-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathbranch-protection.tf
49 lines (39 loc) · 2.8 KB
/
branch-protection.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
locals {
branch_protection_json_files = fileset(path.module, "branch-protection/*.json")
}
resource "github_branch_protection_v3" "protection" {
for_each = { for file in local.branch_protection_json_files :
jsondecode(file(file)).repository => jsondecode(file(file)) }
repository = each.value.repository
branch = each.value.branch
enforce_admins = contains(keys(each.value), "enforce_admins") ? each.value.enforce_admins : false
require_signed_commits = contains(keys(each.value), "require_signed_commits") ? each.value.require_signed_commits : false
require_conversation_resolution = contains(keys(each.value), "require_conversation_resolution") ? each.value.require_conversation_resolution : false
required_status_checks {
strict = contains(keys(each.value.required_status_checks), "strict") ? each.value.required_status_checks.strict : false
#omit contexts argument per terraform documentation
#contexts = contains(keys(each.value.required_status_checks), "contexts") ? each.value.required_status_checks.contexts : []
checks = contains(keys(each.value.required_status_checks), "checks") ? each.value.required_status_checks.checks : []
}
required_pull_request_reviews {
dismiss_stale_reviews = contains(keys(each.value.required_pull_request_reviews), "dismiss_stale_reviews") ? each.value.required_pull_request_reviews.dismiss_stale_reviews : false
require_code_owner_reviews = contains(keys(each.value.required_pull_request_reviews), "require_code_owner_reviews") ? each.value.required_pull_request_reviews.require_code_owner_reviews : false
required_approving_review_count = contains(keys(each.value.required_pull_request_reviews), "required_approving_review_count") ? each.value.required_pull_request_reviews.required_approving_review_count : 0
dismissal_users = contains(keys(each.value.required_pull_request_reviews), "dismissal_users") ? each.value.required_pull_request_reviews.dismissal_users : []
dismissal_teams = contains(keys(each.value.required_pull_request_reviews), "dismissal_teams") ? each.value.required_pull_request_reviews.dismissal_teams : []
dynamic "bypass_pull_request_allowances" {
for_each = contains(keys(each.value.required_pull_request_reviews), "bypass_pull_request_allowances") ? [each.value.required_pull_request_reviews.bypass_pull_request_allowances] : []
content {
users = try(bypass_pull_request_allowances.value.users, [])
teams = try(bypass_pull_request_allowances.value.teams, [])
}
}
}
dynamic "restrictions" {
for_each = contains(keys(each.value), "restrictions") ? [each.value.restrictions] : []
content {
users = try(restrictions.value.users, [])
teams = try(restrictions.value.teams, [])
}
}
}