test(integration): add IaC to manage integration testing repository

This commit adds OpenTofu infrastructure as code to manage the GitHub
repo `revanit-io/example-osps-baseline-level-1`. Because this repository
can be used for integration testing changes in the project, any changes
to the repository should be visible and fail a CI run.

Signed-off-by: Travis Truman <[email protected]>

Author: trumant

.github/workflows/integration-test.yml

@@ -0,0 +1,44 @@
+name: Integration Test
+
+on:
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - 'iac/**'
+      - '.github/workflows/integration-test.yml'
+
+permissions:
+  contents: read
+
+jobs:
+  tofu-plan:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: iac
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Set up Tofu
+        uses: opentofu/setup-opentofu@v1
+
+      - name: Initialize Tofu
+        run: tofu init
+
+      - name: Run Tofu Plan
+        id: plan
+        run: |
+          tofu plan -detailed-exitcode -no-color > plan.txt
+        continue-on-error: true
+
+      - name: Check for changes
+        run: |
+          if [ "${{ steps.plan.outcome }}" != "success" ]; then
+            echo "Tofu plan detected changes or failed."
+            cat plan.txt
+            exit 1
+          fi
+        shell: bash

.gitignore

@@ -10,4 +10,6 @@ config.yml
 output
 
 # go test coverage output
-coverage.out
+coverage.out
+
+.terraform/

iac/.terraform.lock.hcl

@@ -0,0 +1,8 @@
+# Example README for OpenTofu-managed repository
+
+This repository is managed by OpenTofu (Terraform alternative) via Infrastructure as Code.
+
+- Repository: revanite-io/example-osps-baseline-level-1
+- Managed resources: repository settings, topics, README file
+
+Feel free to update this file as needed.

iac/README.md

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    github = {
+      source  = "integrations/github"
+      version = ">= 5.0.0"
+    }
+  }
+}
+
+provider "github" {
+  owner = "revanite-io"
+}

iac/main.tf

@@ -0,0 +1,36 @@
+# OpenTofu configuration for managing the revanite-io/example-osps-baseline-level-1 repository
+
+resource "github_repository" "example_osps_baseline_level_1" {
+  name        = "example-osps-baseline-level-1"
+  description = "Example repository for integration testing of pvtr-github-repo"
+  visibility  = "public"
+  has_issues  = true
+  has_wiki    = true
+  has_projects = true
+  has_downloads = true
+  vulnerability_alerts = true
+}
+
+resource "github_repository_ruleset" "default_branch_protection" {
+  name        = "default"
+  repository  = github_repository.example_osps_baseline_level_1.name
+  target      = "branch"
+  enforcement = "active"
+
+  conditions {
+    ref_name {
+      include = ["~DEFAULT_BRANCH"]
+      exclude = []
+    }
+  }
+
+  rules {
+    creation                = false
+    update                  = true
+    deletion                = true
+    non_fast_forward        = true
+    pull_request {
+        required_approving_review_count = 1
+    }
+  }
+}

iac/repo.tf

@@ -0,0 +1 @@
+{"version":4,"terraform_version":"1.10.6","serial":2,"lineage":"7bc637ea-e7ff-1f51-242c-395719e69890","outputs":{},"resources":[{"mode":"managed","type":"github_repository","name":"example_osps_baseline_level_1","provider":"provider[\"registry.opentofu.org/integrations/github\"]","instances":[{"schema_version":1,"attributes":{"allow_auto_merge":false,"allow_merge_commit":true,"allow_rebase_merge":true,"allow_squash_merge":true,"allow_update_branch":false,"archive_on_destroy":null,"archived":false,"auto_init":false,"default_branch":"main","delete_branch_on_merge":false,"description":"Example repository for integration testing of pvtr-github-repo","etag":"W/\"a18fbc4b4371fb3fd92f89c85eff300333be99f12c796276ec71f4a170512568\"","full_name":"revanite-io/example-osps-baseline-level-1","git_clone_url":"git://github.com/revanite-io/example-osps-baseline-level-1.git","gitignore_template":null,"has_discussions":false,"has_downloads":true,"has_issues":true,"has_projects":true,"has_wiki":true,"homepage_url":"","html_url":"https://github.com/revanite-io/example-osps-baseline-level-1","http_clone_url":"https://github.com/revanite-io/example-osps-baseline-level-1.git","id":"example-osps-baseline-level-1","ignore_vulnerability_alerts_during_read":null,"is_template":false,"license_template":null,"merge_commit_message":"PR_TITLE","merge_commit_title":"MERGE_MESSAGE","name":"example-osps-baseline-level-1","node_id":"R_kgDOP0IKkg","pages":[],"primary_language":"Python","private":false,"repo_id":1061292690,"security_and_analysis":[{"advanced_security":[],"secret_scanning":[{"status":"disabled"}],"secret_scanning_push_protection":[{"status":"disabled"}]}],"squash_merge_commit_message":"COMMIT_MESSAGES","squash_merge_commit_title":"COMMIT_OR_PR_TITLE","ssh_clone_url":"[email protected]:revanite-io/example-osps-baseline-level-1.git","svn_url":"https://github.com/revanite-io/example-osps-baseline-level-1","template":[],"topics":[],"visibility":"public","vulnerability_alerts":true,"web_commit_signoff_required":false},"sensitive_attributes":[],"private":"eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ=="}]},{"mode":"managed","type":"github_repository_ruleset","name":"default_branch_protection","provider":"provider[\"registry.opentofu.org/integrations/github\"]","instances":[{"schema_version":1,"attributes":{"bypass_actors":[],"conditions":[{"ref_name":[{"exclude":[],"include":["~DEFAULT_BRANCH"]}]}],"enforcement":"active","etag":"W/\"4354911cc42f114f622f032d1fedae8c238317d7459bfaca137e33e449db18ab\"","id":"8281062","name":"default","node_id":"RRS_lACqUmVwb3NpdG9yec4_QgqSzgB-W-Y","repository":"example-osps-baseline-level-1","rules":[{"branch_name_pattern":[],"commit_author_email_pattern":[],"commit_message_pattern":[],"committer_email_pattern":[],"creation":false,"deletion":true,"merge_queue":[],"non_fast_forward":true,"pull_request":[{"dismiss_stale_reviews_on_push":false,"require_code_owner_review":false,"require_last_push_approval":false,"required_approving_review_count":1,"required_review_thread_resolution":false}],"required_code_scanning":[],"required_deployments":[],"required_linear_history":false,"required_signatures":false,"required_status_checks":[],"tag_name_pattern":[],"update":true,"update_allows_fetch_and_merge":false}],"ruleset_id":8281062,"target":"branch"},"sensitive_attributes":[],"private":"eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ=="}]}],"check_results":null}