From b762ef50cac9ab45c02cd6b6e35b286ab4ae8c6c Mon Sep 17 00:00:00 2001 From: Jeremy Udit Date: Tue, 3 Mar 2020 11:19:25 -0500 Subject: [PATCH 1/3] Adds acceptance test runs triggered by labels --- .github/workflows/acceptance-tests.yml | 53 ++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 .github/workflows/acceptance-tests.yml diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml new file mode 100644 index 0000000000..18329ab34a --- /dev/null +++ b/.github/workflows/acceptance-tests.yml @@ -0,0 +1,53 @@ +name: Acceptance Tests + +on: + pull_request: + types: [labeled] + +jobs: + acceptance-tests: + runs-on: ubuntu-latest + steps: + + - name: Parse Context From Environment + run: | + echo ::set-env name=HEAD_SHA::$( + jq -rc '.pull_request.head.sha' $GITHUB_EVENT_PATH + ) + echo ::set-env name=LABEL_NAME::$( + jq -rc .label.name $GITHUB_EVENT_PATH + ) + + - name: Parse Arguments From Label Name + run: | + echo ::set-env name=RUN_FILTER::$( + echo $LABEL_NAME | cut -d/ -f 2 + ) + + - name: Match expected prefix or exit + run: echo ${LABEL_NAME} | egrep -q "^acceptance-test/" + + - name: Checkout + uses: actions/checkout@v2.0.0 + with: + ref: ${{ env.HEAD_SHA }} + + - name: Generate Test Fixtures + run: | + openssl req -x509 -newkey rsa:4096 -days 1 -nodes \ + -subj "/C=US/ST=CA/L=San Francisco/O=HashiCorp, Inc./CN=localhost" \ + -keyout github/test-fixtures/key.pem -out github/test-fixtures/cert.pem + + - name: Acceptance Tests + uses: terraformtesting/acceptance-tests@v1.2.0 + with: + RUN_FILTER: ${{ env.RUN_FILTER }} + GITHUB_ORGANIZATION: terraformtesting + GITHUB_TEST_USER: github-terraform-test-user + GITHUB_TEST_USER_NAME: "Test User" + GITHUB_TEST_USER_EMAIL: 60107403+github-terraform-test-user@users.noreply.github.com + GITHUB_TEST_USER_TOKEN: ${{ secrets.GITHUB_TEST_USER_TOKEN }} + GITHUB_TEST_COLLABORATOR: github-terraform-test-collaborator + GITHUB_TEST_COLLABORATOR_TOKEN: ${{ secrets.GITHUB_TEST_COLLABORATOR_TOKEN }} + GITHUB_TEMPLATE_REPOSITORY: terraform-template-module + GITHUB_TEMPLATE_REPOSITORY_RELEASE_ID: 23826477 From bd37a062c8dc5985c5eee6fc6ff7e2ecc0bf36ff Mon Sep 17 00:00:00 2001 From: gposton Date: Thu, 21 Nov 2019 14:37:42 -0500 Subject: [PATCH 2/3] Add support for assigning apps in branch protection rules --- github/resource_github_branch_protection.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/github/resource_github_branch_protection.go b/github/resource_github_branch_protection.go index 0d301909b7..1042d8a30f 100644 --- a/github/resource_github_branch_protection.go +++ b/github/resource_github_branch_protection.go @@ -123,6 +123,11 @@ func resourceGithubBranchProtection() *schema.Resource { Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, + "apps": { + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, }, }, }, @@ -473,10 +478,18 @@ func flattenAndSetRestrictions(d *schema.ResourceData, protection *github.Protec } } + apps := make([]interface{}, 0, len(restrictions.Apps)) + for _, t := range restrictions.Apps { + if t.Slug != nil { + apps = append(apps, *t.Slug) + } + } + return d.Set("restrictions", []interface{}{ map[string]interface{}{ "users": schema.NewSet(schema.HashString, users), "teams": schema.NewSet(schema.HashString, teams), + "apps": schema.NewSet(schema.HashString, apps), }, }) } @@ -557,6 +570,7 @@ func expandRestrictions(d *schema.ResourceData) (*github.BranchRestrictionsReque if v == nil { restrictions.Users = []string{} restrictions.Teams = []string{} + restrictions.Apps = []string{} return restrictions, nil } m := v.(map[string]interface{}) @@ -565,6 +579,8 @@ func expandRestrictions(d *schema.ResourceData) (*github.BranchRestrictionsReque restrictions.Users = users teams := expandNestedSet(m, "teams") restrictions.Teams = teams + apps := expandNestedSet(m, "apps") + restrictions.Apps = apps } return restrictions, nil } From d38045c5fbdfb223fac042f0a42a0922f20f7527 Mon Sep 17 00:00:00 2001 From: gposton Date: Tue, 3 Mar 2020 10:40:13 -0500 Subject: [PATCH 3/3] update docs --- website/docs/r/branch_protection.html.markdown | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/website/docs/r/branch_protection.html.markdown b/website/docs/r/branch_protection.html.markdown index 1d9a39be07..9ee7c85104 100644 --- a/website/docs/r/branch_protection.html.markdown +++ b/website/docs/r/branch_protection.html.markdown @@ -9,7 +9,7 @@ description: |- Protects a GitHub branch. -This resource allows you to configure branch protection for repositories in your organization. When applied, the branch will be protected from forced pushes and deletion. Additional constraints, such as required status checks or restrictions on users and teams, can also be configured. +This resource allows you to configure branch protection for repositories in your organization. When applied, the branch will be protected from forced pushes and deletion. Additional constraints, such as required status checks or restrictions on users, teams, and apps, can also be configured. ## Example Usage @@ -36,6 +36,7 @@ resource "github_branch_protection" "example" { restrictions { users = ["foo-user"] teams = ["${github_team.example.slug}"] + apps = ["foo-app"] } } @@ -86,6 +87,7 @@ The following arguments are supported: * `users`: (Optional) The list of user logins with push access. * `teams`: (Optional) The list of team slugs with push access. +* `apps`: (Optional) The list of app slugs with push access. Always use `slug` of the team, **not** its name. Each team already **has** to have access to the repository. `restrictions` is only available for organization-owned repositories.