From ae29e958e9b524b07681f8acebad33bdb0463d13 Mon Sep 17 00:00:00 2001 From: nourshoreibah Date: Wed, 27 Aug 2025 03:14:03 +0300 Subject: [PATCH] Import and configure GitHub repo --- infrastructure/github/backend.tf | 9 +++++++ infrastructure/github/imports.tf | 4 +++ infrastructure/github/main.tf | 43 ++++++++++++++++++++++++++++++ infrastructure/github/providers.tf | 26 ++++++++++++++++++ infrastructure/github/secrets.tf | 20 ++++++++++++++ infrastructure/github/variables.tf | 13 +++++++++ 6 files changed, 115 insertions(+) create mode 100644 infrastructure/github/backend.tf create mode 100644 infrastructure/github/imports.tf create mode 100644 infrastructure/github/main.tf create mode 100644 infrastructure/github/providers.tf create mode 100644 infrastructure/github/secrets.tf create mode 100644 infrastructure/github/variables.tf diff --git a/infrastructure/github/backend.tf b/infrastructure/github/backend.tf new file mode 100644 index 00000000..321c1268 --- /dev/null +++ b/infrastructure/github/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "c4c-neu-terraform-state-files" + key = "github/terraform.tfstate" + region = "us-east-2" + dynamodb_table = "terraform-state-lock" + encrypt = true + } +} diff --git a/infrastructure/github/imports.tf b/infrastructure/github/imports.tf new file mode 100644 index 00000000..0c46a4dd --- /dev/null +++ b/infrastructure/github/imports.tf @@ -0,0 +1,4 @@ +import { + to = github_repository.branch + id = "branch" +} diff --git a/infrastructure/github/main.tf b/infrastructure/github/main.tf new file mode 100644 index 00000000..7d90603e --- /dev/null +++ b/infrastructure/github/main.tf @@ -0,0 +1,43 @@ +resource "github_repository" "branch" { + name = "branch" + description = "Branch GitHub Admin" + visibility = "public" + + has_downloads = true + has_issues = true + has_projects = true + has_wiki = true + has_discussions = true + + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = false + + squash_merge_commit_message = "COMMIT_MESSAGES" + squash_merge_commit_title = "COMMIT_OR_PR_TITLE" +} + +resource "github_branch_default" "main" { + repository = github_repository.branch.name + branch = "main" +} + +resource "github_branch_protection" "main" { + repository_id = github_repository.branch.node_id + pattern = "main" + + required_pull_request_reviews { + required_approving_review_count = 2 + dismiss_stale_reviews = true + require_code_owner_reviews = true + } + + enforce_admins = false +} + +resource "github_repository_collaborator" "collaborators" { + for_each = { for c in var.repository_collaborators : c.username => c } + repository = github_repository.branch.name + username = each.value.username + permission = each.value.permission +} diff --git a/infrastructure/github/providers.tf b/infrastructure/github/providers.tf new file mode 100644 index 00000000..cbeb96b1 --- /dev/null +++ b/infrastructure/github/providers.tf @@ -0,0 +1,26 @@ +terraform { + required_providers { + github = { + source = "integrations/github" + version = "~> 6.6" + } + infisical = { + source = "infisical/infisical" + } + } +} + +provider "github" { + owner = "Code-4-Community" + token = ephemeral.infisical_secret.github_token.value +} + +provider "infisical" { + host = "https://app.infisical.com" + auth = { + universal = { + client_id = var.infisical_client_id + client_secret = var.infisical_client_secret + } + } +} diff --git a/infrastructure/github/secrets.tf b/infrastructure/github/secrets.tf new file mode 100644 index 00000000..cda995a4 --- /dev/null +++ b/infrastructure/github/secrets.tf @@ -0,0 +1,20 @@ +ephemeral "infisical_secret" "github_token" { + name = "branch-gh-admin" + env_slug = "dev" + workspace_id = var.infisical_workspace_id + folder_path = "/" +} + + +variable "infisical_client_id" { + type = string +} + +variable "infisical_client_secret" { + type = string +} + +variable "infisical_workspace_id" { + type = string + default = "d1ee8b80-118c-4daf-ae84-31da43261b76" +} diff --git a/infrastructure/github/variables.tf b/infrastructure/github/variables.tf new file mode 100644 index 00000000..5bdb931f --- /dev/null +++ b/infrastructure/github/variables.tf @@ -0,0 +1,13 @@ +variable "repository_collaborators" { + description = "List of GitHub users to add as collaborators" + type = list(object({ + username = string + permission = string + })) + default = [ + # { + # username = "example-user" + # permission = "push" + # } + ] +}