Merge branch 'main' into trigger-plan

Author: cunla

.github/workflows/plan.yml

@@ -13,10 +13,7 @@ jobs:
 
     permissions:
       pull-requests: write
-      # These are necessary due to GitHub's API as per:
-      # https://github.com/integrations/terraform-provider-github/issues/679#issuecomment-2068196839
       contents: write
-      administration: read
 
     steps:
       - name: Checkout code

terraform/production/org.tfvars

@@ -18,6 +18,7 @@ members = [
   "priyapahwa",
   "testSchilling",
   "maerteijn",
+  "g-nie",
 ]
 
 organization_teams = {
@@ -40,10 +41,6 @@ organization_teams = {
       "matthiask"
     ]
     permission = "push"
-
-    repositories = [
-      "django-commons-playground",
-    ]
   }
 }
 

terraform/resources-org.tf

@@ -32,19 +32,16 @@ resource "github_team_members" "org_team_members" {
     for_each = each.value.members
 
     content {
-      # members here references the dynamic name, not the looped entity.
       username = members.value
       role     = "member"
     }
   }
 
-  # Maintainer here means the maintainer role for the team.
-  # It's not a maintainer of the repo.
+  # Maintainer here means the maintainer role for the team. It's not a maintainer of the repo.
   dynamic "members" {
     for_each = each.value.maintainers
 
     content {
-      # members here references the dynamic name, not the looped entity.
       username = members.value
       role     = "maintainer"
     }

terraform/resources-repos.tf

@@ -2,34 +2,30 @@
 # https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository
 
 resource "github_repository" "this" {
-
-  # Ensure GitHub repository is Private
-  # checkov:skip=CKV_GIT_1: Public is ok for us since we are an open source project
-
   for_each = var.repositories
 
-  allow_auto_merge       = each.value.allow_auto_merge
-  allow_merge_commit     = each.value.allow_merge_commit
-  merge_commit_title = "MERGE_MESSAGE"
-  merge_commit_message = "PR_BODY"
-  allow_rebase_merge     = each.value.allow_rebase_merge
-  allow_squash_merge     = each.value.allow_squash_merge
-  squash_merge_commit_title = "COMMIT_OR_PR_TITLE"
-  squash_merge_commit_message = "COMMIT_MESSAGES"
-  allow_update_branch    = each.value.allow_update_branch
-  archive_on_destroy     = true
-  delete_branch_on_merge = each.value.delete_branch_on_merge
-  description            = each.value.description
-  has_downloads          = each.value.has_downloads
-  has_discussions        = each.value.has_discussions
-  has_issues             = true
-  has_projects           = true
-  has_wiki               = each.value.has_wiki
-  is_template            = each.value.is_template
-  name                   = each.key
-  topics                 = each.value.topics
-  visibility             = each.value.visibility
-  vulnerability_alerts   = true
+  allow_auto_merge            = each.value.allow_auto_merge
+  allow_merge_commit          = each.value.allow_merge_commit
+  merge_commit_title          = each.value.merge_commit_title
+  merge_commit_message        = each.value.merge_commit_message
+  allow_rebase_merge          = each.value.allow_rebase_merge
+  allow_squash_merge          = each.value.allow_squash_merge
+  squash_merge_commit_title   = each.value.squash_merge_commit_title
+  squash_merge_commit_message = each.value.squash_merge_commit_message
+  allow_update_branch         = each.value.allow_update_branch
+  archive_on_destroy          = true
+  delete_branch_on_merge      = each.value.delete_branch_on_merge
+  description                 = each.value.description
+  has_downloads               = each.value.has_downloads
+  has_discussions             = each.value.has_discussions
+  has_issues                  = true
+  has_projects                = true
+  has_wiki                    = each.value.has_wiki
+  is_template                 = each.value.is_template
+  name                        = each.key
+  topics                      = each.value.topics
+  visibility                  = each.value.visibility
+  vulnerability_alerts        = true
 
   dynamic "template" {
     for_each = each.value.template != null ? [each.value.template] : []
@@ -62,7 +58,7 @@ resource "github_repository" "this" {
 #   required_pull_request_reviews {
 #     dismiss_stale_reviews           = true
 #     require_code_owner_reviews      = true
-#     required_approving_review_count = 1
+#     required_approving_review_count = github_repository.this[each.key].required_approving_review_count
 #   }
 #
 #   required_status_checks {