Skip to content

Commit

Permalink
Merge branch 'main' of github.com:cncsc/terraform-github-repository
Browse files Browse the repository at this point in the history
  • Loading branch information
lukiffer committed Jan 2, 2023
2 parents a2d2d5a + e25fca1 commit 95e300a
Show file tree
Hide file tree
Showing 4 changed files with 37 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ provider "github" {
module "github_repository" {
source = "../../"

name = "terratest-example-repository"
name = "terratest-example-private-repository"
description = "An example repository used for testing Terraform-based deployments of a GitHub repository."

pull_teams = [
Expand Down
25 changes: 25 additions & 0 deletions examples/public-repository/example.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
terraform {
required_version = ">= 0.12.26"

required_providers {
github = {
source = "integrations/github"
version = ">= 5.12.0"
}
}
}

provider "github" {
owner = "cncsc"
}

module "github_repository" {
source = "../../"

name = "terratest-example-public-repository"
description = "An example repository used for testing Terraform-based deployments of a GitHub repository."
visibility = "public"

# Set this to avoid naming collisions during consecuritive CI runs.
archive_on_destroy = false
}
9 changes: 7 additions & 2 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,13 +20,16 @@ terraform {
resource "github_repository" "repo" {
name = var.name
description = var.description
visibility = var.visibility
homepage_url = var.homepage_url
topics = var.topics
is_template = var.is_template
archived = var.archived
auto_init = var.auto_init

# The visibility variable defaults to private, but there are valid use cases for public repos.
# tfsec:ignore:github-repositories-private
visibility = var.visibility

dynamic "template" {
for_each = var.template_owner != null && var.template_repository != null ? [1] : []
content {
Expand All @@ -48,7 +51,9 @@ resource "github_repository" "repo" {
}

dynamic "security_and_analysis" {
for_each = var.advanced_security_enabled || var.secret_scanning_enabled || var.secret_scanning_push_protection_enabled ? [1] : []
// Advanced security is automatically enabled for public repositories
// This block is redundant (and potentially misleading) for public repositories.
for_each = var.visibility != "public" && (var.advanced_security_enabled || var.secret_scanning_enabled || var.secret_scanning_push_protection_enabled) ? [1] : []

content {
advanced_security {
Expand Down
8 changes: 4 additions & 4 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ variable "allow_merge_commit" {
variable "merge_commit_title" {
description = "The default merge commit title. One of `PR_TITLE` or `MERGE_MESSAGE`."
type = string
default = "PR_TITLE"
default = "MERGE_MESSAGE"
}

variable "merge_commit_message" {
Expand Down Expand Up @@ -204,19 +204,19 @@ variable "pages_cname" {
}

variable "advanced_security_enabled" {
description = "Whether or not advanced security features are enabled on the repository."
description = "Whether or not advanced security features are enabled on the repository. This setting has no effect in public repositories which has this feature enabled by default."
type = bool
default = true
}

variable "secret_scanning_enabled" {
description = "Whether or not secret scanning is enabled on the repository."
description = "Whether or not secret scanning is enabled on the repository. This setting has no effect in public repositories which has this feature enabled by default."
type = bool
default = true
}

variable "secret_scanning_push_protection_enabled" {
description = "Whether or not secret scanning push protection is enabled on the repository."
description = "Whether or not secret scanning push protection is enabled on the repository. This setting has no effect in public repositories which has this feature enabled by default."
type = bool
default = true
}
Expand Down

0 comments on commit 95e300a

Please sign in to comment.