-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvariables.tf
More file actions
155 lines (148 loc) · 5.8 KB
/
variables.tf
File metadata and controls
155 lines (148 loc) · 5.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
variable "composite_action_repos" {
type = object({
checkout = optional(string, "gh-actions-checkout@v4")
aws_auth = optional(string, "aws-auth@main")
setup_terraform = optional(string, "gh-actions-terraform@v1")
terraform_init = optional(string, "terraform-init@main")
terraform_plan = optional(string, "terraform-plan@main")
terraform_apply = optional(string, "terraform-apply@main")
gh_auth = optional(string, "gh-auth@main")
s3_cleanup = optional(string, "s3-cleanup@main")
})
default = {}
validation {
condition = length(var.composite_action_repos) >= 0
error_message = "Repos map must not be empty."
}
}
# Variable definition for environments
variable "environments" {
default = []
type = list(object({
# Name of the environment
name = string
prevent_self_review = optional(bool, false) # Flag to prevent self review
wait_timer = optional(number, null) # Wait timer for review
# Reviewers configuration
can_admins_bypass = optional(bool, true) # Flag to allow admins to bypass
runner_group = optional(string, "self-hosted") # Runner group
reviewers = optional(object({
users = optional(list(string), []) # List of user reviewers
teams = optional(list(string), []) # List of team reviewers
enforce_reviewers = optional(bool, false) # Flag to enforce reviewers
}), {
users = []
teams = []
})
cache_bucket = string
# Deployment branch policy configuration
deployment_branch_policy = optional(object({
branch = optional(string) # Branch name
branch_pattern = optional(string) # Branch pattern
create_branch = optional(bool, false) # Flag to create branch
create_branch_protection = optional(bool, true) # Flag to create branch protection
protected_branches = optional(bool, true) # Flag to protect branches
custom_branch_policies = optional(bool, false) # Flag to enable custom branch policies
enforce_admins = optional(bool, false) # Flag to enforce admin rules
restrict_branches = optional(bool, true) # Flag to create policy
required_status_checks = optional(object({
strict = optional(bool, true) # Flag to enforce strict status checks
contexts = list(string) # List of status check contexts
}), {
strict = false
contexts = []
})
required_pull_request_reviews = optional(object({
dismiss_stale_reviews = optional(bool, true) # Flag to dismiss stale reviews
require_code_owner_reviews = optional(bool, true) # Flag to require code owner reviews
required_approving_review_count = optional(number, 1) # Number of required approving reviews
}), {
dismiss_stale_reviews = true
require_code_owner_reviews = true
required_approving_review_count = 1
})
}), {
branch = "main"
create_branch = false
protected_branches = true
custom_branch_policies = false
})
# State configuration for Terraform
state_config = optional(object({
bucket = optional(string) # S3 bucket name
key_prefix = optional(string) # Key prefix for the state file
region = optional(string) # AWS region
dynamodb_table = optional(string) # DynamoDB table for state locking
set_backend = optional(bool, false) # Flag to set backend
}), null
)
# Secrets for GitHub Actions
secrets = optional(list(object({
name = string # Secret name
value = string # Secret value
})), [])
# Variables for GitHub Actions
vars = optional(list(object({
name = string # Variable name
value = string # Variable value
})), [])
}))
description = "List of environments with their configurations"
validation {
condition = length(var.environments) >= 0
error_message = "Environments list is optional but must be a list of objects."
}
}
variable "state_config" {
type = object({
bucket = optional(string)
key = optional(string)
region = optional(string)
dynamodb_table = optional(string)
set_backend = optional(bool, false)
key_prefix = optional(string, "terraform-state-files")
})
description = "Configuration for Terraform state storage"
default = {}
}
variable "repo" {
type = object({
collaborators = optional(map(string), {})
create_repo = optional(bool, true)
description = optional(string, "")
enforce_prs = optional(bool, true)
codeowners = optional(string, "")
vars = optional(list(object({
name = string
value = string
})), [])
secrets = optional(list(object({
name = string
value = string
})), [])
admin_teams = optional(list(string), [])
create_codeowners = optional(bool, false)
pull_request_bypassers = optional(list(string), [])
github_organization_teams = optional(list(object({
slug = string
id = string
})), [])
is_private = optional(bool, false)
is_template = optional(bool, false)
template_repo_org = optional(string, null)
template_repo = optional(string, null)
name = string
repo_org = string
repo_topics = optional(list(string), [])
archive_on_destroy = optional(bool, false)
extra_files = optional(list(object({
path = string,
content = string
})), [])
managed_extra_files = optional(list(object({
path = string,
content = string
})), [])
})
description = "Configuration for the GitHub repository"
}