Skip to content

Latest commit

 

History

History
73 lines (55 loc) · 11.1 KB

readme.md

File metadata and controls

73 lines (55 loc) · 11.1 KB
Raw

Preconfigured Terraform module for github_repository.

pre_commit trufflehog

This module creates a preconfigured GitHub repository.

Important

This repository uses the Conventional Commits.

For more information please see the Conventional Commits documentation.

Important

This repository uses the pre-commit.

Please be respectful while contributing and after cloning this repo install the pre-commit hooks.

> pre-commit install --install-hooks -t pre-commit -t commit-msg

For more information please see the pre-commit documentation.

Providers

Name Version
github 6.3.1

Requirements

Name Version
github ~> 6.0

Resources

Name Type
github_actions_secret.secret resource
github_actions_variable.variable resource
github_branch_default.branch resource
github_branch_protection.branch resource
github_dependabot_secret.secret resource
github_issue_label.label resource
github_repository.repository resource
github_repository_ruleset.ruleset resource

Inputs

Name Description Type Default Required
github_actions_secret Actions secret repository settings object github_actions_secret. map(string) {} no
github_actions_variable Actions variable repository settings object github_actions_variable. map(string) {} no
github_branch_default Default branch repository settings object github_branch_default. string null no
github_branch_protection Branch protection repository settings object github_branch_protection. 
map(object({
    pattern = string

    allows_deletions                = optional(bool, false)
    allows_force_pushes             = optional(bool, false)
    enforce_admins                  = optional(bool, false)
    force_push_bypassers            = optional(list(string), [])
    lock_branch                     = optional(bool, false)
    require_conversation_resolution = optional(bool, true)
    require_signed_commits          = optional(bool, false)
    required_linear_history         = optional(bool, false)

    required_pull_request_reviews = optional(object({
      dismiss_stale_reviews           = optional(bool, true)
      require_code_owner_reviews      = optional(bool, true)
      require_last_push_approval      = optional(bool, true)
      required_approving_review_count = optional(number, 1)
      restrict_dismissals             = optional(bool, false)
    }), {})

    required_status_checks = optional(object({
      contexts = optional(list(string), [])
      strict   = optional(bool, true)
    }), {})
  }))
 {} no
github_dependabot_secret Dependabot secret repository settings object github_dependabot_secret. map(string) {} no
github_issue_label Issue labels repository settings object github_issue_label. 
map(object({
    name        = string
    color       = string
    description = optional(string, null)
  }))
 {} no
github_repository Repository settings object github_repository. 
object({
    name        = string
    description = optional(string)
    topics      = optional(list(string), [])
    is_template = optional(bool, false)
    visibility  = optional(string, "private")

    # auto_init   = optional(bool, true)

    has_downloads   = optional(bool, false)
    has_issues      = optional(bool, false)
    has_projects    = optional(bool, false)
    has_wiki        = optional(bool, false)
    has_discussions = optional(bool, false)
    homepage_url    = optional(string)

    allow_merge_commit          = optional(bool, true)
    allow_squash_merge          = optional(bool, true)
    allow_rebase_merge          = optional(bool, true)
    allow_auto_merge            = optional(bool, false)
    allow_update_branch         = optional(bool, true)
    squash_merge_commit_title   = optional(string, null) # "PR_TITLE"
    squash_merge_commit_message = optional(string, null) # "PR_BODY"
    merge_commit_title          = optional(string, null) # "PR_TITLE"
    merge_commit_message        = optional(string, null) # "PR_BODY"
    delete_branch_on_merge      = optional(bool, true)

    # license_template = optional(string)

    archive_on_destroy                      = optional(bool, true)
    web_commit_signoff_required             = optional(bool, false)
    vulnerability_alerts                    = optional(bool, true)
    ignore_vulnerability_alerts_during_read = optional(bool, true)

    template = optional(object({
      owner                = string
      repository           = any
      include_all_branches = optional(bool, false)
    }), null)

    pages = optional(object({
      source = object({
        branch = string
        path   = string
      })
      build_type = string
      cname      = string
    }), null)

    security_and_analysis = optional(object({
      advanced_security = optional(object({
        status = optional(string, "enabled")
      }), {})
      secret_scanning = optional(object({
        status = optional(string, "enabled")
      }), {})
      secret_scanning_push_protection = optional(object({
        status = optional(string, "enabled")
      }), {})
    }), {})
  })
 n/a yes
github_repository_ruleset Branch protection repository settings object github_branch_protection. 
map(object({
    enforcement = string
    # name        = string
    target = string
    # repository  = string

    rules = list(object({
      branch_name_pattern = optional(object({
        operator = string
        pattern  = string
        name     = optional(string, null)
        negate   = optional(bool, false)
      }), null)

      commit_author_email_pattern = optional(object({
        operator = string
        pattern  = string
        name     = optional(string, null)
        negate   = optional(bool, false)
      }), null)

      commit_message_pattern = optional(object({
        operator = string
        pattern  = string
        name     = optional(string, null)
        negate   = optional(bool, false)
      }), null)

      committer_email_pattern = optional(object({
        operator = string
        pattern  = string
        name     = optional(string, null)
        negate   = optional(bool, false)
      }), null)

      creation         = optional(bool, false)
      deletion         = optional(bool, false)
      non_fast_forward = optional(bool, false)

      pull_request = optional(object({
        dismiss_stale_reviews_on_push     = optional(bool, false)
        require_code_owner_reviews        = optional(bool, false)
        require_last_push_approval        = optional(bool, false)
        required_approving_review_count   = optional(number, 0)
        required_review_thread_resolution = optional(bool, false)
      }), null)

      required_deployments = optional(object({
        required_deployment_environments = list(string)
      }), null)

      required_linear_history = optional(bool, false)
      required_signatures     = optional(bool, false)

      required_status_checks = optional(object({
        required_check = list(object({
          context        = string
          integration_id = optional(number, null)
        }))

        strict_required_status_checks_policy = optional(bool, false)
      }), null)

      tag_name_pattern = optional(object({
        operator = string
        pattern  = string
        name     = optional(string, null)
        negate   = optional(bool, false)
      }), null)

      update                        = optional(bool, false)
      update_allows_fetch_and_merge = optional(bool, false)
    }))

    bypass_actors = optional(list(object({
      actor_id    = number
      actor_type  = optional(string, null)
      bypass_mode = optional(string, null)
    })), null)

    conditions = optional(object({
      ref_name = optional(object({
        exclude = optional(list(string), [])
        include = optional(list(string), [])
      }), null)
    }), null)
  }))
 {} no

Modules

No modules.

Outputs

Name Description
out Repository settings object github_repository.

Contributions

This module is created by Inetum Poland. Feel free to contribute to it.