Merge pull request #70 from mineiros-io/mariux/fix-multi-branch-protection

soerenmartius · web-flow · commit fc0c278fee50 · 2021-06-02T23:42:09.000+02:00
fix: handling multiple branch protections with dependencies to teams
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.9.2]
+
+### Fixed
+
+- Fix terraform typing issue when defining branch protections for multiple branches
+
 ## [0.9.1]
 
 ### Added
@@ -250,11 +256,12 @@ Please review plans and report regressions and issues asap so we can improve doc
 
 <!-- markdown-link-check-disable -->
 
-[unreleased]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.9.1...HEAD
-[0.9.1]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.9.0...v0.9.1
+[unreleased]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.9.2...HEAD
+[0.9.2]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.9.1...v0.9.2
 
 <!-- markdown-link-check-enable -->
 
+[0.9.1]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.9.0...v0.9.1
 [0.9.0]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.8.0...v0.9.0
 [0.8.0]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.7.0...v0.8.0
 [0.7.0]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.6.1...v0.7.0
diff --git a/main.tf b/main.tf
@@ -26,8 +26,7 @@ locals {
   topics                 = concat(local.standard_topics, var.extra_topics)
   template               = var.template == null ? [] : [var.template]
   issue_labels_create    = var.issue_labels_create == null ? lookup(var.defaults, "issue_labels_create", local.issue_labels_create_computed) : var.issue_labels_create
-  branch_protections_v0  = var.branch_protections == null ? [] : var.branch_protections
-  branch_protections_v3  = var.branch_protections_v3 == null ? local.branch_protections_v0 : var.branch_protections_v3
+  branch_protections_v3  = var.branch_protections_v3 == null ? var.branch_protections : var.branch_protections_v3
 
   issue_labels_create_computed = local.has_issues || length(var.issue_labels) > 0
 
@@ -39,7 +38,7 @@ locals {
 }
 
 locals {
-  branch_protections = [
+  branch_protections = try([
     for b in local.branch_protections_v3 : merge({
       branch                        = null
       enforce_admins                = null
@@ -48,7 +47,7 @@ locals {
       required_pull_request_reviews = {}
       restrictions                  = {}
     }, b)
-  ]
+  ], [])
 
   required_status_checks = [
     for b in local.branch_protections :
@@ -188,7 +187,7 @@ resource "github_branch_protection_v3" "branch_protection" {
     content {
       dismiss_stale_reviews           = required_pull_request_reviews.value.dismiss_stale_reviews
       dismissal_users                 = required_pull_request_reviews.value.dismissal_users
-      dismissal_teams                 = required_pull_request_reviews.value.dismissal_teams
+      dismissal_teams                 = [for t in required_pull_request_reviews.value.dismissal_teams : replace(lower(t), "/[^a-z0-9]/", "-")]
       require_code_owner_reviews      = required_pull_request_reviews.value.require_code_owner_reviews
       required_approving_review_count = required_pull_request_reviews.value.required_approving_review_count
     }
@@ -199,8 +198,7 @@ resource "github_branch_protection_v3" "branch_protection" {
 
     content {
       users = restrictions.value.users
-      # TODO: try to convert teams to team-slug array
-      teams = restrictions.value.teams
+      teams = [for t in restrictions.value.teams : replace(lower(t), "/[^a-z0-9]/", "-")]
       apps  = restrictions.value.apps
     }
   }
diff --git a/test/unit-complete/main.tf b/test/unit-complete/main.tf
@@ -94,17 +94,20 @@ module "repository" {
       required_pull_request_reviews = {
         dismiss_stale_reviews           = true
         dismissal_users                 = [var.team_user]
-        dismissal_teams                 = [github_team.team.slug]
+        dismissal_teams                 = [github_team.team.name]
         require_code_owner_reviews      = true
         required_approving_review_count = 1
       }
 
       restrictions = {
         users = [var.team_user]
-        teams = [
-          github_team.team.slug
-        ]
+        teams = [github_team.team.name]
       }
+    },
+    {
+      branch                 = github_branch.development.branch
+      enforce_admins         = true
+      require_signed_commits = true
     }
   ]
 
@@ -122,6 +125,11 @@ module "repository" {
   projects = var.projects
 }
 
+resource "github_branch" "development" {
+  repository = module.repository.repository.name
+  branch     = "development"
+}
+
 # ---------------------------------------------------------------------------------------------------------------------
 # TEST B
 # We are creating a repository using some defaults defined in
