kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add branch protection object to the repositories variable

Browse Source
This commit is contained in:
Ali Abu Rub
2025-07-23 15:41:57 +03:00
committed by Wiktor Niesiobędzki
parent 3d213e997e
commit b7bbcd5513
3 changed files with 43 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/secure-source-manager-instance/README.md
View File

@@ -153,7 +153,7 @@ module "ssm_instance" {
| [instance_id](variables.tf#L29) | Instance ID. | <code>string</code> | ✓ | |
| [location](variables.tf#L46) | Location. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L51) | Project ID. | <code>string</code> | ✓ | |
| [repositories](variables.tf#L56) | Repositories. | <code title="map&#40;object&#40;&#123;&#10; description &#61; optional&#40;string&#41;&#10; iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings &#61; optional&#40;map&#40;object&#40;&#123;&#10; role &#61; string&#10; members &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10; role &#61; string&#10; member &#61; string&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; initial_config &#61; optional&#40;object&#40;&#123;&#10; default_branch &#61; optional&#40;string&#41;&#10; gitignores &#61; optional&#40;string&#41;&#10; license &#61; optional&#40;string&#41;&#10; readme &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | |
| [repositories](variables.tf#L56) | Repositories. | <code title="map&#40;object&#40;&#123;&#10; description &#61; optional&#40;string&#41;&#10; iam &#61; optional&#40;map&#40;list&#40;string&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings &#61; optional&#40;map&#40;object&#40;&#123;&#10; role &#61; string&#10; members &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; iam_bindings_additive &#61; optional&#40;map&#40;object&#40;&#123;&#10; role &#61; string&#10; member &#61; string&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10; initial_config &#61; optional&#40;object&#40;&#123;&#10; default_branch &#61; optional&#40;string&#41;&#10; gitignores &#61; optional&#40;string&#41;&#10; license &#61; optional&#40;string&#41;&#10; readme &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; branch_rules &#61; optional&#40;map&#40;object&#40;&#123;&#10; disabled &#61; optional&#40;bool, false&#41;&#10; include_pattern &#61; string&#10; require_pull_request &#61; optional&#40;bool&#41;&#10; minimum_approvals_count &#61; optional&#40;number&#41;&#10; minimum_reviews_count &#61; optional&#40;number&#41;&#10; require_comments_resolved &#61; optional&#40;bool&#41;&#10; allow_stale_reviews &#61; optional&#40;bool&#41;&#10; require_linear_history &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | ✓ | |
| [ca_pool](variables.tf#L17) | CA pool. | <code>string</code> | | <code>null</code> |
| [iam](variables-iam.tf#L17) | IAM bindings. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [iam_bindings](variables-iam.tf#L23) | IAM bindings. | <code title="map&#40;object&#40;&#123;&#10; role &#61; string&#10; members &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |

32
modules/secure-source-manager-instance/main.tf
View File

@@ -14,6 +14,22 @@
* limitations under the License.
*/
locals {
branch_rules = merge([for k1, v1 in var.repositories : { for k2, v2 in v1.branch_rules :
"${k1}.${k2}" => {
repository = k1
branch_rule_id = k2
include_pattern = v2.include_pattern
minimum_approvals_count = try(v2.minimum_approvals_count, null)
minimum_reviews_count = try(v2.minimum_reviews_count, null)
require_comments_resolved = try(v2.require_comments_resolved, null)
require_linear_history = try(v2.require_linear_history, null)
require_pull_request = try(v2.require_pull_request, null)
disabled = try(v2.disabled, null)
allow_stale_reviews = try(v2.allow_stale_reviews, null)
} }]...)
}
resource "google_secure_source_manager_instance" "instance" {
count = var.instance_create ? 1 : 0
instance_id = var.instance_id
@@ -46,4 +62,20 @@ resource "google_secure_source_manager_repository" "repositories" {
readme = each.value.initial_config.readme
}
}
}
resource "google_secure_source_manager_branch_rule" "branch_rules" {
for_each = local.branch_rules
branch_rule_id = each.value.branch_rule_id
project = google_secure_source_manager_repository.repositories[each.value.repository].project
location = google_secure_source_manager_repository.repositories[each.value.repository].location
repository_id = google_secure_source_manager_repository.repositories[each.value.repository].repository_id
disabled = each.value.disabled
include_pattern = each.value.include_pattern
minimum_approvals_count = each.value.minimum_approvals_count
minimum_reviews_count = each.value.minimum_reviews_count
require_comments_resolved = each.value.require_comments_resolved
require_linear_history = each.value.require_linear_history
require_pull_request = each.value.require_pull_request
allow_stale_reviews = each.value.allow_stale_reviews
}

10
modules/secure-source-manager-instance/variables.tf
View File

@@ -72,5 +72,15 @@ variable "repositories" {
license = optional(string)
readme = optional(string)
}))
branch_rules = optional(map(object({
disabled = optional(bool, false)
include_pattern = string
require_pull_request = optional(bool)
minimum_approvals_count = optional(number)
minimum_reviews_count = optional(number)
require_comments_resolved = optional(bool)
allow_stale_reviews = optional(bool)
require_linear_history = optional(bool)
})), {})
}))
}