Skip to content

Gposton/branch protection apps #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jcudit wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Gposton/branch protection apps #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b762ef5
Adds acceptance test runs triggered by labels
Mar 3, 2020
bd37a06
Add support for assigning apps in branch protection rules
gposton Nov 21, 2019
d38045c
update docs
gposton Mar 3, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions .github/workflows/acceptance-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: Acceptance Tests

on:
pull_request:
types: [labeled]

jobs:
acceptance-tests:
runs-on: ubuntu-latest
steps:

- name: Parse Context From Environment
run: |
echo ::set-env name=HEAD_SHA::$(
jq -rc '.pull_request.head.sha' $GITHUB_EVENT_PATH
)
echo ::set-env name=LABEL_NAME::$(
jq -rc .label.name $GITHUB_EVENT_PATH
)

- name: Parse Arguments From Label Name
run: |
echo ::set-env name=RUN_FILTER::$(
echo $LABEL_NAME | cut -d/ -f 2
)

- name: Match expected prefix or exit
run: echo ${LABEL_NAME} | egrep -q "^acceptance-test/"

- name: Checkout
uses: actions/checkout@v2.0.0
with:
ref: ${{ env.HEAD_SHA }}

- name: Generate Test Fixtures
run: |
openssl req -x509 -newkey rsa:4096 -days 1 -nodes \
-subj "/C=US/ST=CA/L=San Francisco/O=HashiCorp, Inc./CN=localhost" \
-keyout github/test-fixtures/key.pem -out github/test-fixtures/cert.pem

- name: Acceptance Tests
uses: terraformtesting/acceptance-tests@v1.2.0
with:
RUN_FILTER: ${{ env.RUN_FILTER }}
GITHUB_ORGANIZATION: terraformtesting
GITHUB_TEST_USER: github-terraform-test-user
GITHUB_TEST_USER_NAME: "Test User"
GITHUB_TEST_USER_EMAIL: 60107403+github-terraform-test-user@users.noreply.github.com
GITHUB_TEST_USER_TOKEN: ${{ secrets.GITHUB_TEST_USER_TOKEN }}
GITHUB_TEST_COLLABORATOR: github-terraform-test-collaborator
GITHUB_TEST_COLLABORATOR_TOKEN: ${{ secrets.GITHUB_TEST_COLLABORATOR_TOKEN }}
GITHUB_TEMPLATE_REPOSITORY: terraform-template-module
GITHUB_TEMPLATE_REPOSITORY_RELEASE_ID: 23826477
16 changes: 16 additions & 0 deletions github/resource_github_branch_protection.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,11 @@ func resourceGithubBranchProtection() *schema.Resource {
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
"apps": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
},
},
},
Expand Down Expand Up @@ -473,10 +478,18 @@ func flattenAndSetRestrictions(d *schema.ResourceData, protection *github.Protec
}
}

apps := make([]interface{}, 0, len(restrictions.Apps))
for _, t := range restrictions.Apps {
if t.Slug != nil {
apps = append(apps, *t.Slug)
}
}

return d.Set("restrictions", []interface{}{
map[string]interface{}{
"users": schema.NewSet(schema.HashString, users),
"teams": schema.NewSet(schema.HashString, teams),
"apps": schema.NewSet(schema.HashString, apps),
},
})
}
Expand Down Expand Up @@ -557,6 +570,7 @@ func expandRestrictions(d *schema.ResourceData) (*github.BranchRestrictionsReque
if v == nil {
restrictions.Users = []string{}
restrictions.Teams = []string{}
restrictions.Apps = []string{}
return restrictions, nil
}
m := v.(map[string]interface{})
Expand All @@ -565,6 +579,8 @@ func expandRestrictions(d *schema.ResourceData) (*github.BranchRestrictionsReque
restrictions.Users = users
teams := expandNestedSet(m, "teams")
restrictions.Teams = teams
apps := expandNestedSet(m, "apps")
restrictions.Apps = apps
}
return restrictions, nil
}
Expand Down
4 changes: 3 additions & 1 deletion website/docs/r/branch_protection.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ description: |-

Protects a GitHub branch.

This resource allows you to configure branch protection for repositories in your organization. When applied, the branch will be protected from forced pushes and deletion. Additional constraints, such as required status checks or restrictions on users and teams, can also be configured.
This resource allows you to configure branch protection for repositories in your organization. When applied, the branch will be protected from forced pushes and deletion. Additional constraints, such as required status checks or restrictions on users, teams, and apps, can also be configured.

## Example Usage

Expand All @@ -36,6 +36,7 @@ resource "github_branch_protection" "example" {
restrictions {
users = ["foo-user"]
teams = ["${github_team.example.slug}"]
apps = ["foo-app"]
}
}

Expand Down Expand Up @@ -86,6 +87,7 @@ The following arguments are supported:

* `users`: (Optional) The list of user logins with push access.
* `teams`: (Optional) The list of team slugs with push access.
* `apps`: (Optional) The list of app slugs with push access.
Always use `slug` of the team, **not** its name. Each team already **has** to have access to the repository.

`restrictions` is only available for organization-owned repositories.
Expand Down