Wednesday, June 28, 2023

 The following IaC shows github integration.


data "azuread_client_config" "current" {}

variable namespace {

   description = “The namespace for end-user deployment”

   type = string

   default = "${var.name}-" + uuid()

}

resource "azuread_group" "contributor_group" {

  display_name     = "${var.namespace} contributor group"

  owners           = [data.azuread_client_config.current.object_id]

  security_enabled = true

  onpremises_group_type = "UniversalSecurityGroup"

  onpremises_sync_enabled = true

}

resource "azuread_group" "operator_group" {

  display_name     = "${var.namespace} operator group"

  owners           = [data.azuread_client_config.current.object_id]

  security_enabled = true

  onpremises_group_type = "UniversalSecurityGroup"

  onpremises_sync_enabled = true

}

resource "github_team" "deployment_contributors" {

  name        = "${var.namespace} contributor-team"

  description = "Has read-write access"

  privacy     = "closed"

}

resource "github_team" "deployment_operators" {

  name        = "${var.namespace} operator-team"

  description = "Has read-only access"

  privacy     = "closed"

}

resource "github_repository" "pipelines" {

  name        = "${var.namespace}-pipelines"

  description = "${var.namespace} pipeline artifacts"

  visibility = "private"

  private = true

  auto_init = true

  template {

    owner                = "MyOrganization"

    repository           = "pipeline-template"

    include_all_branches = true

  }

}

resource "github_branch" "contributors-branch" {

  repository = github_repository.pipelines.name

  branch     = "contributors-branch"

}

resource "github_branch" "operators-branch" {

  repository = github_repository.pipelines.name

  branch     = "operators-branch"

}

resource "github_branch_protection" "contributors_branch_protection" {

  repository_id = github_repository.pipelines.name

  pattern          = github_branch.contributors-branch.branch

  enforce_admins   = true

  allows_deletions = false

  push_restrictions = [

    data.github_team.deployment_contributors.name,

  ]

}

resource "github_branch_protection" "operators_branch_protection" {

  repository_id = github_repository.pipelines.name

  pattern          = github_branch.operators-branch.branch

  enforce_admins   = true

  allows_deletions = false

  push_restrictions = [

    data.github_team.deployment_operators.name,

  ]

}

 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)