initial commit

.gitignore

@@ -0,0 +1 @@
+!.tool-versions

.tool-versions

@@ -0,0 +1 @@
+terraform-docs v0.9.1

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020-Present Straw Hat, LLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,21 @@
+# Terraform Github Straw Hat Team
+
+Welcome to Straw Hat Team Terraform modules for managing Github organization.
+
+**The Intent** is to create defaults that fit the needs of Straw Hat
+organization, therefore, the decisions are made to fit those needs.
+
+> **Conway's Law:** https://en.wikipedia.org/wiki/Conway%27s_law
+>
+> "Any organization that designs a system (defined broadly) will produce a design
+> whose structure is a copy of the organization's communication structure."
+> Melvin E. Conway.
+
+## What is next
+
+Check the list of modules available.
+
+- [membership](./modules/membership/README.md): for managing access to the
+  organization.
+- [repository](./modules/repository/README.md): for managing repositories.
+- [team](./modules/team/README.md): for managing teams.

modules/membership/README.md

@@ -0,0 +1,29 @@
+# Membership
+
+This module allows you to manage GitHub memberships.
+
+## Requirements
+
+| Name   | Version  |
+| ------ | -------- |
+| github | ~> 2.9.1 |
+
+## Providers
+
+| Name   | Version  |
+| ------ | -------- |
+| github | ~> 2.9.1 |
+
+## Inputs
+
+| Name                 | Description                                                                                                                                                                                                                                      | Type           | Default | Required |
+| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------- | ------- | :------: |
+| github\_organization | The GitHub Organization slug name.                                                                                                                                                                                                               | `string`       | n/a     |   yes    |
+| github\_token        | The GitHub API token.                                                                                                                                                                                                                            | `string`       | n/a     |   yes    |
+| admins               | A list of users to be added to your organization with admin role. When applied, an invitation will be sent to the user to become part of the organization. When destroyed, either the invitation will be cancelled or the user will be removed.  | `list(string)` | `[]`    |    no    |
+| blocked\_users       | The list of usernames blocked from the GitHub organization.                                                                                                                                                                                      | `set(string)`  | `[]`    |    no    |
+| members              | A list of users to be added to your organization with member role. When applied, an invitation will be sent to the user to become part of the organization. When destroyed, either the invitation will be cancelled or the user will be removed. | `list(string)` | `[]`    |    no    |
+
+## Outputs
+
+No output.

modules/membership/locals.tf

@@ -0,0 +1,5 @@
+locals {
+  admins      = { for i in var.admins : lower(i) => "admin" }
+  members     = { for i in var.members : lower(i) => "member" }
+  memberships = merge(local.admins, local.members)
+}

modules/membership/main.tf

@@ -0,0 +1,10 @@
+resource "github_membership" "membership" {
+  for_each = local.memberships
+  username = each.key
+  role     = each.value
+}
+
+resource "github_organization_block" "blocked_user" {
+  for_each = var.blocked_users
+  username = each.value
+}

modules/membership/provider.tf

@@ -0,0 +1,5 @@
+provider "github" {
+  version      = "~> 2.9.1"
+  token        = var.github_token
+  organization = var.github_organization
+}

modules/membership/variables.tf

@@ -0,0 +1,27 @@
+variable "github_token" {
+  type        = string
+  description = "The GitHub API token."
+}
+
+variable "github_organization" {
+  type        = string
+  description = "The GitHub Organization slug name."
+}
+
+variable "blocked_users" {
+  type        = set(string)
+  default     = []
+  description = "The list of usernames blocked from the GitHub organization."
+}
+
+variable "members" {
+  type        = list(string)
+  default     = []
+  description = "A list of users to be added to your organization with member role. When applied, an invitation will be sent to the user to become part of the organization. When destroyed, either the invitation will be cancelled or the user will be removed."
+}
+
+variable "admins" {
+  type        = list(string)
+  default     = []
+  description = "A list of users to be added to your organization with admin role. When applied, an invitation will be sent to the user to become part of the organization. When destroyed, either the invitation will be cancelled or the user will be removed."
+}

modules/repository/README.md

@@ -0,0 +1,34 @@
+# Repository
+
+This module allows you to manage GitHub repositories.
+
+## Requirements
+
+| Name   | Version  |
+| ------ | -------- |
+| github | ~> 2.9.1 |
+
+## Providers
+
+| Name   | Version  |
+| ------ | -------- |
+| github | ~> 2.9.1 |
+
+## Inputs
+
+| Name                    | Description                                  | Type                                                                         | Default | Required |
+| ----------------------- | -------------------------------------------- | ---------------------------------------------------------------------------- | ------- | :------: |
+| github\_organization    | The GitHub Organization slug name.           | `string`                                                                     | n/a     |   yes    |
+| github\_token           | The GitHub API token.                        | `string`                                                                     | n/a     |   yes    |
+| repository\_description | The repository description.                  | `string`                                                                     | n/a     |   yes    |
+| repository\_name        | The repository name.                         | `string`                                                                     | n/a     |   yes    |
+| private                 | Defines if the repository is private.        | `bool`                                                                       | `true`  |    no    |
+| repository\_labels      | List of extra repository labels.             | <pre>map(object({<br>    name  = string<br>    color = string<br>  }))</pre> | `{}`    |    no    |
+| repository\_teams       | List of teams with access to the repository. | <pre>list(object({<br>    id   = string<br>    slug = string<br>  }))</pre>  | `[]`    |    no    |
+| repository\_topics      | List of labels for the repository.           | `list(string)`                                                               | `[]`    |    no    |
+
+## Outputs
+
+| Name       | Description                                                                                                                                       |
+| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
+| repository | The repository. Visit https://www.terraform.io/docs/providers/github/r/repository.html#argument-reference for more information about this object. |

modules/repository/locals.tf

@@ -0,0 +1,86 @@
+locals {
+  default_labels = {
+    cla_signed = {
+      name  = "CLA: Signed"
+      color = "009800"
+    }
+    cla_unsigned = {
+      name  = "CLA: Unsigned"
+      color = "E11D21"
+    }
+    priority_low = {
+      name  = "Priority: Low"
+      color = "009800"
+    }
+    priority_medium = {
+      name  = "Priority: Medium"
+      color = "FBCA04"
+    }
+    priority_high = {
+      name  = "Priority: High"
+      color = "EB6420"
+    }
+    priority_critical = {
+      name  = "Priority: Critical"
+      color = "E11D21"
+    }
+    status_abandoned = {
+      name  = "Status: Abandoned"
+      color = "000000"
+    }
+    status_accepted = {
+      name  = "Status: Accepted"
+      color = "009800"
+    }
+    status_available = {
+      name  = "Status: Available"
+      color = "BFE5BF"
+    }
+    status_blocked = {
+      name  = "Status: Blocked"
+      color = "E11D21"
+    }
+    status_completed = {
+      name  = "Status: Completed"
+      color = "006B75"
+    }
+    status_in_progress = {
+      name  = "Status: In Progress"
+      color = "CCCCCC"
+    }
+    status_on_hold = {
+      name  = "Status: On Hold"
+      color = "E11D21"
+    }
+    status_pending = {
+      name  = "Status: Pending"
+      color = "FEF2C0"
+    }
+    status_review_needed = {
+      name  = "Status: Review Needed"
+      color = "FBCA04"
+    }
+    status_revision_needed = {
+      name  = "Status: Revision Needed"
+      color = "E11D21"
+    }
+    type_bug = {
+      name  = "Type: Bug"
+      color = "E11D21"
+    }
+    type_maintenance = {
+      name  = "Type: Maintenance"
+      color = "FBCA04"
+    }
+    type_enhancement = {
+      name  = "Type: Enhancement"
+      color = "84B6EB"
+    }
+    type_question = {
+      name  = "Type: Question"
+      color = "CC317C"
+    }
+  }
+  labels               = merge(local.default_labels, var.repository_labels)
+  repository_teams_map = { for i in var.repository_teams : i.id => i.slug }
+}

modules/repository/main.tf

@@ -0,0 +1,52 @@
+resource "github_repository" "repository" {
+  name                   = var.repository_name
+  description            = var.repository_description
+  private                = var.private
+  topics                 = var.repository_topics
+  has_projects           = false
+  has_issues             = true
+  has_wiki               = false
+  allow_merge_commit     = false
+  allow_squash_merge     = false
+  allow_rebase_merge     = true
+  auto_init              = true
+  delete_branch_on_merge = true
+  default_branch         = "master"
+}
+
+resource "github_team_repository" "team_repository" {
+  count      = length(var.repository_teams)
+  team_id    = var.repository_teams[count.index].id
+  repository = github_repository.repository.id
+  permission = "push"
+}
+
+resource "github_issue_label" "label" {
+  for_each   = local.labels
+  repository = github_repository.repository.name
+  name       = each.value.name
+  color      = each.value.color
+}
+
+resource "github_branch_protection" "branch_protection" {
+  repository             = github_repository.repository.name
+  branch                 = "master"
+  enforce_admins         = true
+  require_signed_commits = false
+
+  required_status_checks {
+    strict = true
+  }
+
+  required_pull_request_reviews {
+    dismiss_stale_reviews      = true
+    require_code_owner_reviews = false
+    dismissal_teams            = values(local.repository_teams_map)
+  }
+
+  restrictions {
+    users = []
+    teams = []
+    apps  = []
+  }
+}

modules/repository/outputs.tf

@@ -0,0 +1,4 @@
+output "repository" {
+  description = "The repository. Visit https://www.terraform.io/docs/providers/github/r/repository.html#argument-reference for more information about this object."
+  value       = github_repository.repository
+}

modules/repository/provider.tf

@@ -0,0 +1,5 @@
+provider "github" {
+  version      = "~> 2.9.1"
+  token        = var.github_token
+  organization = var.github_organization
+}

modules/repository/variables.tf

@@ -0,0 +1,49 @@
+variable "github_token" {
+  type        = string
+  description = "The GitHub API token."
+}
+
+variable "github_organization" {
+  type        = string
+  description = "The GitHub Organization slug name."
+}
+
+variable "repository_name" {
+  type        = string
+  description = "The repository name."
+}
+
+variable "repository_description" {
+  type        = string
+  description = "The repository description."
+}
+
+variable "repository_topics" {
+  type        = list(string)
+  default     = []
+  description = "List of labels for the repository."
+}
+
+variable "private" {
+  type        = bool
+  default     = true
+  description = "Defines if the repository is private."
+}
+
+variable "repository_teams" {
+  type = list(object({
+    id   = string
+    slug = string
+  }))
+  default     = []
+  description = "List of teams with access to the repository."
+}
+
+variable "repository_labels" {
+  type = map(object({
+    name  = string
+    color = string
+  }))
+  default     = {}
+  description = "List of extra repository labels."
+}

modules/team/README.md

@@ -0,0 +1,31 @@
+# Team
+
+This module allows you to manage GitHub teams.
+
+## Requirements
+
+| Name   | Version  |
+| ------ | -------- |
+| github | ~> 2.9.1 |
+
+## Providers
+
+| Name   | Version  |
+| ------ | -------- |
+| github | ~> 2.9.1 |
+
+## Inputs
+
+| Name                 | Description                        | Type           | Default | Required |
+| -------------------- | ---------------------------------- | -------------- | ------- | :------: |
+| github\_organization | The GitHub Organization slug name. | `string`       | n/a     |   yes    |
+| github\_token        | The GitHub API token.              | `string`       | n/a     |   yes    |
+| team\_name           | The team name.                     | `string`       | n/a     |   yes    |
+| team\_enable         | Enable or Disable the team.        | `bool`         | `true`  |    no    |
+| team\_members        | This list of members of the team.  | `list(string)` | `[]`    |    no    |
+
+## Outputs
+
+| Name | Description                                                                                                                                     |
+| ---- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
+| team | The team created. Visit https://www.terraform.io/docs/providers/github/r/team.html#attributes-reference for more information about this object. |