From 7cc8f9d308f4f50d5a5d7455e8eec529d4308488 Mon Sep 17 00:00:00 2001
From: Daniel M <daniel.maruani@gmail.com>
Date: Mon, 2 Sep 2024 17:16:19 -0600
Subject: [PATCH 1/8] fix: Natim username
---
terraform/production/repositories.tfvars | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/terraform/production/repositories.tfvars b/terraform/production/repositories.tfvars
index 6c1d289..74ea041 100644
--- a/terraform/production/repositories.tfvars
+++ b/terraform/production/repositories.tfvars
@@ -72,7 +72,7 @@ repositories = {
admins = [
"pfouque",
- "natim",
+ "Natim",
]
committers = []
members = []
From 6c94bac24f652c926a17238ebd12d6cc582ac305 Mon Sep 17 00:00:00 2001
From: Daniel M <daniel.maruani@gmail.com>
Date: Mon, 2 Sep 2024 17:27:10 -0600
Subject: [PATCH 2/8] feat: create envs using terraform
---
terraform/resources-environments.tf | 34 +++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
create mode 100644 terraform/resources-environments.tf
diff --git a/terraform/resources-environments.tf b/terraform/resources-environments.tf
new file mode 100644
index 0000000..9f7fdd1
--- /dev/null
+++ b/terraform/resources-environments.tf
@@ -0,0 +1,34 @@
+import {
+ for_each = {for k, v in var.repositories : k => v if v.is_django_commons_repo == false}
+
+ id = "${each.key}:pypi"
+ to = github_repository_environment.pypi[each.key]
+}
+
+resource "github_repository_environment" "pypi" {
+ for_each = {for k, v in var.repositories : k => v if v.is_django_commons_repo == false}
+
+ environment = "pypi"
+ repository = each.key
+ prevent_self_review = true
+ reviewers {
+ teams = [github_team.repo_admin_team[each.key].id]
+ }
+ deployment_branch_policy {
+ protected_branches = false
+ custom_branch_policies = false
+ }
+}
+
+resource "github_repository_environment" "testpypi" {
+ for_each = {for k, v in var.repositories : k => v if v.is_django_commons_repo == false}
+
+ environment = "testpypi"
+ repository = each.key
+ prevent_self_review = true
+
+ deployment_branch_policy {
+ protected_branches = false
+ custom_branch_policies = false
+ }
+}
\ No newline at end of file
From d121891009cb28efeaca900c10eb049583cdfc0a Mon Sep 17 00:00:00 2001
From: Daniel M <daniel.maruani@gmail.com>
Date: Mon, 2 Sep 2024 17:27:53 -0600
Subject: [PATCH 3/8] feat: create envs using terraform
---
terraform/resources-environments.tf | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/terraform/resources-environments.tf b/terraform/resources-environments.tf
index 9f7fdd1..4d3abf5 100644
--- a/terraform/resources-environments.tf
+++ b/terraform/resources-environments.tf
@@ -20,6 +20,13 @@ resource "github_repository_environment" "pypi" {
}
}
+import {
+ for_each = {for k, v in var.repositories : k => v if v.is_django_commons_repo == false}
+
+ id = "${each.key}:testpypi"
+ to = github_repository_environment.testpypi[each.key]
+}
+
resource "github_repository_environment" "testpypi" {
for_each = {for k, v in var.repositories : k => v if v.is_django_commons_repo == false}
From 57b93e988c4c0a1d327b9bc7d15d03146583cfcf Mon Sep 17 00:00:00 2001
From: cunla <cunla@users.noreply.github.com>
Date: Mon, 2 Sep 2024 23:28:25 +0000
Subject: [PATCH 4/8] [AUTO]Format code
Files changed:
M terraform/resources-environments.tf
---
terraform/resources-environments.tf | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/terraform/resources-environments.tf b/terraform/resources-environments.tf
index 4d3abf5..2e4cd77 100644
--- a/terraform/resources-environments.tf
+++ b/terraform/resources-environments.tf
@@ -1,12 +1,12 @@
import {
- for_each = {for k, v in var.repositories : k => v if v.is_django_commons_repo == false}
+ for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false }
id = "${each.key}:pypi"
to = github_repository_environment.pypi[each.key]
}
resource "github_repository_environment" "pypi" {
- for_each = {for k, v in var.repositories : k => v if v.is_django_commons_repo == false}
+ for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false }
environment = "pypi"
repository = each.key
@@ -21,14 +21,14 @@ resource "github_repository_environment" "pypi" {
}
import {
- for_each = {for k, v in var.repositories : k => v if v.is_django_commons_repo == false}
+ for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false }
id = "${each.key}:testpypi"
to = github_repository_environment.testpypi[each.key]
}
resource "github_repository_environment" "testpypi" {
- for_each = {for k, v in var.repositories : k => v if v.is_django_commons_repo == false}
+ for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false }
environment = "testpypi"
repository = each.key
From 152fcd4d660b6837cffc1e3ba52ccb79baf53882 Mon Sep 17 00:00:00 2001
From: Daniel M <daniel.maruani@gmail.com>
Date: Mon, 2 Sep 2024 17:36:20 -0600
Subject: [PATCH 5/8] feat: create envs using terraform
---
terraform/resources-environments.tf | 31 ++--------
terraform/tfstate.json | 96 ++++++++++++++++++++++++++++-
2 files changed, 99 insertions(+), 28 deletions(-)
diff --git a/terraform/resources-environments.tf b/terraform/resources-environments.tf
index 2e4cd77..fd21fc5 100644
--- a/terraform/resources-environments.tf
+++ b/terraform/resources-environments.tf
@@ -1,41 +1,18 @@
-import {
- for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false }
-
- id = "${each.key}:pypi"
- to = github_repository_environment.pypi[each.key]
-}
-
resource "github_repository_environment" "pypi" {
- for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false }
+ for_each = {for k, v in var.repositories : k => v if v.is_django_commons_repo == false}
environment = "pypi"
repository = each.key
- prevent_self_review = true
+ prevent_self_review = false
reviewers {
teams = [github_team.repo_admin_team[each.key].id]
}
- deployment_branch_policy {
- protected_branches = false
- custom_branch_policies = false
- }
-}
-
-import {
- for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false }
-
- id = "${each.key}:testpypi"
- to = github_repository_environment.testpypi[each.key]
}
resource "github_repository_environment" "testpypi" {
- for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false }
+ for_each = {for k, v in var.repositories : k => v if v.is_django_commons_repo == false}
environment = "testpypi"
repository = each.key
- prevent_self_review = true
-
- deployment_branch_policy {
- protected_branches = false
- custom_branch_policies = false
- }
+ prevent_self_review = false
}
\ No newline at end of file
diff --git a/terraform/tfstate.json b/terraform/tfstate.json
index 1b392f9..68a23fd 100644
--- a/terraform/tfstate.json
+++ b/terraform/tfstate.json
@@ -1,7 +1,7 @@
{
"version": 4,
"terraform_version": "1.9.5",
- "serial": 188,
+ "serial": 192,
"lineage": "425397de-8394-a003-8a6c-bce854d9cc53",
"outputs": {},
"resources": [
@@ -688,6 +688,100 @@
}
]
},
+ {
+ "mode": "managed",
+ "type": "github_repository_environment",
+ "name": "pypi",
+ "provider": "provider[\"registry.terraform.io/integrations/github\"]",
+ "instances": [
+ {
+ "index_key": "django-commons-playground",
+ "schema_version": 0,
+ "attributes": {
+ "can_admins_bypass": true,
+ "deployment_branch_policy": [],
+ "environment": "pypi",
+ "id": "django-commons-playground:pypi",
+ "prevent_self_review": false,
+ "repository": "django-commons-playground",
+ "reviewers": [
+ {
+ "teams": [
+ 9757650
+ ],
+ "users": []
+ }
+ ],
+ "wait_timer": 0
+ },
+ "sensitive_attributes": [],
+ "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
+ },
+ {
+ "index_key": "django-fsm-2",
+ "schema_version": 0,
+ "attributes": {
+ "can_admins_bypass": true,
+ "deployment_branch_policy": [],
+ "environment": "pypi",
+ "id": "django-fsm-2:pypi",
+ "prevent_self_review": false,
+ "repository": "django-fsm-2",
+ "reviewers": [
+ {
+ "teams": [
+ 10870432
+ ],
+ "users": []
+ }
+ ],
+ "wait_timer": 0
+ },
+ "sensitive_attributes": [],
+ "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
+ }
+ ]
+ },
+ {
+ "mode": "managed",
+ "type": "github_repository_environment",
+ "name": "testpypi",
+ "provider": "provider[\"registry.terraform.io/integrations/github\"]",
+ "instances": [
+ {
+ "index_key": "django-commons-playground",
+ "schema_version": 0,
+ "attributes": {
+ "can_admins_bypass": true,
+ "deployment_branch_policy": [],
+ "environment": "testpypi",
+ "id": "django-commons-playground:testpypi",
+ "prevent_self_review": null,
+ "repository": "django-commons-playground",
+ "reviewers": [],
+ "wait_timer": 0
+ },
+ "sensitive_attributes": [],
+ "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
+ },
+ {
+ "index_key": "django-fsm-2",
+ "schema_version": 0,
+ "attributes": {
+ "can_admins_bypass": true,
+ "deployment_branch_policy": [],
+ "environment": "testpypi",
+ "id": "django-fsm-2:testpypi",
+ "prevent_self_review": null,
+ "repository": "django-fsm-2",
+ "reviewers": [],
+ "wait_timer": 0
+ },
+ "sensitive_attributes": [],
+ "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
+ }
+ ]
+ },
{
"mode": "managed",
"type": "github_team",
From c47a5094a8110c7a37fa0ca2894baa4e8e9588ab Mon Sep 17 00:00:00 2001
From: Daniel M <daniel.maruani@gmail.com>
Date: Mon, 2 Sep 2024 17:39:36 -0600
Subject: [PATCH 6/8] feat: create envs using terraform
---
terraform/production/repositories.tfvars | 1 +
1 file changed, 1 insertion(+)
diff --git a/terraform/production/repositories.tfvars b/terraform/production/repositories.tfvars
index 74ea041..dd4a858 100644
--- a/terraform/production/repositories.tfvars
+++ b/terraform/production/repositories.tfvars
@@ -56,6 +56,7 @@ repositories = {
description = "Schedule async tasks using redis pub/sub."
homepage_url = "https://django-tasks-scheduler.readthedocs.io/"
allow_merge_commit = true
+
admins = [
"cunla",
]
From 3bcdd374d61396c8060f9dcf186d152475667925 Mon Sep 17 00:00:00 2001
From: cunla <cunla@users.noreply.github.com>
Date: Mon, 2 Sep 2024 23:40:08 +0000
Subject: [PATCH 7/8] [AUTO]Format code
Files changed:
M terraform/resources-environments.tf
---
terraform/resources-environments.tf | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/terraform/resources-environments.tf b/terraform/resources-environments.tf
index fd21fc5..e6824c6 100644
--- a/terraform/resources-environments.tf
+++ b/terraform/resources-environments.tf
@@ -1,5 +1,5 @@
resource "github_repository_environment" "pypi" {
- for_each = {for k, v in var.repositories : k => v if v.is_django_commons_repo == false}
+ for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false }
environment = "pypi"
repository = each.key
@@ -10,7 +10,7 @@ resource "github_repository_environment" "pypi" {
}
resource "github_repository_environment" "testpypi" {
- for_each = {for k, v in var.repositories : k => v if v.is_django_commons_repo == false}
+ for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false }
environment = "testpypi"
repository = each.key
From 6ba6d577173c2f454ecd268269aeddf8a23e9e54 Mon Sep 17 00:00:00 2001
From: Tim Schilling <schillingt@better-simple.com>
Date: Mon, 2 Sep 2024 19:03:57 -0500
Subject: [PATCH 8/8] Update the GitHub repo environment step
This includes a step to walk through the release process with the maintainer as a way of onboarding them.
---
README.md | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/README.md b/README.md
index cef3d80..31699df 100644
--- a/README.md
+++ b/README.md
@@ -101,14 +101,10 @@ Django Commons packages.
with repo owner to transfer repo
7. Wait for repository transferred in
8. [Make Terraform changes to add new project](#terraform-changes-to-add-a-new-project)
-9. [Configure environments](https://docs.github.com/en/actions/administering-github-actions/managing-environments-for-deployment#creating-an-environment)
- pypi and testpypi in the repository to
- enable [publishing packages via GitHub Actions](https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#)
-10. For pypi environment, add Deployment protection rule with reviewers as [repo]-admins and enable "Allow
- administrators to bypass configured protection rules"
-11. Under Actions > General > "Fork pull request workflows from outside collaborators", set "Require approval for
+9. Under Actions > General > "Fork pull request workflows from outside collaborators", set "Require approval for
first-time contributors"
-12. Set a calendar event or reminder for 30 days in the future to remove previous repository owner from team
+10. Have the maintainer push a new tag and walk them through the release process
+11. Set a calendar event or reminder for 30 days in the future to remove previous repository owner from team
### Terraform changes to add a new project
@@ -190,4 +186,4 @@ The expected changes:
The expected changes:
- The repository will be removed from the organization.
-- The repository's teams will be removed from the organization.
\ No newline at end of file
+- The repository's teams will be removed from the organization.