From a47fb48fa80dc2cc2507b988ad4b7f52bbf60549 Mon Sep 17 00:00:00 2001 From: Yordis Prieto Lazo Date: Sun, 5 Jul 2020 00:21:41 -0400 Subject: [PATCH] initial commit --- .gitignore | 1 + .tool-versions | 1 + LICENSE | 21 ++++++++ README.md | 21 ++++++++ modules/membership/README.md | 29 +++++++++++ modules/membership/locals.tf | 5 ++ modules/membership/main.tf | 10 ++++ modules/membership/provider.tf | 5 ++ modules/membership/variables.tf | 27 +++++++++++ modules/repository/README.md | 34 +++++++++++++ modules/repository/locals.tf | 86 +++++++++++++++++++++++++++++++++ modules/repository/main.tf | 52 ++++++++++++++++++++ modules/repository/outputs.tf | 4 ++ modules/repository/provider.tf | 5 ++ modules/repository/variables.tf | 49 +++++++++++++++++++ modules/team/README.md | 31 ++++++++++++ modules/team/main.tf | 12 +++++ modules/team/outputs.tf | 4 ++ modules/team/provider.tf | 5 ++ modules/team/variables.tf | 26 ++++++++++ scripts/generate-readme.sh | 2 + 21 files changed, 430 insertions(+) create mode 100644 .gitignore create mode 100644 .tool-versions create mode 100644 LICENSE create mode 100644 README.md create mode 100644 modules/membership/README.md create mode 100644 modules/membership/locals.tf create mode 100644 modules/membership/main.tf create mode 100644 modules/membership/provider.tf create mode 100644 modules/membership/variables.tf create mode 100644 modules/repository/README.md create mode 100644 modules/repository/locals.tf create mode 100644 modules/repository/main.tf create mode 100644 modules/repository/outputs.tf create mode 100644 modules/repository/provider.tf create mode 100644 modules/repository/variables.tf create mode 100644 modules/team/README.md create mode 100644 modules/team/main.tf create mode 100644 modules/team/outputs.tf create mode 100644 modules/team/provider.tf create mode 100644 modules/team/variables.tf create mode 100755 scripts/generate-readme.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..48238a3 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +!.tool-versions diff --git a/.tool-versions b/.tool-versions new file mode 100644 index 0000000..74bad2c --- /dev/null +++ b/.tool-versions @@ -0,0 +1 @@ +terraform-docs v0.9.1 diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..a06266f --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2020-Present Straw Hat, LLC + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..cd490af --- /dev/null +++ b/README.md @@ -0,0 +1,21 @@ +# Terraform Github Straw Hat Team + +Welcome to Straw Hat Team Terraform modules for managing Github organization. + +**The Intent** is to create defaults that fit the needs of Straw Hat +organization, therefore, the decisions are made to fit those needs. + +> **Conway's Law:** https://en.wikipedia.org/wiki/Conway%27s_law +> +> "Any organization that designs a system (defined broadly) will produce a design +> whose structure is a copy of the organization's communication structure." +> Melvin E. Conway. + +## What is next + +Check the list of modules available. + +- [membership](./modules/membership/README.md): for managing access to the + organization. +- [repository](./modules/repository/README.md): for managing repositories. +- [team](./modules/team/README.md): for managing teams. diff --git a/modules/membership/README.md b/modules/membership/README.md new file mode 100644 index 0000000..b5c22a4 --- /dev/null +++ b/modules/membership/README.md @@ -0,0 +1,29 @@ +# Membership + +This module allows you to manage GitHub memberships. + +## Requirements + +| Name | Version | +| ------ | -------- | +| github | ~> 2.9.1 | + +## Providers + +| Name | Version | +| ------ | -------- | +| github | ~> 2.9.1 | + +## Inputs + +| Name | Description | Type | Default | Required | +| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------- | ------- | :------: | +| github\_organization | The GitHub Organization slug name. | `string` | n/a | yes | +| github\_token | The GitHub API token. | `string` | n/a | yes | +| admins | A list of users to be added to your organization with admin role. When applied, an invitation will be sent to the user to become part of the organization. When destroyed, either the invitation will be cancelled or the user will be removed. | `list(string)` | `[]` | no | +| blocked\_users | The list of usernames blocked from the GitHub organization. | `set(string)` | `[]` | no | +| members | A list of users to be added to your organization with member role. When applied, an invitation will be sent to the user to become part of the organization. When destroyed, either the invitation will be cancelled or the user will be removed. | `list(string)` | `[]` | no | + +## Outputs + +No output. diff --git a/modules/membership/locals.tf b/modules/membership/locals.tf new file mode 100644 index 0000000..794668d --- /dev/null +++ b/modules/membership/locals.tf @@ -0,0 +1,5 @@ +locals { + admins = { for i in var.admins : lower(i) => "admin" } + members = { for i in var.members : lower(i) => "member" } + memberships = merge(local.admins, local.members) +} diff --git a/modules/membership/main.tf b/modules/membership/main.tf new file mode 100644 index 0000000..8e5706a --- /dev/null +++ b/modules/membership/main.tf @@ -0,0 +1,10 @@ +resource "github_membership" "membership" { + for_each = local.memberships + username = each.key + role = each.value +} + +resource "github_organization_block" "blocked_user" { + for_each = var.blocked_users + username = each.value +} diff --git a/modules/membership/provider.tf b/modules/membership/provider.tf new file mode 100644 index 0000000..e179b6f --- /dev/null +++ b/modules/membership/provider.tf @@ -0,0 +1,5 @@ +provider "github" { + version = "~> 2.9.1" + token = var.github_token + organization = var.github_organization +} diff --git a/modules/membership/variables.tf b/modules/membership/variables.tf new file mode 100644 index 0000000..e8fe539 --- /dev/null +++ b/modules/membership/variables.tf @@ -0,0 +1,27 @@ +variable "github_token" { + type = string + description = "The GitHub API token." +} + +variable "github_organization" { + type = string + description = "The GitHub Organization slug name." +} + +variable "blocked_users" { + type = set(string) + default = [] + description = "The list of usernames blocked from the GitHub organization." +} + +variable "members" { + type = list(string) + default = [] + description = "A list of users to be added to your organization with member role. When applied, an invitation will be sent to the user to become part of the organization. When destroyed, either the invitation will be cancelled or the user will be removed." +} + +variable "admins" { + type = list(string) + default = [] + description = "A list of users to be added to your organization with admin role. When applied, an invitation will be sent to the user to become part of the organization. When destroyed, either the invitation will be cancelled or the user will be removed." +} diff --git a/modules/repository/README.md b/modules/repository/README.md new file mode 100644 index 0000000..3183c3b --- /dev/null +++ b/modules/repository/README.md @@ -0,0 +1,34 @@ +# Repository + +This module allows you to manage GitHub repositories. + +## Requirements + +| Name | Version | +| ------ | -------- | +| github | ~> 2.9.1 | + +## Providers + +| Name | Version | +| ------ | -------- | +| github | ~> 2.9.1 | + +## Inputs + +| Name | Description | Type | Default | Required | +| ----------------------- | -------------------------------------------- | ---------------------------------------------------------------------------- | ------- | :------: | +| github\_organization | The GitHub Organization slug name. | `string` | n/a | yes | +| github\_token | The GitHub API token. | `string` | n/a | yes | +| repository\_description | The repository description. | `string` | n/a | yes | +| repository\_name | The repository name. | `string` | n/a | yes | +| private | Defines if the repository is private. | `bool` | `true` | no | +| repository\_labels | List of extra repository labels. | 
map(object({
    name  = string
    color = string
  }))
| `{}` | no | +| repository\_teams | List of teams with access to the repository. | 
list(object({
    id   = string
    slug = string
  }))
| `[]` | no | +| repository\_topics | List of labels for the repository. | `list(string)` | `[]` | no | + +## Outputs + +| Name | Description | +| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | +| repository | The repository. Visit https://www.terraform.io/docs/providers/github/r/repository.html#argument-reference for more information about this object. | diff --git a/modules/repository/locals.tf b/modules/repository/locals.tf new file mode 100644 index 0000000..2492c02 --- /dev/null +++ b/modules/repository/locals.tf @@ -0,0 +1,86 @@ +locals { + default_labels = { + cla_signed = { + name = "CLA: Signed" + color = "009800" + } + cla_unsigned = { + name = "CLA: Unsigned" + color = "E11D21" + } + priority_low = { + name = "Priority: Low" + color = "009800" + } + priority_medium = { + name = "Priority: Medium" + color = "FBCA04" + } + priority_high = { + name = "Priority: High" + color = "EB6420" + } + priority_critical = { + name = "Priority: Critical" + color = "E11D21" + } + status_abandoned = { + name = "Status: Abandoned" + color = "000000" + } + status_accepted = { + name = "Status: Accepted" + color = "009800" + } + status_available = { + name = "Status: Available" + color = "BFE5BF" + } + status_blocked = { + name = "Status: Blocked" + color = "E11D21" + } + status_completed = { + name = "Status: Completed" + color = "006B75" + } + status_in_progress = { + name = "Status: In Progress" + color = "CCCCCC" + } + status_on_hold = { + name = "Status: On Hold" + color = "E11D21" + } + status_pending = { + name = "Status: Pending" + color = "FEF2C0" + } + status_review_needed = { + name = "Status: Review Needed" + color = "FBCA04" + } + status_revision_needed = { + name = "Status: Revision Needed" + color = "E11D21" + } + type_bug = { + name = "Type: Bug" + color = "E11D21" + } + type_maintenance = { + name = "Type: Maintenance" + color = "FBCA04" + } + type_enhancement = { + name = "Type: Enhancement" + color = "84B6EB" + } + type_question = { + name = "Type: Question" + color = "CC317C" + } + } + labels = merge(local.default_labels, var.repository_labels) + repository_teams_map = { for i in var.repository_teams : i.id => i.slug } +} diff --git a/modules/repository/main.tf b/modules/repository/main.tf new file mode 100644 index 0000000..2144c6e --- /dev/null +++ b/modules/repository/main.tf @@ -0,0 +1,52 @@ +resource "github_repository" "repository" { + name = var.repository_name + description = var.repository_description + private = var.private + topics = var.repository_topics + has_projects = false + has_issues = true + has_wiki = false + allow_merge_commit = false + allow_squash_merge = false + allow_rebase_merge = true + auto_init = true + delete_branch_on_merge = true + default_branch = "master" +} + +resource "github_team_repository" "team_repository" { + count = length(var.repository_teams) + team_id = var.repository_teams[count.index].id + repository = github_repository.repository.id + permission = "push" +} + +resource "github_issue_label" "label" { + for_each = local.labels + repository = github_repository.repository.name + name = each.value.name + color = each.value.color +} + +resource "github_branch_protection" "branch_protection" { + repository = github_repository.repository.name + branch = "master" + enforce_admins = true + require_signed_commits = false + + required_status_checks { + strict = true + } + + required_pull_request_reviews { + dismiss_stale_reviews = true + require_code_owner_reviews = false + dismissal_teams = values(local.repository_teams_map) + } + + restrictions { + users = [] + teams = [] + apps = [] + } +} diff --git a/modules/repository/outputs.tf b/modules/repository/outputs.tf new file mode 100644 index 0000000..47bcf95 --- /dev/null +++ b/modules/repository/outputs.tf @@ -0,0 +1,4 @@ +output "repository" { + description = "The repository. Visit https://www.terraform.io/docs/providers/github/r/repository.html#argument-reference for more information about this object." + value = github_repository.repository +} diff --git a/modules/repository/provider.tf b/modules/repository/provider.tf new file mode 100644 index 0000000..e179b6f --- /dev/null +++ b/modules/repository/provider.tf @@ -0,0 +1,5 @@ +provider "github" { + version = "~> 2.9.1" + token = var.github_token + organization = var.github_organization +} diff --git a/modules/repository/variables.tf b/modules/repository/variables.tf new file mode 100644 index 0000000..72695c7 --- /dev/null +++ b/modules/repository/variables.tf @@ -0,0 +1,49 @@ +variable "github_token" { + type = string + description = "The GitHub API token." +} + +variable "github_organization" { + type = string + description = "The GitHub Organization slug name." +} + +variable "repository_name" { + type = string + description = "The repository name." +} + +variable "repository_description" { + type = string + description = "The repository description." +} + +variable "repository_topics" { + type = list(string) + default = [] + description = "List of labels for the repository." +} + +variable "private" { + type = bool + default = true + description = "Defines if the repository is private." +} + +variable "repository_teams" { + type = list(object({ + id = string + slug = string + })) + default = [] + description = "List of teams with access to the repository." +} + +variable "repository_labels" { + type = map(object({ + name = string + color = string + })) + default = {} + description = "List of extra repository labels." +} diff --git a/modules/team/README.md b/modules/team/README.md new file mode 100644 index 0000000..1153eb0 --- /dev/null +++ b/modules/team/README.md @@ -0,0 +1,31 @@ +# Team + +This module allows you to manage GitHub teams. + +## Requirements + +| Name | Version | +| ------ | -------- | +| github | ~> 2.9.1 | + +## Providers + +| Name | Version | +| ------ | -------- | +| github | ~> 2.9.1 | + +## Inputs + +| Name | Description | Type | Default | Required | +| -------------------- | ---------------------------------- | -------------- | ------- | :------: | +| github\_organization | The GitHub Organization slug name. | `string` | n/a | yes | +| github\_token | The GitHub API token. | `string` | n/a | yes | +| team\_name | The team name. | `string` | n/a | yes | +| team\_enable | Enable or Disable the team. | `bool` | `true` | no | +| team\_members | This list of members of the team. | `list(string)` | `[]` | no | + +## Outputs + +| Name | Description | +| ---- | ----------------------------------------------------------------------------------------------------------------------------------------------- | +| team | The team created. Visit https://www.terraform.io/docs/providers/github/r/team.html#attributes-reference for more information about this object. | diff --git a/modules/team/main.tf b/modules/team/main.tf new file mode 100644 index 0000000..5f0b7ed --- /dev/null +++ b/modules/team/main.tf @@ -0,0 +1,12 @@ +resource "github_team" "team" { + count = var.team_enable ? 1 : 0 + name = var.team_name + privacy = "closed" +} + +resource "github_team_membership" "membership" { + for_each = toset(var.team_members) + team_id = github_team.team[0].id + username = each.value + role = "member" +} diff --git a/modules/team/outputs.tf b/modules/team/outputs.tf new file mode 100644 index 0000000..59f7ba2 --- /dev/null +++ b/modules/team/outputs.tf @@ -0,0 +1,4 @@ +output "team" { + description = "The team created. Visit https://www.terraform.io/docs/providers/github/r/team.html#attributes-reference for more information about this object." + value = github_team.team.* +} diff --git a/modules/team/provider.tf b/modules/team/provider.tf new file mode 100644 index 0000000..e179b6f --- /dev/null +++ b/modules/team/provider.tf @@ -0,0 +1,5 @@ +provider "github" { + version = "~> 2.9.1" + token = var.github_token + organization = var.github_organization +} diff --git a/modules/team/variables.tf b/modules/team/variables.tf new file mode 100644 index 0000000..1217526 --- /dev/null +++ b/modules/team/variables.tf @@ -0,0 +1,26 @@ +variable "github_token" { + type = string + description = "The GitHub API token." +} + +variable "github_organization" { + type = string + description = "The GitHub Organization slug name." +} + +variable "team_enable" { + type = bool + default = true + description = "Enable or Disable the team." +} + +variable "team_members" { + type = list(string) + default = [] + description = "This list of members of the team." +} + +variable "team_name" { + type = string + description = "The team name." +} diff --git a/scripts/generate-readme.sh b/scripts/generate-readme.sh new file mode 100755 index 0000000..87c8cc2 --- /dev/null +++ b/scripts/generate-readme.sh @@ -0,0 +1,2 @@ +cd $1 +terraform-docs markdown table --sort-by-required . >> README.md