-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathburendo-common-config.tf
96 lines (80 loc) · 3.25 KB
/
burendo-common-config.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
resource "github_repository" "burendo_common_config" {
name = "burendo-common-config"
description = "Config and Infrastructure shared amongst many consumers"
visibility = "public"
auto_init = false
allow_merge_commit = false
delete_branch_on_merge = true
has_issues = true
topics = concat(local.common_topics, local.aws_topics)
lifecycle {
prevent_destroy = true
}
template {
owner = var.github_org
repository = "burendo-repo-template-terraform"
}
}
resource "github_team_repository" "burendo_common_config_burendo" {
repository = github_repository.burendo_common_config.name
team_id = github_team.burendo.id
permission = "push"
}
resource "github_team_repository" "burendo_common_config_admin" {
repository = github_repository.burendo_common_config.name
team_id = github_team.engineering.id
permission = "admin"
}
resource "github_branch_protection" "burendo_common_config_main" {
pattern = github_repository.burendo_common_config.default_branch
repository_id = github_repository.burendo_common_config.name
enforce_admins = false
required_status_checks {
strict = true
}
required_pull_request_reviews {
dismiss_stale_reviews = true
require_code_owner_reviews = true
}
}
resource "github_issue_label" "burendo_common_config" {
for_each = { for common_label in local.common_labels : common_label.name => common_label }
color = each.value.colour
name = each.value.name
repository = github_repository.burendo_common_config.name
}
resource "github_actions_secret" "aws_access_key_id_burendo_common_config" {
repository = github_repository.burendo_common_config.name
secret_name = "ACTIONS_ACCESS_KEY_ID"
plaintext_value = var.gha_aws.access_key_id
}
resource "github_actions_secret" "aws_secret_access_key_burendo_common_config" {
repository = github_repository.burendo_common_config.name
secret_name = "ACTIONS_SECRET_ACCESS_KEY"
plaintext_value = var.gha_aws.secret_access_key
}
resource "github_actions_secret" "aws_role_burendo_common_config" {
repository = github_repository.burendo_common_config.name
secret_name = "AWS_GHA_ROLE"
plaintext_value = "arn:aws:iam::${local.account["burendo-prod"]}:role/ci"
}
resource "github_actions_secret" "aws_terraform_version_burendo_common_config" {
repository = github_repository.burendo_common_config.name
secret_name = "TERRAFORM_VERSION"
plaintext_value = var.terraform_version
}
resource "github_actions_secret" "aws_acc_prod_burendo_common_config" {
repository = github_repository.burendo_common_config.name
secret_name = "AWS_GHA_ACC_PROD"
plaintext_value = local.account["burendo-prod"]
}
resource "github_actions_secret" "slack_build_notifications_webhook_burendo_common_config" {
repository = github_repository.burendo_common_config.name
secret_name = "SLACK_BUILD_NOTIFICATIONS_WEBHOOK"
plaintext_value = var.gha_aws.slack_build_notifications_webhook
}
resource "github_actions_secret" "slack_engineering_group_id_burendo_common_config" {
repository = github_repository.burendo_common_config.name
secret_name = "SLACK_ENGINEERING_GROUP_ID"
plaintext_value = var.gha_aws.slack_engineering_group_id
}