-
Notifications
You must be signed in to change notification settings - Fork 29
Expand file tree
/
Copy pathrepository_templates.tf
More file actions
44 lines (40 loc) · 1.79 KB
/
repository_templates.tf
File metadata and controls
44 lines (40 loc) · 1.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
resource "github_repository" "alz_templates" {
count = var.use_template_repository ? 1 : 0
name = var.repository_name_templates
description = var.repository_name_templates
auto_init = true
visibility = var.repository_visibility
allow_update_branch = true
allow_merge_commit = false
allow_rebase_merge = false
vulnerability_alerts = true
}
resource "github_repository_file" "alz_templates" {
for_each = var.use_template_repository ? var.template_repository_files : {}
repository = github_repository.alz_templates[0].name
file = each.key
content = each.value.content
commit_author = local.default_commit_email
commit_email = local.default_commit_email
commit_message = "Add ${each.key} [skip ci]"
overwrite_on_create = true
}
resource "github_branch_protection" "alz_templates" {
count = var.use_template_repository && var.create_branch_policies ? 1 : 0
depends_on = [github_repository_file.alz_templates]
repository_id = github_repository.alz_templates[0].name
pattern = "main"
enforce_admins = true
required_linear_history = true
require_conversation_resolution = true
required_pull_request_reviews {
dismiss_stale_reviews = true
restrict_dismissals = true
required_approving_review_count = length(var.approvers) > 1 ? 1 : 0
}
}
resource "github_actions_repository_access_level" "alz_templates" {
count = var.use_template_repository && data.github_organization.alz.plan == local.enterprise_plan ? 1 : 0
access_level = "organization"
repository = github_repository.alz_templates[0].name
}