diff --git a/terraform/github/branches.tf b/terraform/github/branches.tf index 71f62507..824af9cb 100644 --- a/terraform/github/branches.tf +++ b/terraform/github/branches.tf @@ -204,6 +204,77 @@ resource "github_branch_protection" "kayobe_branch_protection_caracal" { } } +resource "github_branch_protection" "kayobe_branch_protection_epoxy" { + for_each = toset(var.repositories["Kayobe"]) + repository_id = data.github_repository.repositories[each.key].node_id + + pattern = "stackhpc/2025.1" + require_conversation_resolution = true + allows_deletions = false + allows_force_pushes = false + + required_pull_request_reviews { + dismiss_stale_reviews = true + require_code_owner_reviews = true + required_approving_review_count = 1 + } + + push_restrictions = [ + resource.github_team.organisation_teams["Developers"].node_id + ] + + required_status_checks { + contexts = lookup(lookup(var.required_status_checks, each.key, {}), "stackhpc/2025.1", lookup(var.required_status_checks, each.key, { + "default" : [ + "tox / Tox pep8 with Python 3.12", + "tox / Tox py3 with Python 3.12", + "tox / Tox py3 with Python 3.10" + ] + }).default) + strict = false + } + + lifecycle { + prevent_destroy = true + } +} + + +resource "github_branch_protection" "kayobe_branch_protection_master" { + for_each = toset(var.repositories["Kayobe"]) + repository_id = data.github_repository.repositories[each.key].node_id + + pattern = "stackhpc/master" + require_conversation_resolution = true + allows_deletions = false + allows_force_pushes = false + + required_pull_request_reviews { + dismiss_stale_reviews = true + require_code_owner_reviews = true + required_approving_review_count = 1 + } + + push_restrictions = [ + resource.github_team.organisation_teams["Developers"].node_id + ] + + required_status_checks { + contexts = lookup(lookup(var.required_status_checks, each.key, {}), "stackhpc/master", lookup(var.required_status_checks, each.key, { + "default" : [ + "tox / Tox pep8 with Python 3.12", + "tox / Tox py3 with Python 3.12", + "tox / Tox py3 with Python 3.10" + ] + }).default) + strict = false + } + + lifecycle { + prevent_destroy = true + } +} + resource "github_branch_protection" "openstack_branch_protection_py_3-6" { for_each = toset(var.repositories["OpenStack"]) repository_id = data.github_repository.repositories[each.key].node_id @@ -346,6 +417,76 @@ resource "github_branch_protection" "openstack_branch_protection_caracal" { } } +resource "github_branch_protection" "openstack_branch_protection_epoxy" { + for_each = toset(var.repositories["OpenStack"]) + repository_id = data.github_repository.repositories[each.key].node_id + + pattern = "stackhpc/2025.1" + require_conversation_resolution = true + allows_deletions = false + allows_force_pushes = false + + push_restrictions = [ + resource.github_team.organisation_teams["Developers"].node_id + ] + + required_pull_request_reviews { + dismiss_stale_reviews = true + require_code_owner_reviews = true + required_approving_review_count = 1 + } + + required_status_checks { + contexts = lookup(lookup(var.required_status_checks, each.key, {}), "stackhpc/2025.1", lookup(var.required_status_checks, each.key, { + "default" : [ + "tox / Tox pep8 with Python 3.12", + "tox / Tox py3 with Python 3.12", + "tox / Tox py3 with Python 3.10" + ] + }).default) + strict = false + } + + lifecycle { + prevent_destroy = false + } +} + +resource "github_branch_protection" "openstack_branch_protection_master" { + for_each = toset(var.repositories["OpenStack"]) + repository_id = data.github_repository.repositories[each.key].node_id + + pattern = "stackhpc/master" + require_conversation_resolution = true + allows_deletions = false + allows_force_pushes = false + + push_restrictions = [ + resource.github_team.organisation_teams["Developers"].node_id + ] + + required_pull_request_reviews { + dismiss_stale_reviews = true + require_code_owner_reviews = true + required_approving_review_count = 1 + } + + required_status_checks { + contexts = lookup(lookup(var.required_status_checks, each.key, {}), "stackhpc/master", lookup(var.required_status_checks, each.key, { + "default" : [ + "tox / Tox pep8 with Python 3.12", + "tox / Tox py3 with Python 3.12", + "tox / Tox py3 with Python 3.10" + ] + }).default) + strict = false + } + + lifecycle { + prevent_destroy = false + } +} + resource "github_branch_protection" "platform_branch_protection" { for_each = toset(var.repositories["Platform"]) repository_id = data.github_repository.repositories[each.key].node_id diff --git a/terraform/github/import_resources.py b/terraform/github/import_resources.py index 1d095db5..2f7f79fa 100755 --- a/terraform/github/import_resources.py +++ b/terraform/github/import_resources.py @@ -235,6 +235,14 @@ def main() -> None: branch_protection_resource = BranchProtection(team_id.name.lower( ), {f"{name}:stackhpc/2024.1": name for name in team_repositories}, parsed_args.dry_run, "_caracal") branch_protection_resource.refresh_resource() + # Epoxy branch protection + branch_protection_resource = BranchProtection(team_id.name.lower( + ), {f"{name}:stackhpc/2025.1": name for name in team_repositories}, parsed_args.dry_run, "_epoxy") + branch_protection_resource.refresh_resource() + # Master branch protection + branch_protection_resource = BranchProtection(team_id.name.lower( + ), {f"{name}:stackhpc/master": name for name in team_repositories}, parsed_args.dry_run, "_master") + branch_protection_resource.refresh_resource() elif team_id == TeamID.SMSLAB: branch_protection_resource = BranchProtection(team_id.name.lower( ), {f"{name}:smslab/[y,z,2]*": name for name in team_repositories}, parsed_args.dry_run)