From 6b6fb1e20d79a7ef2a829ea1ac8c8ff7b79f466d Mon Sep 17 00:00:00 2001 From: Soren Martius Date: Tue, 3 May 2022 10:58:28 +0100 Subject: [PATCH 1/5] feat: add support for the github_app_installation_repository resource --- .github/workflows/main.yml | 1 + CHANGELOG.md | 4 ++++ README.md | 19 +++++++++++++++++++ README.tfdoc.hcl | 23 +++++++++++++++++++++++ main.tf | 11 +++++++++++ outputs.tf | 5 +++++ test/unit-complete/main.tf | 2 ++ test/unit-complete/variables.tf | 6 ++++++ variables.tf | 6 ++++++ 9 files changed, 77 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 56d1702..21ae476 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -49,3 +49,4 @@ jobs: env: GITHUB_OWNER: ${{ secrets.TEST_GITHUB_ORGANIZATION }} GITHUB_TOKEN: ${{ secrets.TEST_GITHUB_TOKEN }} + TF_VAR_app_installations: ${{ secrets.TEST_GITHUB_APP_INSTALLATIONS }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 6394d97..d399853 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added + +- Add support for `github_app_installation_repository` + ## [0.16.0] diff --git a/README.md b/README.md index fa5e441..11103d8 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,7 @@ _Security related notice: Versions 4.7.0, 4.8.0, 4.9.0 and 4.9.1 of the Terrafor - [Webhooks Configuration](#webhooks-configuration) - [Secrets Configuration](#secrets-configuration) - [Autolink References Configuration](#autolink-references-configuration) + - [App Installations](#app-installations) - [Module Configuration](#module-configuration) - [Module Outputs](#module-outputs) - [External Documentation](#external-documentation) @@ -808,6 +809,20 @@ This is due to some terraform limitation and we will update the module once terr The template of the target URL used for the links; must be a valid URL and contain `` for the reference number. +#### App Installations + +- [**`app_installations`**](#var-app_installations): *(Optional `set(number)`)* + + A set of GitHub App IDs to be installed in this repository. + + Default is `{}`. + + Example: + + ```hcl + app_installations = [25405144, 12556423] + ``` + ### Module Configuration - [**`module_depends_on`**](#var-module_depends_on): *(Optional `list(dependency)`)* @@ -886,6 +901,10 @@ The following attributes are exported by the module: List of secrets available. +- [**`app_installations`**](#output-app_installations): *(`set(number)`)* + + A map of deploy app installations keyed by installation id. + ## External Documentation ### Terraform Github Provider Documentation diff --git a/README.tfdoc.hcl b/README.tfdoc.hcl index 6a77b5d..63db983 100644 --- a/README.tfdoc.hcl +++ b/README.tfdoc.hcl @@ -1052,6 +1052,22 @@ section { } } } + + section { + title = "App Installations" + + variable "app_installations" { + type = set(number) + default = {} + description = <<-END + A set of GitHub App IDs to be installed in this repository. + END + + readme_example = <<-END + app_installations = [25405144, 12556423] + END + } + } } section { @@ -1177,6 +1193,13 @@ section { List of secrets available. END } + + output "app_installations" { + type = set(number) + description = <<-END + A map of deploy app installations keyed by installation id. + END + } } section { diff --git a/main.tf b/main.tf index 4ef531d..31b274b 100644 --- a/main.tf +++ b/main.tf @@ -496,3 +496,14 @@ resource "github_repository_autolink_reference" "repository_autolink_reference" key_prefix = each.value.key_prefix target_url_template = each.value.target_url_template } + +# --------------------------------------------------------------------------------------------------------------------- +# App installation +# --------------------------------------------------------------------------------------------------------------------- + +resource "github_app_installation_repository" "app_installation_repository" { + for_each = { for a in var.app_installations : a => a } + + repository = github_repository.repository.name + installation_id = each.value +} diff --git a/outputs.tf b/outputs.tf index e42cac5..d0c02a9 100644 --- a/outputs.tf +++ b/outputs.tf @@ -79,6 +79,11 @@ output "secrets" { description = "List of secrets available." } +output "app_installations" { + value = github_app_installation_repository.app_installation_repository + description = "A map of deploy app installations keyed by installation id." +} + # ---------------------------------------------------------------------------------------------------------------------- # OUTPUT MODULE CONFIGURATION # ---------------------------------------------------------------------------------------------------------------------- diff --git a/test/unit-complete/main.tf b/test/unit-complete/main.tf index c590e03..ef708a4 100644 --- a/test/unit-complete/main.tf +++ b/test/unit-complete/main.tf @@ -132,6 +132,8 @@ module "repository" { projects = var.projects autolink_references = var.autolink_references + + app_installations = var.app_installations } # --------------------------------------------------------------------------------------------------------------------- diff --git a/test/unit-complete/variables.tf b/test/unit-complete/variables.tf index d748cac..b7c235b 100644 --- a/test/unit-complete/variables.tf +++ b/test/unit-complete/variables.tf @@ -255,3 +255,9 @@ variable "autolink_references" { target_url_template = "https://hello.there/TICKET?query=" }] } + +variable "app_installations" { + type = set(number) + description = "A list of GitHub App IDs to be installed in this repository." + default = [] +} diff --git a/variables.tf b/variables.tf index 674855a..933a3c1 100644 --- a/variables.tf +++ b/variables.tf @@ -528,6 +528,12 @@ variable "archive_on_destroy" { default = true } +variable "app_installations" { + type = set(number) + description = "(Optional) A list of GitHub App IDs to be installed in this repository." + default = [] +} + # ------------------------------------------------------------------------------ # MODULE CONFIGURATION PARAMETERS # These variables are used to configure the module. From 33dc20855a911649046a294322a8786b98eb73ff Mon Sep 17 00:00:00 2001 From: Soren Martius Date: Tue, 3 May 2022 20:56:09 +0100 Subject: [PATCH 2/5] test: update pre-commit hooks from template --- .pre-commit-config.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 566019f..bba3315 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,13 +1,17 @@ repos: - repo: https://github.com/mineiros-io/pre-commit-hooks - rev: v0.3.1 + rev: v0.4.1 hooks: - id: terraform-fmt - id: terraform-validate exclude: ^examples|.terraform/ - id: tflint - - id: golangci-lint - id: phony-targets + - id: terradoc-validate + - id: golangci-lint + - id: terradoc-fmt + - id: terradoc-generate + # - id: terramate-generate - id: markdown-link-check args: ['-p'] # When adding the -p flag, markdown-link-check will always with an exit code 0, even if dead links are found verbose: true # Forces the output of the hook to be printed even when the hook passes. From 821209ca497905f97d936b745992762015c42287 Mon Sep 17 00:00:00 2001 From: Soren Martius Date: Tue, 3 May 2022 20:56:19 +0100 Subject: [PATCH 3/5] build: update makefile from template --- Makefile | 90 ++++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 65 insertions(+), 25 deletions(-) diff --git a/Makefile b/Makefile index 35dc213..5a4f28b 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ # Set default shell to bash SHELL := /bin/bash -o pipefail -BUILD_TOOLS_VERSION ?= v0.12.0 +BUILD_TOOLS_VERSION ?= v0.15.2 BUILD_TOOLS_DOCKER_REPO ?= mineiros/build-tools BUILD_TOOLS_DOCKER_IMAGE ?= ${BUILD_TOOLS_DOCKER_REPO}:${BUILD_TOOLS_VERSION} @@ -32,29 +32,45 @@ endif GIT_TOPLEVEl = $(shell git rev-parse --show-toplevel) -# generic docker run flags +# Generic docker run flags DOCKER_RUN_FLAGS += -v ${GIT_TOPLEVEl}:/build DOCKER_RUN_FLAGS += --rm DOCKER_RUN_FLAGS += -e TF_IN_AUTOMATION - -# if SSH_AUTH_SOCK is defined we are likely referencing private repositories -# for depending terrfaorm modules or other depdendencies -# so we pass credentials to the docker container when running tests or pre-commit hooks +# If TF_VERSION is defined, TFSwitch will switch to the desired version on +# container startup. If TF_VERSION is omitted, the default version installed +# inside the docker image will be used. +DOCKER_RUN_FLAGS += -e TF_VERSION + +# If SSH_AUTH_SOCK is set, we forward the SSH agent of the host system into +# the docker container. This is useful when working with private repositories +# and dependencies that might need to be cloned inside the container (e.g. +# private Terraform modules). ifdef SSH_AUTH_SOCK DOCKER_SSH_FLAGS += -e SSH_AUTH_SOCK=/ssh-agent DOCKER_SSH_FLAGS += -v ${SSH_AUTH_SOCK}:/ssh-agent endif -# if AWS_ACCESS_KEY_ID is defined we are likely running inside an AWS provider module -# so we pass credentials to the docker container when running tests +# If AWS_ACCESS_KEY_ID is defined, we are likely running inside an AWS provider +# module. To enable AWS authentication inside the docker container, we inject +# the relevant environment variables. ifdef AWS_ACCESS_KEY_ID DOCKER_AWS_FLAGS += -e AWS_ACCESS_KEY_ID DOCKER_AWS_FLAGS += -e AWS_SECRET_ACCESS_KEY DOCKER_AWS_FLAGS += -e AWS_SESSION_TOKEN endif -# if GITHUB_OWNER is defined we are running inside a github provider module -# so we pass credentials to the docker container when running tests +# If GOOGLE_CREDENTIALS is defined, we are likely running inside a GCP provider +# module. To enable GCP authentication inside the docker container, we inject +# the relevant environment variables (service-account key file). +ifdef GOOGLE_CREDENTIALS + DOCKER_GCP_FLAGS += -e GOOGLE_CREDENTIALS + DOCKER_GCP_FLAGS += -e TEST_GCP_PROJECT + DOCKER_GCP_FLAGS += -e TEST_GCP_ORG_DOMAIN +endif + +# If GITHUB_OWNER is defined, we are likely running inside a GitHub provider +# module. To enable GitHub authentication inside the docker container, +# we inject the relevant environment variables. ifdef GITHUB_OWNER DOCKER_GITHUB_FLAGS += -e GITHUB_TOKEN DOCKER_GITHUB_FLAGS += -e GITHUB_OWNER @@ -70,28 +86,58 @@ template/adjust: @find . $(FILTER) -exec sed -i -e "s,terraform-module-template,$${PWD##*/},g" {} \; ## Run pre-commit hooks inside a build-tools docker container. +.PHONY: test/docker/pre-commit +test/docker/pre-commit: DOCKER_FLAGS += ${DOCKER_SSH_FLAGS} +test/docker/pre-commit: DOCKER_FLAGS += -e NOCOLOR=1 +test/docker/pre-commit: + $(call docker-run,make test/pre-commit) + +## Run all Go tests inside a build-tools docker container. This is complementary to running 'go test ./test/...'. +.PHONY: test/docker/unit-tests +test/docker/unit-tests: DOCKER_FLAGS += ${DOCKER_SSH_FLAGS} +test/docker/unit-tests: DOCKER_FLAGS += ${DOCKER_GITHUB_FLAGS} +test/docker/unit-tests: DOCKER_FLAGS += ${DOCKER_AWS_FLAGS} +test/docker/unit-tests: DOCKER_FLAGS += ${DOCKER_GCP_FLAGS} +test/docker/unit-tests: DOCKER_FLAGS += $(shell env | grep ^TF_VAR_ | cut -d = -f 1 | xargs -i printf ' -e {}') +test/docker/unit-tests: DOCKER_FLAGS += -e TF_DATA_DIR=.terratest +test/docker/unit-tests: DOCKER_FLAGS += -e NOCOLOR=1 +test/docker/unit-tests: TEST ?= "TestUnit" +test/docker/unit-tests: + @echo "${YELLOW}[TEST] ${GREEN}Start Running Go Tests in Docker Container.${RESET}" + $(call docker-run,make test/unit-tests) + +## Run pre-commit hooks. .PHONY: test/pre-commit test/pre-commit: DOCKER_FLAGS += ${DOCKER_SSH_FLAGS} test/pre-commit: - $(call docker-run,pre-commit run -a) + $(call quiet-command,pre-commit run -a) -## Run all Go tests inside a build-tools docker container. This is complementary to running 'go test ./test/...'. -.PHONY: test/unit-tests -test/unit-tests: DOCKER_FLAGS += ${DOCKER_SSH_FLAGS} -test/unit-tests: DOCKER_FLAGS += ${DOCKER_GITHUB_FLAGS} -test/unit-tests: DOCKER_FLAGS += ${DOCKER_AWS_FLAGS} +## Run all unit tests. +.PHONY: test/docker/unit-tests test/unit-tests: TEST ?= "TestUnit" test/unit-tests: - @echo "${YELLOW}[TEST] ${GREEN}Start Running Go Tests in Docker Container.${RESET}" - $(call go-test,./test -run $(TEST)) + @echo "${YELLOW}[TEST] ${GREEN}Start Running unit tests.${RESET}" + $(call quiet-command,cd test ; go test -v -count 1 -timeout 45m -parallel 128 -run $(TEST)) + +## Generate README.md with Terradoc +.PHONY: terradoc +terradoc: + $(call quiet-command,terradoc generate -o README.md README.tfdoc.hcl) + +## Generate shared configuration for tests +.PHONY: terramate +terramate: + $(call quiet-command,terramate generate) ## Clean up cache and temporary files .PHONY: clean clean: $(call rm-command,.terraform) + $(call rm-command,.terratest) $(call rm-command,.terraform.lock.hcl) $(call rm-command,*.tfplan) $(call rm-command,*/*/.terraform) + $(call rm-command,*/*/.terratest) $(call rm-command,*/*/*.tfplan) $(call rm-command,*/*/.terraform.lock.hcl) @@ -108,16 +154,10 @@ help: } \ { lastLine = $$0 }' $(MAKEFILE_LIST) -## Generate README.md with Terradoc -.PHONY: terradoc -terradoc: - $(call quiet-command,terradoc -o README.md README.tfdoc.hcl) - -# define helper functions +# Define helper functions DOCKER_FLAGS += ${DOCKER_RUN_FLAGS} DOCKER_RUN_CMD = docker run ${DOCKER_FLAGS} ${BUILD_TOOLS_DOCKER_IMAGE} quiet-command = $(if ${V},${1},$(if ${2},@echo ${2} && ${1}, @${1})) docker-run = $(call quiet-command,${DOCKER_RUN_CMD} ${1} | cat,"${YELLOW}[DOCKER RUN] ${GREEN}${1}${RESET}") -go-test = $(call quiet-command,${DOCKER_RUN_CMD} go test -v -count 1 -timeout 45m -parallel 128 ${1} | cat,"${YELLOW}[TEST] ${GREEN}${1}${RESET}") rm-command = $(call quiet-command,rm -rf ${1},"${YELLOW}[CLEAN] ${GREEN}${1}${RESET}") From 0dfa3eb3863bbfc0daa0a3334a9de07214160a18 Mon Sep 17 00:00:00 2001 From: Soren Martius Date: Tue, 3 May 2022 20:56:28 +0100 Subject: [PATCH 4/5] ci: update github actions workflow from template --- .github/workflows/main.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 21ae476..3de522e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -21,7 +21,7 @@ jobs: uses: actions/checkout@v2 - name: Run pre-commit - run: make test/pre-commit + run: make test/docker/pre-commit unit-tests: needs: pre-commit @@ -45,8 +45,7 @@ jobs: - name: Run Unit Tests if: steps.changes.outputs.terraform == 'true' - run: make test/unit-tests + run: make test/docker/unit-tests env: GITHUB_OWNER: ${{ secrets.TEST_GITHUB_ORGANIZATION }} GITHUB_TOKEN: ${{ secrets.TEST_GITHUB_TOKEN }} - TF_VAR_app_installations: ${{ secrets.TEST_GITHUB_APP_INSTALLATIONS }} From 98a52b55391332c7789d97239b82c921056631a2 Mon Sep 17 00:00:00 2001 From: Soren Martius Date: Tue, 3 May 2022 20:57:14 +0100 Subject: [PATCH 5/5] chore: prepare v0.16.1 release --- CHANGELOG.md | 6 ++++-- main.tf | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d399853..e6775a4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,11 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [0.16.1] + ### Added - Add support for `github_app_installation_repository` - ## [0.16.0] ### Fixed @@ -373,7 +374,8 @@ Please review plans and report regressions and issues asap so we can improve doc - This is the initial release of our GitHub Repository module with support for creating and managing GitHub Repositories for Organizations. -[unreleased]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.16.0...HEAD +[unreleased]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.16.1...HEAD +[0.16.1]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.16.0...v0.16.1 [0.16.0]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.15.0...v0.16.0 [0.15.0]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.14.0...v0.15.0 [0.14.0]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.13.0...v0.14.0 diff --git a/main.tf b/main.tf index 31b274b..547e0e7 100644 --- a/main.tf +++ b/main.tf @@ -502,7 +502,7 @@ resource "github_repository_autolink_reference" "repository_autolink_reference" # --------------------------------------------------------------------------------------------------------------------- resource "github_app_installation_repository" "app_installation_repository" { - for_each = { for a in var.app_installations : a => a } + for_each = var.app_installations repository = github_repository.repository.name installation_id = each.value