-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathburendo-handbook-public.tf
72 lines (60 loc) · 2.27 KB
/
burendo-handbook-public.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
resource "github_repository" "burendo_handbook_public" {
name = "burendo-handbook-public"
description = "The Burendo Handbook public content"
visibility = "public"
auto_init = false
allow_merge_commit = false
delete_branch_on_merge = true
has_issues = true
topics = local.common_topics
lifecycle {
prevent_destroy = true
}
template {
owner = var.github_org
repository = "burendo-repo-template"
}
}
resource "github_team_repository" "burendo_handbook_public_burendo" {
repository = github_repository.burendo_handbook_public.name
team_id = github_team.burendo.id
permission = "push"
}
resource "github_team_repository" "burendo_handbook_public_admin" {
repository = github_repository.burendo_handbook_public.name
team_id = github_team.engineering.id
permission = "admin"
}
resource "github_branch_protection" "burendo_handbook_public_main" {
pattern = github_repository.burendo_handbook_public.default_branch
repository_id = github_repository.burendo_handbook_public.name
enforce_admins = true
required_status_checks {
strict = true
}
required_pull_request_reviews {
dismiss_stale_reviews = true
require_code_owner_reviews = true
}
}
resource "github_issue_label" "burendo_handbook_public" {
for_each = { for common_label in local.common_labels : common_label.name => common_label }
color = each.value.colour
name = each.value.name
repository = github_repository.burendo_handbook_public.name
}
resource "github_actions_secret" "burendo_handbook_public_github_token" {
repository = github_repository.burendo_handbook_public.name
secret_name = "GHA_TOKEN"
plaintext_value = var.github_token
}
resource "github_actions_secret" "burendo_handbook_public_slack_build_notifications_webhook" {
repository = github_repository.burendo_handbook_public.name
secret_name = "SLACK_BUILD_NOTIFICATIONS_WEBHOOK"
plaintext_value = var.gha_aws.slack_build_notifications_webhook
}
resource "github_actions_secret" "burendo_handbook_public_slack_engineering_group_id" {
repository = github_repository.burendo_handbook_public.name
secret_name = "SLACK_ENGINEERING_GROUP_ID"
plaintext_value = var.gha_aws.slack_engineering_group_id
}