
Recommended for contributors who actively push to your project.
END
}
variable "maintain_collaborators" {
type = list(string)
default = []
description = <<-END
A list of user names to add as collaborators granting them maintain permission.
Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
END
}
variable "admin_collaborators" {
type = list(string)
default = []
description = <<-END
A list of user names to add as collaborators granting them admin (full) permission.
Recommended for people who need full access to the project, including sensitive and destructive actions like managing security or deleting a repository.
END
}
}
section {
title = "Branches Configuration"
variable "branches" {
type = list(branch)
default = []
description = <<-END
Create and manage branches within your repository.
Additional constraints can be applied to ensure your branch is created from another branch or commit.
END
attribute "name" {
required = true
type = string
description = <<-END
The name of the branch to create.
END
}
attribute "source_branch" {
type = string
description = <<-END
The branch name to start from. Uses the configured default branch per default.
END
}
attribute "source_sha" {
type = bool
default = true
description = <<-END
The commit hash to start from. Defaults to the tip of `source_branch`. If provided, `source_branch` is ignored.
END
}
}
}
section {
title = "Deploy Keys Configuration"
variable "deploy_keys" {
type = list(deploy_key)
default = []
description = <<-END
Can also be type `list(string)`. Specifies deploy keys and access-level of deploy keys used in this repository.
Every `string` in the list will be converted internally into the `object` representation with the `key` argument being set to the `string`. `object` details are explained below.
END
attribute "key" {
required = true
type = string
description = <<-END
The SSH public key.
END
}
attribute "title" {
type = string
description = <<-END
A Title for the key.
Default is the comment field of SSH public key if it is not empty else it defaults to `md5(key)`.
END
}
attribute "read_only" {
type = bool
default = true
description = <<-END
Specifies the level of access for the key.
END
}
attribute "id" {
type = string
default = "md5(key)"
description = <<-END
Specifies an ID which is used to prevent resource recreation when the order in the list of deploy keys changes.
The ID must be unique between `deploy_keys` and `deploy_keys_computed`.
END
}
}
variable "deploy_keys_computed" {
type = list(deploy_key)
default = []
description = <<-END
Can also be type `string`. Same as `deploy_keys` argument with the following differences:
Use this argument if you depend on computed keys that terraform can not use in resource `for_each` execution. Downside of this is the recreation of deploy key resources whenever the order in the list changes. **Prefer `deploy_keys` whenever possible.**
This argument does **not** conflict with `deploy_keys` and should exclusively be used for computed resources.
END
attribute "key" {
required = true
type = string
description = <<-END
The SSH public key.
END
}
attribute "title" {
type = string
description = <<-END
A Title for the key.
Default is the comment field of SSH public key if it is not empty else it defaults to `md5(key)`.
END
}
attribute "read_only" {
type = bool
default = true
description = <<-END
Specifies the level of access for the key.
END
}
attribute "id" {
type = string
default = "md5(key)"
description = <<-END
Specifies an ID which is used to prevent resource recreation when the order in the list of deploy keys changes.
The ID must be unique between `deploy_keys` and `deploy_keys_computed`.
END
}
}
}
section {
title = "Branch Protections v3 Configuration"
variable "branch_protections_v3" {
type = list(branch_protection_v3)
default = []
description = <<-END
This resource allows you to configure v3 branch protection for repositories in your organization.
When applied, the branch will be protected from forced pushes and deletion.
Additional constraints, such as required status checks or restrictions on users and teams, can also be configured.
END
attribute "branch" {
required = true
type = string
description = <<-END
The Git branch to protect.
END
}
attribute "enforce_admins" {
type = bool
default = false
description = <<-END
Setting this to true enforces status checks for repository administrators.
END
}
attribute "require_conversation_resolution" {
type = bool
default = false
description = <<-END
Setting this to true requires all conversations to be resolved.
END
}
attribute "require_signed_commits" {
type = bool
default = false
description = <<-END
Setting this to true requires all commits to be signed with GPG.
END
}
attribute "required_status_checks" {
type = object(required_status_checks)
default = {}
description = <<-END
Enforce restrictions for required status checks.
See Required Status Checks below for details.
END
attribute "strict" {
type = bool
default = false
description = <<-END
Require branches to be up to date before merging.
END
}
attribute "contexts" {
type = list(string)
default = []
description = <<-END
The list of status checks to require in order to merge into this branch. If default is `[]` no status checks are required.
END
}
}
attribute "required_pull_request_reviews" {
type = object(required_pull_request_reviews)
default = {}
description = <<-END
Enforce restrictions for pull request reviews.
END
attribute "dismiss_stale_reviews" {
type = bool
default = true
description = <<-END
Dismiss approved reviews automatically when a new commit is pushed.
END
}
attribute "dismissal_users" {
type = list(string)
default = []
description = <<-END
The list of user logins with dismissal access
END
}
attribute "dismissal_teams" {
type = list(string)
default = []
description = <<-END
The list of team slugs with dismissal access.
Always use slug of the team, not its name.
Each team already has to have access to the repository.
END
}
attribute "require_code_owner_reviews" {
type = bool
default = false
description = <<-END
Require an approved review in pull requests including files with a designated code owner.
END
}
}
attribute "restrictions" {
type = object(restrictions)
default = {}
description = <<-END
Enforce restrictions for the users and teams that may push to the branch - only available for organization-owned repositories. See Restrictions below for details.
END
attribute "users" {
type = list(string)
default = []
description = <<-END
The list of user logins with push access.
END
}
attribute "teams" {
type = list(string)
default = []
description = <<-END
The list of team slugs with push access.
Always use slug of the team, not its name.
Each team already has to have access to the repository.
END
}
attribute "apps" {
type = list(string)
default = []
description = <<-END
The list of app slugs with push access.
END
}
}
}
}
section {
title = "Branch Protections v4 Configuration"
variable "branch_protections_v4" {
type = list(branch_protection_v4)
default = []
description = <<-END
This resource allows you to configure v4 branch protection for repositories in your organization.
Each element in the list is a branch to be protected and the value the corresponding to the desired configuration for the branch.
When applied, the branch will be protected from forced pushes and deletion.
Additional constraints, such as required status checks or restrictions on users and teams, can also be configured.
**_NOTE:_** May conflict with v3 branch protections if used for the same branch.
END
attribute "pattern" {
type = string
required = true
description = <<-END
Identifies the protection rule pattern.
END
}
attribute "_key" {
type = string
description = <<-END
An alternative key to use in `for_each` resource creation.
Defaults to the value of `var.pattern`.
END
}
attribute "allows_deletions" {
type = bool
default = false
description = <<-END
Setting this to `true` to allow the branch to be deleted.
END
}
attribute "allows_force_pushes" {
type = bool
default = false
description = <<-END
Setting this to `true` to allow force pushes on the branch.
END
}
attribute "blocks_creations" {
type = bool
default = false
description = <<-END
Setting this to `true` will block creating the branch.
END
}
attribute "enforce_admins" {
type = bool
default = true
description = <<-END
Keeping this as `true` enforces status checks for repository administrators.
END
}
attribute "push_restrictions" {
type = list(string)
default = []
description = <<-END
The list of actor Names/IDs that may push to the branch.
Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
END
}
attribute "require_conversation_resolution" {
type = bool
default = false
description = <<-END
Setting this to true requires all conversations on code must be resolved before a pull request can be merged.
END
}
attribute "require_signed_commits" {
type = bool
default = false
description = <<-END
Setting this to true requires all commits to be signed with GPG.
END
}
attribute "required_linear_history" {
type = bool
default = false
description = <<-END
Setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch.
END
}
attribute "required_pull_request_reviews" {
type = object(required_pull_request_reviews)
description = <<-END
Enforce restrictions for pull request reviews.
END
attribute "dismiss_stale_reviews" {
type = bool
default = true
description = <<-END
Dismiss approved reviews automatically when a new commit is pushed.
END
}
attribute "restrict_dismissals" {
type = bool
description = <<-END
Restrict pull request review dismissals.
END
}
attribute "dismissal_restrictions" {
type = list(string)
default = []
description = <<-END
The list of actor Names/IDs with dismissal access.
If not empty, `restrict_dismissals` is ignored
Actor names must either begin with a `/` for users or the organization name followed by a `/` for teams.
END
}
attribute "pull_request_bypassers" {
type = list(string)
default = []
description = <<-END
The list of actor Names/IDs that are allowed to bypass pull request requirements.
Actor names must either begin with a `/` for users or the organization name followed by a `/` for teams.
END
}
attribute "require_code_owner_reviews" {
type = bool
default = true
description = <<-END
Require an approved review in pull requests including files with a designated code owner.
END
}
attribute "required_approving_review_count" {
type = number
default = 0
description = <<-END
Require x number of approvals to satisfy branch protection requirements.
If this is specified it must be a number between 0-6.
END
}
}
attribute "required_status_checks" {
type = object(required_status_checks)
description = <<-END
Enforce restrictions for required status checks.
See Required Status Checks below for details.
END
attribute "strict" {
type = bool
default = false
description = <<-END
Require branches to be up to date before merging.
END
}
attribute "contexts" {
type = list(string)
default = []
description = <<-END
The list of status checks to require in order to merge into this branch. If default is `[]` no status checks are required.
END
}
}
}
}
section {
title = "Issue Labels Configuration"
variable "issue_labels" {
type = list(issue_label)
default = []
description = <<-END
This resource allows you to create and manage issue labels within your GitHub organization.
Issue labels are keyed off of their "name", so pre-existing issue labels result in a 422 HTTP error if they exist outside of Terraform.
Normally this would not be an issue, except new repositories are created with a "default" set of labels, and those labels easily conflict with custom ones.
This resource will first check if the label exists, and then issue an update, otherwise it will create.
END
attribute "name" {
required = true
type = string
description = <<-END
The name of the label.
END
}
attribute "color" {
required = true
type = string
description = <<-END
A 6 character hex code, without the leading `#`, identifying the color of the label.
END
}