add github_branch_protection for next-* (#31)

Effect-TS · Jan 22, 2024 · 19bb1af · 19bb1af
1 parent 889f411
commit 19bb1af
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 25 deletions.
diff --git a/terraform/github/repository.tf b/terraform/github/repository.tf
@@ -1,15 +1,16 @@
 module "github_repository" {
-  source             = "../modules/github_repository"
-  for_each           = var.repositories
-  name               = each.key
-  description        = each.value.description
-  topics             = each.value.topics
-  homepage_url       = each.value.homepage_url
-  visibility         = each.value.visibility
-  collaborators      = each.value.collaborators
-  pages              = each.value.pages
-  has_discussions    = each.value.has_discussions
-  is_archived        = each.value.is_archived
-  allow_squash_merge = each.value.allow_squash_merge
-  allow_rebase_merge = each.value.allow_rebase_merge
+  source               = "../modules/github_repository"
+  for_each             = var.repositories
+  name                 = each.key
+  description          = each.value.description
+  topics               = each.value.topics
+  homepage_url         = each.value.homepage_url
+  visibility           = each.value.visibility
+  collaborators        = each.value.collaborators
+  pages                = each.value.pages
+  has_discussions      = each.value.has_discussions
+  is_archived          = each.value.is_archived
+  allow_squash_merge   = each.value.allow_squash_merge
+  allow_rebase_merge   = each.value.allow_rebase_merge
+  has_release_branches = each.value.has_release_branches
 }
diff --git a/terraform/github/terraform.tfvars b/terraform/github/terraform.tfvars
@@ -68,9 +68,10 @@ repositories = {
       { username = "remiguittaut", permission = "push" },
       { username = "rzeigler", permission = "push" },
     ]
-    pages        = { build_type = "workflow" }
-    homepage_url = "https://www.effect.website"
-    topics       = ["effect-system", "fp", "framework", "stack-safe", "typescript", "zio"]
+    pages                = { build_type = "workflow" }
+    homepage_url         = "https://www.effect.website"
+    topics               = ["effect-system", "fp", "framework", "stack-safe", "typescript", "zio"]
+    has_release_branches = true
   }
   eslint-plugin = {
     description = "A set of ESlint and TypeScript rules to work with Effect"

diff --git a/terraform/github/variables.tf b/terraform/github/variables.tf
@@ -11,15 +11,16 @@ variable "default_branch" {
 variable "repositories" {
   description = "The Effect-TS organization repositories whose configuration should be managed"
   type = map(object({
-    description        = optional(string, "")
-    topics             = optional(set(string), [])
-    homepage_url       = optional(string, "")
-    visibility         = optional(string, "public")
-    is_archived        = optional(bool, false)
-    has_discussions    = optional(bool, false)
-    enable_changesets  = optional(bool, true)
-    allow_squash_merge = optional(bool, true)
-    allow_rebase_merge = optional(bool, false)
+    description          = optional(string, "")
+    topics               = optional(set(string), [])
+    homepage_url         = optional(string, "")
+    visibility           = optional(string, "public")
+    is_archived          = optional(bool, false)
+    has_discussions      = optional(bool, false)
+    enable_changesets    = optional(bool, true)
+    allow_squash_merge   = optional(bool, true)
+    allow_rebase_merge   = optional(bool, false)
+    has_release_branches = optional(bool, false)
     collaborators = optional(list(object({
       username   = string,
       permission = string

diff --git a/terraform/modules/github_repository/branch.tf b/terraform/modules/github_repository/branch.tf
@@ -27,3 +27,27 @@ resource "github_branch_protection" "main" {
     required_approving_review_count = 0
   }
 }
+
+
+resource "github_branch_protection" "next-release" {
+  # Branch protection can only be enabled on private repositories if using a
+  # paid GitHub plan
+  count = var.visibility == "public" && var.has_release_branches ? 1 : 0
+
+  repository_id           = github_repository.repository.node_id
+  pattern                 = "next-*"
+  enforce_admins          = true
+  required_linear_history = false
+  allows_deletions        = false
+  allows_force_pushes     = true
+  blocks_creations        = false
+
+  required_status_checks {
+    strict   = true
+    contexts = null
+  }
+
+  required_pull_request_reviews {
+    required_approving_review_count = 0
+  }
+}
diff --git a/terraform/modules/github_repository/variables.tf b/terraform/modules/github_repository/variables.tf
@@ -132,3 +132,9 @@ variable "delete_branch_on_merge" {
   description = "Automatically delete head branch after a pull request is merged. Defaults to 'true'."
   default     = true
 }
+
+variable "has_release_branches" {
+  type        = bool
+  description = "Has next-* branches for releases"
+  default     = false
+}