-
Notifications
You must be signed in to change notification settings - Fork 33
/
github.tf
59 lines (51 loc) · 2.14 KB
/
github.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
data "github_repository" "this" {
full_name = "${var.github_repository_owner}/${var.github_repository_name}"
}
data "github_team" "avm_core" {
count = var.manage_github_environment ? 1 : 0
slug = var.github_core_team_name
}
data "github_team" "owners" {
count = var.manage_github_environment && var.github_owner_team_name != "" ? 1 : 0
slug = replace(var.github_owner_team_name, "@Azure/", "")
}
data "github_team" "contributors" {
count = var.manage_github_environment && var.github_contributor_team_name != "" ? 1 : 0
slug = replace(var.github_contributor_team_name, "@Azure/", "")
}
locals {
environment_teams = concat(
var.manage_github_environment ? [data.github_team.avm_core[0].id] : [],
var.github_owner_team_name == "" ? [] : [data.github_team.owners[0].id],
var.github_contributor_team_name == "" ? [] : [data.github_team.contributors[0].id]
)
}
resource "github_repository_environment" "this" {
count = var.manage_github_environment ? 1 : 0
environment = var.github_repository_environment_name
repository = data.github_repository.this.name
reviewers {
teams = local.environment_teams
}
}
resource "github_actions_environment_secret" "tenant_id" {
count = var.manage_github_environment ? 1 : 0
repository = data.github_repository.this.name
environment = github_repository_environment.this[0].environment
secret_name = "ARM_TENANT_ID"
plaintext_value = data.azapi_client_config.current.tenant_id
}
resource "github_actions_environment_secret" "subscription_id" {
count = var.manage_github_environment ? 1 : 0
repository = data.github_repository.this.name
environment = github_repository_environment.this[0].environment
secret_name = "ARM_SUBSCRIPTION_ID"
plaintext_value = var.target_subscription_id
}
resource "github_actions_environment_secret" "client_id" {
count = var.manage_github_environment ? 1 : 0
repository = data.github_repository.this.name
environment = github_repository_environment.this[0].environment
secret_name = "ARM_CLIENT_ID"
plaintext_value = azapi_resource.identity.output.properties.clientId
}