From f9a8cc2e2deaa548c66601bb578ed00e87e185c7 Mon Sep 17 00:00:00 2001 From: Kevin Mahoney Date: Thu, 22 Aug 2024 17:29:50 +0200 Subject: [PATCH 1/3] feat(organization_settings): add github_organization_settings module --- modules/organization_settings/README.md | 64 +++++++++ modules/organization_settings/main.tf | 28 ++++ modules/organization_settings/outputs.tf | 4 + modules/organization_settings/variables.tf | 154 +++++++++++++++++++++ modules/organization_settings/versions.tf | 9 ++ 5 files changed, 259 insertions(+) create mode 100644 modules/organization_settings/README.md create mode 100644 modules/organization_settings/main.tf create mode 100644 modules/organization_settings/outputs.tf create mode 100644 modules/organization_settings/variables.tf create mode 100644 modules/organization_settings/versions.tf diff --git a/modules/organization_settings/README.md b/modules/organization_settings/README.md new file mode 100644 index 0000000..834eceb --- /dev/null +++ b/modules/organization_settings/README.md @@ -0,0 +1,64 @@ +# github_organization_settings + +This module allows setting standard github organization settings for public profile and also for managing permissions. + + + + +## Requirements + +| Name | Version | +|------|---------| +| terraform | >=1.3 | +| github | >= 6.2.3 | + +## Providers + +| Name | Version | +|------|---------| +| github | >= 6.2.3 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [github_actions_organization_permissions.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_permissions) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| allows_public_repositories | Whether public repositories can be added to the runner group | `bool` | `null` | no | +| name | Name of the runner group | `string` | n/a | yes | +| restricted_to_workflows | If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false. | `bool` | `null` | no | +| selected_repository_ids | IDs of the repositories which should be added to the runner group | `list(string)` | `[]` | no | +| selected_workflows | List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true. | `list(string)` | `[]` | no | +| visibility | Visibility of a runner group. Whether the runner group can include all, selected, or private repositories. A value of private is not currently supported due to limitations in the GitHub API. | `string` | `null` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| test | test | + + +## Contributing + +Contributions are welcome and appreciated! + +Found an issue or want to request a feature? [Open an issue](TODO) + +Want to fix a bug you found or add some functionality? Fork, clone, commit, push, and PR and we'll check it out. + +If you have any issues or are waiting a long time for a PR to get merged then feel free to ping us at [hello@masterpoint.io](mailto:hello@masterpoint.io). + +## Built By + +[![Masterpoint Logo](https://i.imgur.com/RDLnuQO.png)](https://masterpoint.io) + + + diff --git a/modules/organization_settings/main.tf b/modules/organization_settings/main.tf new file mode 100644 index 0000000..8aaaf73 --- /dev/null +++ b/modules/organization_settings/main.tf @@ -0,0 +1,28 @@ +resource "github_organization_settings" "this" { + billing_email = var.billing_email + company = var.company + blog = var.blog + email = var.email + twitter_username = var.twitter_username + location = var.location + name = var.name + description = var.description + has_organization_projects = var.has_organization_projects + has_repository_projects = var.has_repository_projects + default_repository_permission = var.default_repository_permission + members_can_create_repositories = var.members_can_create_repositories + members_can_create_public_repositories = var.members_can_create_public_repositories + members_can_create_private_repositories = var.members_can_create_private_repositories + members_can_create_internal_repositories = var.members_can_create_internal_repositories + members_can_create_pages = var.members_can_create_pages + members_can_create_public_pages = var.members_can_create_public_pages + members_can_create_private_pages = var.members_can_create_private_pages + members_can_fork_private_repositories = var.members_can_fork_private_repositories + web_commit_signoff_required = var.web_commit_signoff_required + advanced_security_enabled_for_new_repositories = var.advanced_security_enabled_for_new_repositories + dependabot_alerts_enabled_for_new_repositories = var.dependabot_alerts_enabled_for_new_repositories + dependabot_security_updates_enabled_for_new_repositories = var.dependabot_security_updates_enabled_for_new_repositories + dependency_graph_enabled_for_new_repositories = var.dependency_graph_enabled_for_new_repositories + secret_scanning_enabled_for_new_repositories = var.secret_scanning_enabled_for_new_repositories + secret_scanning_push_protection_enabled_for_new_repositories = var.secret_scanning_push_protection_enabled_for_new_repositories +} diff --git a/modules/organization_settings/outputs.tf b/modules/organization_settings/outputs.tf new file mode 100644 index 0000000..51fa0a1 --- /dev/null +++ b/modules/organization_settings/outputs.tf @@ -0,0 +1,4 @@ +output "id" { + description = "The ID of the organization settings." + value = github_organization_setting.this.id +} diff --git a/modules/organization_settings/variables.tf b/modules/organization_settings/variables.tf new file mode 100644 index 0000000..995417c --- /dev/null +++ b/modules/organization_settings/variables.tf @@ -0,0 +1,154 @@ +variable "billing_email" { + description = "The billing email address for the organization." + type = string +} + +variable "company" { + description = "The company name for the organization." + type = string + default = null +} + +variable "blog" { + description = "The blog URL for the organization." + type = string + default = null +} + +variable "email" { + description = "The email address for the organization." + type = string + default = null +} + +variable "twitter_username" { + description = "The Twitter username for the organization." + type = string + default = null +} + +variable "location" { + description = "The location for the organization." + type = string + default = null +} + +variable "name" { + description = "The name for the organization." + type = string + default = null +} + +variable "description" { + description = "The description for the organization." + type = string + default = null +} + +variable "has_organization_projects" { + description = "Whether or not organization projects are enabled for the organization." + type = bool + default = null +} + +variable "has_repository_projects" { + description = "Whether or not repository projects are enabled for the organization." + type = bool + default = null +} + +variable "default_repository_permission" { + description = "The default permission for organization members to create new repositories. Can be one of read, write, admin, or none. Defaults to read." + type = string + default = null +} + +variable "members_can_create_repositories" { + description = "Whether or not organization members can create new repositories. Defaults to true." + type = bool + default = null +} + +variable "members_can_create_public_repositories" { + description = "Whether or not organization members can create new public repositories. Defaults to true." + type = bool + default = null +} + +variable "members_can_create_private_repositories" { + description = "Whether or not organization members can create new private repositories. Defaults to true." + type = bool + default = null +} + +variable "members_can_create_internal_repositories" { + description = "Whether or not organization members can create new internal repositories. For Enterprise Organizations only." + type = bool + default = null +} + +variable "members_can_create_pages" { + description = "Whether or not organization members can create new pages. Defaults to true." + type = bool + default = null +} + +variable "members_can_create_public_pages" { + description = "Whether or not organization members can create new public pages. Defaults to true." + type = bool + default = null +} + +variable "members_can_create_private_pages" { + description = "Whether or not organization members can create new private pages. Defaults to true." + type = bool + default = null +} + +variable "members_can_fork_private_repositories" { + description = "Whether or not organization members can fork private repositories. Defaults to false." + type = bool + default = null +} + +variable "web_commit_signoff_required" { + description = "Whether or not commit signatures are required for commits to the organization. Defaults to false." + type = bool + default = null +} + +variable "advanced_security_enabled_for_new_repositories" { + description = "Whether or not advanced security is enabled for new repositories. Defaults to false." + type = bool + default = null +} + +variable "dependabot_alerts_enabled_for_new_repositories" { + description = "Whether or not dependabot alerts are enabled for new repositories. Defaults to false." + type = bool + default = null +} + +variable "dependabot_security_updates_enabled_for_new_repositories" { + description = "Whether or not dependabot security updates are enabled for new repositories. Defaults to false." + type = bool + default = null +} + +variable "dependency_graph_enabled_for_new_repositories" { + description = "Whether or not dependency graph is enabled for new repositories. Defaults to false." + type = bool + default = null +} + +variable "secret_scanning_enabled_for_new_repositories" { + description = "Whether or not secret scanning is enabled for new repositories. Defaults to false." + type = bool + default = null +} + +variable "secret_scanning_push_protection_enabled_for_new_repositories" { + description = "Whether or not secret scanning push protection is enabled for new repositories. Defaults to false." + type = bool + default = null +} diff --git a/modules/organization_settings/versions.tf b/modules/organization_settings/versions.tf new file mode 100644 index 0000000..a431a52 --- /dev/null +++ b/modules/organization_settings/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">=1.3" + required_providers { + github = { + source = "integrations/github" + version = ">= 6.2.3" + } + } +} From 905dc1c3ceeadc06ab92a080c153f0be5dae0d20 Mon Sep 17 00:00:00 2001 From: Kevin Mahoney Date: Thu, 22 Aug 2024 17:30:50 +0200 Subject: [PATCH 2/3] update docs --- modules/organization_settings/README.md | 36 +++++++++++++++++++------ 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/modules/organization_settings/README.md b/modules/organization_settings/README.md index 834eceb..e7782c5 100644 --- a/modules/organization_settings/README.md +++ b/modules/organization_settings/README.md @@ -26,24 +26,44 @@ No modules. | Name | Type | |------|------| -| [github_actions_organization_permissions.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_permissions) | resource | +| [github_organization_settings.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_settings) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| allows_public_repositories | Whether public repositories can be added to the runner group | `bool` | `null` | no | -| name | Name of the runner group | `string` | n/a | yes | -| restricted_to_workflows | If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false. | `bool` | `null` | no | -| selected_repository_ids | IDs of the repositories which should be added to the runner group | `list(string)` | `[]` | no | -| selected_workflows | List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true. | `list(string)` | `[]` | no | -| visibility | Visibility of a runner group. Whether the runner group can include all, selected, or private repositories. A value of private is not currently supported due to limitations in the GitHub API. | `string` | `null` | no | +| advanced_security_enabled_for_new_repositories | Whether or not advanced security is enabled for new repositories. Defaults to false. | `bool` | `null` | no | +| billing_email | The billing email address for the organization. | `string` | n/a | yes | +| blog | The blog URL for the organization. | `string` | `null` | no | +| company | The company name for the organization. | `string` | `null` | no | +| default_repository_permission | The default permission for organization members to create new repositories. Can be one of read, write, admin, or none. Defaults to read. | `string` | `null` | no | +| dependabot_alerts_enabled_for_new_repositories | Whether or not dependabot alerts are enabled for new repositories. Defaults to false. | `bool` | `null` | no | +| dependabot_security_updates_enabled_for_new_repositories | Whether or not dependabot security updates are enabled for new repositories. Defaults to false. | `bool` | `null` | no | +| dependency_graph_enabled_for_new_repositories | Whether or not dependency graph is enabled for new repositories. Defaults to false. | `bool` | `null` | no | +| description | The description for the organization. | `string` | `null` | no | +| email | The email address for the organization. | `string` | `null` | no | +| has_organization_projects | Whether or not organization projects are enabled for the organization. | `bool` | `null` | no | +| has_repository_projects | Whether or not repository projects are enabled for the organization. | `bool` | `null` | no | +| location | The location for the organization. | `string` | `null` | no | +| members_can_create_internal_repositories | Whether or not organization members can create new internal repositories. For Enterprise Organizations only. | `bool` | `null` | no | +| members_can_create_pages | Whether or not organization members can create new pages. Defaults to true. | `bool` | `null` | no | +| members_can_create_private_pages | Whether or not organization members can create new private pages. Defaults to true. | `bool` | `null` | no | +| members_can_create_private_repositories | Whether or not organization members can create new private repositories. Defaults to true. | `bool` | `null` | no | +| members_can_create_public_pages | Whether or not organization members can create new public pages. Defaults to true. | `bool` | `null` | no | +| members_can_create_public_repositories | Whether or not organization members can create new public repositories. Defaults to true. | `bool` | `null` | no | +| members_can_create_repositories | Whether or not organization members can create new repositories. Defaults to true. | `bool` | `null` | no | +| members_can_fork_private_repositories | Whether or not organization members can fork private repositories. Defaults to false. | `bool` | `null` | no | +| name | The name for the organization. | `string` | `null` | no | +| secret_scanning_enabled_for_new_repositories | Whether or not secret scanning is enabled for new repositories. Defaults to false. | `bool` | `null` | no | +| secret_scanning_push_protection_enabled_for_new_repositories | Whether or not secret scanning push protection is enabled for new repositories. Defaults to false. | `bool` | `null` | no | +| twitter_username | The Twitter username for the organization. | `string` | `null` | no | +| web_commit_signoff_required | Whether or not commit signatures are required for commits to the organization. Defaults to false. | `bool` | `null` | no | ## Outputs | Name | Description | |------|-------------| -| test | test | +| id | The ID of the organization settings. | ## Contributing From c760d5c4ab250907507149a4bea25f455c827c00 Mon Sep 17 00:00:00 2001 From: Kevin Mahoney Date: Fri, 6 Sep 2024 15:23:15 +0200 Subject: [PATCH 3/3] trigger title check