Create multiple repositories in test org using Terraform, which conform to moj standards #4025

levgorbunov1 · 2024-01-16T15:34:11Z

Each repository is defined in a separate tf file, each referencing the module.

Small changes have also been made, including removing redundant continue on fail declarations.

…j standards

…ion_name default variable

github-actions · 2024-01-16T15:34:37Z

repositories plan


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # module.operations_engineering_repositories["test-repository-levg"].data.github_actions_public_key.default will be read during apply
  # (config refers to values not yet known)
 <= data "github_actions_public_key" "default" {
      + id         = (known after apply)
      + key        = (known after apply)
      + key_id     = (known after apply)
      + repository = (known after apply)
    }

  # module.operations_engineering_repositories["test-repository-levg"].github_branch_protection.default will be created
  + resource "github_branch_protection" "default" {
      + allows_deletions                = false
      + allows_force_pushes             = false
      + blocks_creations                = false
      + enforce_admins                  = true
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = (known after apply)
      + require_conversation_resolution = false
      + require_signed_commits          = false
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + strict = false
        }
    }

  # module.operations_engineering_repositories["test-repository-levg"].github_repository.default will be created
  + resource "github_repository" "default" {
      + allow_auto_merge            = false
      + allow_merge_commit          = true
      + allow_rebase_merge          = true
      + allow_squash_merge          = true
      + archive_on_destroy          = true
      + archived                    = false
      + auto_init                   = false
      + default_branch              = (known after apply)
      + delete_branch_on_merge      = true
      + description                 = "this repository was create by terraform managed by operations-engineering team • This repository is defined and managed in Terraform"
      + etag                        = (known after apply)
      + full_name                   = (known after apply)
      + git_clone_url               = (known after apply)
      + has_downloads               = true
      + has_issues                  = true
      + has_projects                = true
      + has_wiki                    = true
      + html_url                    = (known after apply)
      + http_clone_url              = (known after apply)
      + id                          = (known after apply)
      + is_template                 = false
      + merge_commit_message        = "PR_TITLE"
      + merge_commit_title          = "MERGE_MESSAGE"
      + name                        = "test-repository-levg"
      + node_id                     = (known after apply)
      + primary_language            = (known after apply)
      + private                     = (known after apply)
      + repo_id                     = (known after apply)
      + squash_merge_commit_message = "COMMIT_MESSAGES"
      + squash_merge_commit_title   = "COMMIT_OR_PR_TITLE"
      + ssh_clone_url               = (known after apply)
      + svn_url                     = (known after apply)
      + topics                      = [
          + "operations-engineering",
        ]
      + visibility                  = "public"
      + vulnerability_alerts        = true
      + web_commit_signoff_required = false

      + security_and_analysis {
          + secret_scanning {
              + status = "enabled"
            }
          + secret_scanning_push_protection {
              + status = "enabled"
            }
        }

      + template {
          + include_all_branches = false
          + owner                = "ministryofjustice"
          + repository           = "template-repository"
        }
    }

  # module.operations_engineering_repositories["test-repository-levg"].github_repository_tag_protection.default will be created
  + resource "github_repository_tag_protection" "default" {
      + id                = (known after apply)
      + pattern           = "*"
      + repository        = (known after apply)
      + tag_protection_id = (known after apply)
    }

  # module.operations_engineering_repositories["test-repository-levg2"].data.github_actions_public_key.default will be read during apply
  # (config refers to values not yet known)
 <= data "github_actions_public_key" "default" {
      + id         = (known after apply)
      + key        = (known after apply)
      + key_id     = (known after apply)
      + repository = (known after apply)
    }

  # module.operations_engineering_repositories["test-repository-levg2"].github_branch_protection.default will be created
  + resource "github_branch_protection" "default" {
      + allows_deletions                = false
      + allows_force_pushes             = false
      + blocks_creations                = false
      + enforce_admins                  = true
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = (known after apply)
      + require_conversation_resolution = false
      + require_signed_commits          = false
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + strict = false
        }
    }

  # module.operations_engineering_repositories["test-repository-levg2"].github_repository.default will be created
  + resource "github_repository" "default" {
      + allow_auto_merge            = false
      + allow_merge_commit          = true
      + allow_rebase_merge          = true
      + allow_squash_merge          = true
      + archive_on_destroy          = true
      + archived                    = false
      + auto_init                   = false
      + default_branch              = (known after apply)
      + delete_branch_on_merge      = true
      + description                 = "this repository was create by terraform managed by operations-engineering team • This repository is defined and managed in Terraform"
      + etag                        = (known after apply)
      + full_name                   = (known after apply)
      + git_clone_url               = (known after apply)
      + has_downloads               = true
      + has_issues                  = true
      + has_projects                = true
      + has_wiki                    = true
      + html_url                    = (known after apply)
      + http_clone_url              = (known after apply)
      + id                          = (known after apply)
      + is_template                 = false
      + merge_commit_message        = "PR_TITLE"
      + merge_commit_title          = "MERGE_MESSAGE"
      + name                        = "test-repository-levg2"
      + node_id                     = (known after apply)
      + primary_language            = (known after apply)
      + private                     = (known after apply)
      + repo_id                     = (known after apply)
      + squash_merge_commit_message = "COMMIT_MESSAGES"
      + squash_merge_commit_title   = "COMMIT_OR_PR_TITLE"
      + ssh_clone_url               = (known after apply)
      + svn_url                     = (known after apply)
      + topics                      = [
          + "operations-engineering",
        ]
      + visibility                  = "public"
      + vulnerability_alerts        = true
      + web_commit_signoff_required = false

      + security_and_analysis {
          + secret_scanning {
              + status = "enabled"
            }
          + secret_scanning_push_protection {
              + status = "enabled"
            }
        }

      + template {
          + include_all_branches = false
          + owner                = "ministryofjustice"
          + repository           = "template-repository"
        }
    }

  # module.operations_engineering_repositories["test-repository-levg2"].github_repository_tag_protection.default will be created
  + resource "github_repository_tag_protection" "default" {
      + id                = (known after apply)
      + pattern           = "*"
      + repository        = (known after apply)
      + tag_protection_id = (known after apply)
    }

  # module.operations_engineering_repositories["test-repository-levg3"].data.github_actions_public_key.default will be read during apply
  # (config refers to values not yet known)
 <= data "github_actions_public_key" "default" {
      + id         = (known after apply)
      + key        = (known after apply)
      + key_id     = (known after apply)
      + repository = (known after apply)
    }

  # module.operations_engineering_repositories["test-repository-levg3"].github_branch_protection.default will be created
  + resource "github_branch_protection" "default" {
      + allows_deletions                = false
      + allows_force_pushes             = false
      + blocks_creations                = false
      + enforce_admins                  = true
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = (known after apply)
      + require_conversation_resolution = false
      + require_signed_commits          = false
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + strict = false
        }
    }

  # module.operations_engineering_repositories["test-repository-levg3"].github_repository.default will be created
  + resource "github_repository" "default" {
      + allow_auto_merge            = false
      + allow_merge_commit          = true
      + allow_rebase_merge          = true
      + allow_squash_merge          = true
      + archive_on_destroy          = true
      + archived                    = false
      + auto_init                   = false
      + default_branch              = (known after apply)
      + delete_branch_on_merge      = true
      + description                 = "this repository was create by terraform managed by operations-engineering team • This repository is defined and managed in Terraform"
      + etag                        = (known after apply)
      + full_name                   = (known after apply)
      + git_clone_url               = (known after apply)
      + has_downloads               = true
      + has_issues                  = true
      + has_projects                = true
      + has_wiki                    = true
      + html_url                    = (known after apply)
      + http_clone_url              = (known after apply)
      + id                          = (known after apply)
      + is_template                 = false
      + merge_commit_message        = "PR_TITLE"
      + merge_commit_title          = "MERGE_MESSAGE"
      + name                        = "test-repository-levg3"
      + node_id                     = (known after apply)
      + primary_language            = (known after apply)
      + private                     = (known after apply)
      + repo_id                     = (known after apply)
      + squash_merge_commit_message = "COMMIT_MESSAGES"
      + squash_merge_commit_title   = "COMMIT_OR_PR_TITLE"
      + ssh_clone_url               = (known after apply)
      + svn_url                     = (known after apply)
      + topics                      = [
          + "operations-engineering",
        ]
      + visibility                  = "public"
      + vulnerability_alerts        = true
      + web_commit_signoff_required = false

      + security_and_analysis {
          + secret_scanning {
              + status = "enabled"
            }
          + secret_scanning_push_protection {
              + status = "enabled"
            }
        }

      + template {
          + include_all_branches = false
          + owner                = "ministryofjustice"
          + repository           = "template-repository"
        }
    }

  # module.operations_engineering_repositories["test-repository-levg3"].github_repository_tag_protection.default will be created
  + resource "github_repository_tag_protection" "default" {
      + id                = (known after apply)
      + pattern           = "*"
      + repository        = (known after apply)
      + tag_protection_id = (known after apply)
    }

Plan: 9 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

codecov-commenter · 2024-01-16T15:35:41Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (197c89c) 98.47% compared to head (57077f4) 98.47%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4025   +/-   ##
=======================================
  Coverage   98.47%   98.47%           
=======================================
  Files          43       43           
  Lines        4068     4068           
=======================================
  Hits         4006     4006           
  Misses         62       62

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

github-actions · 2024-01-16T15:37:46Z

🦙 MegaLinter status: ❌ ERROR

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ ACTION	actionlint	1		0	0.02s
✅ REPOSITORY	gitleaks	yes		no	1.14s
❌ REPOSITORY	trivy	yes		1	4.73s
❌ TERRAFORM	terrascan	yes		1	4.8s
✅ YAML	prettier	1	1	0	0.5s
✅ YAML	yamllint	1		0	0.25s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by

…ach referencing the module rather than using a loop

github-actions · 2024-01-16T15:54:15Z

repositories plan


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # module.test-repository-levg.data.github_actions_public_key.default will be read during apply
  # (config refers to values not yet known)
 <= data "github_actions_public_key" "default" {
      + id         = (known after apply)
      + key        = (known after apply)
      + key_id     = (known after apply)
      + repository = (known after apply)
    }

  # module.test-repository-levg.github_branch_protection.default will be created
  + resource "github_branch_protection" "default" {
      + allows_deletions                = false
      + allows_force_pushes             = false
      + blocks_creations                = false
      + enforce_admins                  = true
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = (known after apply)
      + require_conversation_resolution = false
      + require_signed_commits          = false
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + strict = false
        }
    }

  # module.test-repository-levg.github_repository.default will be created
  + resource "github_repository" "default" {
      + allow_auto_merge            = false
      + allow_merge_commit          = true
      + allow_rebase_merge          = true
      + allow_squash_merge          = true
      + archive_on_destroy          = true
      + archived                    = false
      + auto_init                   = false
      + default_branch              = (known after apply)
      + delete_branch_on_merge      = true
      + description                 = "this repository was create by terraform managed by operations-engineering team • This repository is defined and managed in Terraform"
      + etag                        = (known after apply)
      + full_name                   = (known after apply)
      + git_clone_url               = (known after apply)
      + has_downloads               = true
      + has_issues                  = true
      + has_projects                = true
      + has_wiki                    = true
      + html_url                    = (known after apply)
      + http_clone_url              = (known after apply)
      + id                          = (known after apply)
      + is_template                 = false
      + merge_commit_message        = "PR_TITLE"
      + merge_commit_title          = "MERGE_MESSAGE"
      + name                        = "test-repository-levg"
      + node_id                     = (known after apply)
      + primary_language            = (known after apply)
      + private                     = (known after apply)
      + repo_id                     = (known after apply)
      + squash_merge_commit_message = "COMMIT_MESSAGES"
      + squash_merge_commit_title   = "COMMIT_OR_PR_TITLE"
      + ssh_clone_url               = (known after apply)
      + svn_url                     = (known after apply)
      + topics                      = [
          + "operations-engineering",
        ]
      + visibility                  = "public"
      + vulnerability_alerts        = true
      + web_commit_signoff_required = false

      + security_and_analysis {
          + secret_scanning {
              + status = "enabled"
            }
          + secret_scanning_push_protection {
              + status = "enabled"
            }
        }

      + template {
          + include_all_branches = false
          + owner                = "ministryofjustice"
          + repository           = "template-repository"
        }
    }

  # module.test-repository-levg.github_repository_tag_protection.default will be created
  + resource "github_repository_tag_protection" "default" {
      + id                = (known after apply)
      + pattern           = "*"
      + repository        = (known after apply)
      + tag_protection_id = (known after apply)
    }

  # module.test-repository-levg2.data.github_actions_public_key.default will be read during apply
  # (config refers to values not yet known)
 <= data "github_actions_public_key" "default" {
      + id         = (known after apply)
      + key        = (known after apply)
      + key_id     = (known after apply)
      + repository = (known after apply)
    }

  # module.test-repository-levg2.github_branch_protection.default will be created
  + resource "github_branch_protection" "default" {
      + allows_deletions                = false
      + allows_force_pushes             = false
      + blocks_creations                = false
      + enforce_admins                  = true
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = (known after apply)
      + require_conversation_resolution = false
      + require_signed_commits          = false
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + strict = false
        }
    }

  # module.test-repository-levg2.github_repository.default will be created
  + resource "github_repository" "default" {
      + allow_auto_merge            = false
      + allow_merge_commit          = true
      + allow_rebase_merge          = true
      + allow_squash_merge          = true
      + archive_on_destroy          = true
      + archived                    = false
      + auto_init                   = false
      + default_branch              = (known after apply)
      + delete_branch_on_merge      = true
      + description                 = "this repository was create by terraform managed by operations-engineering team • This repository is defined and managed in Terraform"
      + etag                        = (known after apply)
      + full_name                   = (known after apply)
      + git_clone_url               = (known after apply)
      + has_downloads               = true
      + has_issues                  = true
      + has_projects                = true
      + has_wiki                    = true
      + html_url                    = (known after apply)
      + http_clone_url              = (known after apply)
      + id                          = (known after apply)
      + is_template                 = false
      + merge_commit_message        = "PR_TITLE"
      + merge_commit_title          = "MERGE_MESSAGE"
      + name                        = "test-repository-levg2"
      + node_id                     = (known after apply)
      + primary_language            = (known after apply)
      + private                     = (known after apply)
      + repo_id                     = (known after apply)
      + squash_merge_commit_message = "COMMIT_MESSAGES"
      + squash_merge_commit_title   = "COMMIT_OR_PR_TITLE"
      + ssh_clone_url               = (known after apply)
      + svn_url                     = (known after apply)
      + topics                      = [
          + "operations-engineering",
        ]
      + visibility                  = "public"
      + vulnerability_alerts        = true
      + web_commit_signoff_required = false

      + security_and_analysis {
          + secret_scanning {
              + status = "enabled"
            }
          + secret_scanning_push_protection {
              + status = "enabled"
            }
        }

      + template {
          + include_all_branches = false
          + owner                = "ministryofjustice"
          + repository           = "template-repository"
        }
    }

  # module.test-repository-levg2.github_repository_tag_protection.default will be created
  + resource "github_repository_tag_protection" "default" {
      + id                = (known after apply)
      + pattern           = "*"
      + repository        = (known after apply)
      + tag_protection_id = (known after apply)
    }

  # module.test-repository-levg3.data.github_actions_public_key.default will be read during apply
  # (config refers to values not yet known)
 <= data "github_actions_public_key" "default" {
      + id         = (known after apply)
      + key        = (known after apply)
      + key_id     = (known after apply)
      + repository = (known after apply)
    }

  # module.test-repository-levg3.github_branch_protection.default will be created
  + resource "github_branch_protection" "default" {
      + allows_deletions                = false
      + allows_force_pushes             = false
      + blocks_creations                = false
      + enforce_admins                  = true
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = (known after apply)
      + require_conversation_resolution = false
      + require_signed_commits          = false
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + strict = false
        }
    }

  # module.test-repository-levg3.github_repository.default will be created
  + resource "github_repository" "default" {
      + allow_auto_merge            = false
      + allow_merge_commit          = true
      + allow_rebase_merge          = true
      + allow_squash_merge          = true
      + archive_on_destroy          = true
      + archived                    = false
      + auto_init                   = false
      + default_branch              = (known after apply)
      + delete_branch_on_merge      = true
      + description                 = "this repository was create by terraform managed by operations-engineering team • This repository is defined and managed in Terraform"
      + etag                        = (known after apply)
      + full_name                   = (known after apply)
      + git_clone_url               = (known after apply)
      + has_downloads               = true
      + has_issues                  = true
      + has_projects                = true
      + has_wiki                    = true
      + html_url                    = (known after apply)
      + http_clone_url              = (known after apply)
      + id                          = (known after apply)
      + is_template                 = false
      + merge_commit_message        = "PR_TITLE"
      + merge_commit_title          = "MERGE_MESSAGE"
      + name                        = "test-repository-levg3"
      + node_id                     = (known after apply)
      + primary_language            = (known after apply)
      + private                     = (known after apply)
      + repo_id                     = (known after apply)
      + squash_merge_commit_message = "COMMIT_MESSAGES"
      + squash_merge_commit_title   = "COMMIT_OR_PR_TITLE"
      + ssh_clone_url               = (known after apply)
      + svn_url                     = (known after apply)
      + topics                      = [
          + "operations-engineering",
        ]
      + visibility                  = "public"
      + vulnerability_alerts        = true
      + web_commit_signoff_required = false

      + security_and_analysis {
          + secret_scanning {
              + status = "enabled"
            }
          + secret_scanning_push_protection {
              + status = "enabled"
            }
        }

      + template {
          + include_all_branches = false
          + owner                = "ministryofjustice"
          + repository           = "template-repository"
        }
    }

  # module.test-repository-levg3.github_repository_tag_protection.default will be created
  + resource "github_repository_tag_protection" "default" {
      + id                = (known after apply)
      + pattern           = "*"
      + repository        = (known after apply)
      + tag_protection_id = (known after apply)
    }

Plan: 9 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

github-actions · 2024-01-16T16:01:01Z

repositories plan


Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # module.test-repository-levg.data.github_actions_public_key.default will be read during apply
  # (config refers to values not yet known)
 <= data "github_actions_public_key" "default" {
      + id         = (known after apply)
      + key        = (known after apply)
      + key_id     = (known after apply)
      + repository = (known after apply)
    }

  # module.test-repository-levg.github_branch_protection.default will be created
  + resource "github_branch_protection" "default" {
      + allows_deletions                = false
      + allows_force_pushes             = false
      + blocks_creations                = false
      + enforce_admins                  = true
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = (known after apply)
      + require_conversation_resolution = false
      + require_signed_commits          = false
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + strict = false
        }
    }

  # module.test-repository-levg.github_repository.default will be created
  + resource "github_repository" "default" {
      + allow_auto_merge            = false
      + allow_merge_commit          = true
      + allow_rebase_merge          = true
      + allow_squash_merge          = true
      + archive_on_destroy          = true
      + archived                    = false
      + auto_init                   = false
      + default_branch              = (known after apply)
      + delete_branch_on_merge      = true
      + description                 = "this repository was create by terraform managed by operations-engineering team • This repository is defined and managed in Terraform"
      + etag                        = (known after apply)
      + full_name                   = (known after apply)
      + git_clone_url               = (known after apply)
      + has_downloads               = true
      + has_issues                  = true
      + has_projects                = true
      + has_wiki                    = true
      + html_url                    = (known after apply)
      + http_clone_url              = (known after apply)
      + id                          = (known after apply)
      + is_template                 = false
      + merge_commit_message        = "PR_TITLE"
      + merge_commit_title          = "MERGE_MESSAGE"
      + name                        = "test-repository-levg"
      + node_id                     = (known after apply)
      + primary_language            = (known after apply)
      + private                     = (known after apply)
      + repo_id                     = (known after apply)
      + squash_merge_commit_message = "COMMIT_MESSAGES"
      + squash_merge_commit_title   = "COMMIT_OR_PR_TITLE"
      + ssh_clone_url               = (known after apply)
      + svn_url                     = (known after apply)
      + topics                      = [
          + "operations-engineering",
        ]
      + visibility                  = "public"
      + vulnerability_alerts        = true
      + web_commit_signoff_required = false

      + security_and_analysis {
          + secret_scanning {
              + status = "enabled"
            }
          + secret_scanning_push_protection {
              + status = "enabled"
            }
        }

      + template {
          + include_all_branches = false
          + owner                = "ministryofjustice"
          + repository           = "template-repository"
        }
    }

  # module.test-repository-levg.github_repository_tag_protection.default will be created
  + resource "github_repository_tag_protection" "default" {
      + id                = (known after apply)
      + pattern           = "*"
      + repository        = (known after apply)
      + tag_protection_id = (known after apply)
    }

  # module.test-repository-levg2.data.github_actions_public_key.default will be read during apply
  # (config refers to values not yet known)
 <= data "github_actions_public_key" "default" {
      + id         = (known after apply)
      + key        = (known after apply)
      + key_id     = (known after apply)
      + repository = (known after apply)
    }

  # module.test-repository-levg2.github_branch_protection.default will be created
  + resource "github_branch_protection" "default" {
      + allows_deletions                = false
      + allows_force_pushes             = false
      + blocks_creations                = false
      + enforce_admins                  = true
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = (known after apply)
      + require_conversation_resolution = false
      + require_signed_commits          = false
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + strict = false
        }
    }

  # module.test-repository-levg2.github_repository.default will be created
  + resource "github_repository" "default" {
      + allow_auto_merge            = false
      + allow_merge_commit          = true
      + allow_rebase_merge          = true
      + allow_squash_merge          = true
      + archive_on_destroy          = true
      + archived                    = false
      + auto_init                   = false
      + default_branch              = (known after apply)
      + delete_branch_on_merge      = true
      + description                 = "this repository was create by terraform managed by operations-engineering team • This repository is defined and managed in Terraform"
      + etag                        = (known after apply)
      + full_name                   = (known after apply)
      + git_clone_url               = (known after apply)
      + has_downloads               = true
      + has_issues                  = true
      + has_projects                = true
      + has_wiki                    = true
      + html_url                    = (known after apply)
      + http_clone_url              = (known after apply)
      + id                          = (known after apply)
      + is_template                 = false
      + merge_commit_message        = "PR_TITLE"
      + merge_commit_title          = "MERGE_MESSAGE"
      + name                        = "test-repository-levg2"
      + node_id                     = (known after apply)
      + primary_language            = (known after apply)
      + private                     = (known after apply)
      + repo_id                     = (known after apply)
      + squash_merge_commit_message = "COMMIT_MESSAGES"
      + squash_merge_commit_title   = "COMMIT_OR_PR_TITLE"
      + ssh_clone_url               = (known after apply)
      + svn_url                     = (known after apply)
      + topics                      = [
          + "operations-engineering",
        ]
      + visibility                  = "public"
      + vulnerability_alerts        = true
      + web_commit_signoff_required = false

      + security_and_analysis {
          + secret_scanning {
              + status = "enabled"
            }
          + secret_scanning_push_protection {
              + status = "enabled"
            }
        }

      + template {
          + include_all_branches = false
          + owner                = "ministryofjustice"
          + repository           = "template-repository"
        }
    }

  # module.test-repository-levg2.github_repository_tag_protection.default will be created
  + resource "github_repository_tag_protection" "default" {
      + id                = (known after apply)
      + pattern           = "*"
      + repository        = (known after apply)
      + tag_protection_id = (known after apply)
    }

  # module.test-repository-levg3.data.github_actions_public_key.default will be read during apply
  # (config refers to values not yet known)
 <= data "github_actions_public_key" "default" {
      + id         = (known after apply)
      + key        = (known after apply)
      + key_id     = (known after apply)
      + repository = (known after apply)
    }

  # module.test-repository-levg3.github_branch_protection.default will be created
  + resource "github_branch_protection" "default" {
      + allows_deletions                = false
      + allows_force_pushes             = false
      + blocks_creations                = false
      + enforce_admins                  = true
      + id                              = (known after apply)
      + lock_branch                     = false
      + pattern                         = "main"
      + repository_id                   = (known after apply)
      + require_conversation_resolution = false
      + require_signed_commits          = false
      + required_linear_history         = false

      + required_pull_request_reviews {
          + dismiss_stale_reviews           = true
          + require_code_owner_reviews      = true
          + require_last_push_approval      = false
          + required_approving_review_count = 1
        }

      + required_status_checks {
          + strict = false
        }
    }

  # module.test-repository-levg3.github_repository.default will be created
  + resource "github_repository" "default" {
      + allow_auto_merge            = false
      + allow_merge_commit          = true
      + allow_rebase_merge          = true
      + allow_squash_merge          = true
      + archive_on_destroy          = true
      + archived                    = false
      + auto_init                   = false
      + default_branch              = (known after apply)
      + delete_branch_on_merge      = true
      + description                 = "this repository was create by terraform managed by operations-engineering team • This repository is defined and managed in Terraform"
      + etag                        = (known after apply)
      + full_name                   = (known after apply)
      + git_clone_url               = (known after apply)
      + has_downloads               = true
      + has_issues                  = true
      + has_projects                = true
      + has_wiki                    = true
      + html_url                    = (known after apply)
      + http_clone_url              = (known after apply)
      + id                          = (known after apply)
      + is_template                 = false
      + merge_commit_message        = "PR_TITLE"
      + merge_commit_title          = "MERGE_MESSAGE"
      + name                        = "test-repository-levg3"
      + node_id                     = (known after apply)
      + primary_language            = (known after apply)
      + private                     = (known after apply)
      + repo_id                     = (known after apply)
      + squash_merge_commit_message = "COMMIT_MESSAGES"
      + squash_merge_commit_title   = "COMMIT_OR_PR_TITLE"
      + ssh_clone_url               = (known after apply)
      + svn_url                     = (known after apply)
      + topics                      = [
          + "operations-engineering",
        ]
      + visibility                  = "public"
      + vulnerability_alerts        = true
      + web_commit_signoff_required = false

      + security_and_analysis {
          + secret_scanning {
              + status = "enabled"
            }
          + secret_scanning_push_protection {
              + status = "enabled"
            }
        }

      + template {
          + include_all_branches = false
          + owner                = "ministryofjustice"
          + repository           = "template-repository"
        }
    }

  # module.test-repository-levg3.github_repository_tag_protection.default will be created
  + resource "github_repository_tag_protection" "default" {
      + id                = (known after apply)
      + pattern           = "*"
      + repository        = (known after apply)
      + tag_protection_id = (known after apply)
    }

Plan: 9 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

levgorbunov1 added 9 commits January 16, 2024 14:32

module version and creation of multiple repositories conforming to mo…

4448f35

…j standards

rename repository

9136a5e

specify release in module source url

8f25a5e

different way of specifying release in module url

d4466a2

remove terraform module version

707e748

remove default variables that are included in module and add applicat…

13cf76f

…ion_name default variable

allow apply of task branch

57fa356

remove junk continue on fail and add terraform destroy for testing

53f6265

block terraform apply from task branches, remove terraform destroy

0fe205d

levgorbunov1 requested a review from a team as a code owner January 16, 2024 15:34

levgorbunov1 added 2 commits January 16, 2024 15:50

refactor the solution to define each repository in separate tf file e…

99a99e4

…ach referencing the module rather than using a loop

rename modules

57077f4

jasonBirchall approved these changes Jan 16, 2024

View reviewed changes

levgorbunov1 merged commit c0b9354 into main Jan 16, 2024
5 of 6 checks passed

levgorbunov1 deleted the multiple-repos-and-standards-dev branch January 16, 2024 16:00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Create multiple repositories in test org using Terraform, which conform to moj standards #4025

Create multiple repositories in test org using Terraform, which conform to moj standards #4025

levgorbunov1 commented Jan 16, 2024 •

edited

Loading

github-actions bot commented Jan 16, 2024

codecov-commenter commented Jan 16, 2024 •

edited

Loading

github-actions bot commented Jan 16, 2024 •

edited

Loading

github-actions bot commented Jan 16, 2024

github-actions bot commented Jan 16, 2024

Create multiple repositories in test org using Terraform, which conform to moj standards #4025

Create multiple repositories in test org using Terraform, which conform to moj standards #4025

Conversation

levgorbunov1 commented Jan 16, 2024 • edited Loading

github-actions bot commented Jan 16, 2024

repositories plan

codecov-commenter commented Jan 16, 2024 • edited Loading

Codecov Report

github-actions bot commented Jan 16, 2024 • edited Loading

🦙 MegaLinter status: ❌ ERROR

github-actions bot commented Jan 16, 2024

repositories plan

github-actions bot commented Jan 16, 2024

repositories plan

levgorbunov1 commented Jan 16, 2024 •

edited

Loading

codecov-commenter commented Jan 16, 2024 •

edited

Loading

github-actions bot commented Jan 16, 2024 •

edited

Loading