Merge pull request #120 from mineiros-io/soerenmartius/add-support-for-github-app-installations

Add support for the github_app_installation_repository resource

Author: soerenmartius

.github/workflows/main.yml

@@ -21,7 +21,7 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Run pre-commit
-        run: make test/pre-commit
+        run: make test/docker/pre-commit
 
   unit-tests:
     needs: pre-commit
@@ -45,7 +45,7 @@ jobs:
 
       - name: Run Unit Tests
         if: steps.changes.outputs.terraform == 'true'
-        run: make test/unit-tests
+        run: make test/docker/unit-tests
         env:
           GITHUB_OWNER: ${{ secrets.TEST_GITHUB_ORGANIZATION }}
           GITHUB_TOKEN: ${{ secrets.TEST_GITHUB_TOKEN }}

.pre-commit-config.yaml

@@ -1,13 +1,17 @@
 repos:
   - repo: https://github.com/mineiros-io/pre-commit-hooks
-    rev: v0.3.1
+    rev: v0.4.1
     hooks:
       - id: terraform-fmt
       - id: terraform-validate
         exclude: ^examples|.terraform/
       - id: tflint
-      - id: golangci-lint
       - id: phony-targets
+      - id: terradoc-validate
+      - id: golangci-lint
+      - id: terradoc-fmt
+      - id: terradoc-generate
+      # - id: terramate-generate
       - id: markdown-link-check
         args: ['-p']   # When adding the -p flag, markdown-link-check will always with an exit code 0, even if dead links are found
         verbose: true  # Forces the output of the hook to be printed even when the hook passes.

CHANGELOG.md

@@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.16.1]
+
+### Added
+
+- Add support for `github_app_installation_repository`
 
 ## [0.16.0]
 
@@ -369,7 +374,8 @@ Please review plans and report regressions and issues asap so we can improve doc
 - This is the initial release of our GitHub Repository module with support for
   creating and managing GitHub Repositories for Organizations.
 
-[unreleased]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.16.0...HEAD
+[unreleased]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.16.1...HEAD
+[0.16.1]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.16.0...v0.16.1
 [0.16.0]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.15.0...v0.16.0
 [0.15.0]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.14.0...v0.15.0
 [0.14.0]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.13.0...v0.14.0

Makefile

@@ -1,7 +1,7 @@
 # Set default shell to bash
 SHELL := /bin/bash -o pipefail
 
-BUILD_TOOLS_VERSION      ?= v0.12.0
+BUILD_TOOLS_VERSION      ?= v0.15.2
 BUILD_TOOLS_DOCKER_REPO  ?= mineiros/build-tools
 BUILD_TOOLS_DOCKER_IMAGE ?= ${BUILD_TOOLS_DOCKER_REPO}:${BUILD_TOOLS_VERSION}
 
@@ -32,29 +32,45 @@ endif
 
 GIT_TOPLEVEl = $(shell git rev-parse --show-toplevel)
 
-# generic docker run flags
+# Generic docker run flags
 DOCKER_RUN_FLAGS += -v ${GIT_TOPLEVEl}:/build
 DOCKER_RUN_FLAGS += --rm
 DOCKER_RUN_FLAGS += -e TF_IN_AUTOMATION
-
-# if SSH_AUTH_SOCK is defined we are likely referencing private repositories
-# for depending terrfaorm modules or other depdendencies
-# so we pass credentials to the docker container when running tests or pre-commit hooks
+# If TF_VERSION is defined, TFSwitch will switch to the desired version on
+# container startup. If TF_VERSION is omitted, the default version installed
+# inside the docker image will be used.
+DOCKER_RUN_FLAGS += -e TF_VERSION
+
+# If SSH_AUTH_SOCK is set, we forward the SSH agent of the host system into
+# the docker container. This is useful when working with private repositories
+# and dependencies that might need to be cloned inside the container (e.g.
+# private Terraform modules).
 ifdef SSH_AUTH_SOCK
   DOCKER_SSH_FLAGS += -e SSH_AUTH_SOCK=/ssh-agent
   DOCKER_SSH_FLAGS += -v ${SSH_AUTH_SOCK}:/ssh-agent
 endif
 
-# if AWS_ACCESS_KEY_ID is defined we are likely running inside an AWS provider module
-# so we pass credentials to the docker container when running tests
+# If AWS_ACCESS_KEY_ID is defined, we are likely running inside an AWS provider
+# module. To enable AWS authentication inside the docker container, we inject
+# the relevant environment variables.
 ifdef AWS_ACCESS_KEY_ID
   DOCKER_AWS_FLAGS += -e AWS_ACCESS_KEY_ID
   DOCKER_AWS_FLAGS += -e AWS_SECRET_ACCESS_KEY
   DOCKER_AWS_FLAGS += -e AWS_SESSION_TOKEN
 endif
 
-# if GITHUB_OWNER is defined we are running inside a github provider module
-# so we pass credentials to the docker container when running tests
+# If GOOGLE_CREDENTIALS is defined, we are likely running inside a GCP provider
+# module. To enable GCP authentication inside the docker container, we inject
+# the relevant environment variables (service-account key file).
+ifdef GOOGLE_CREDENTIALS
+	DOCKER_GCP_FLAGS += -e GOOGLE_CREDENTIALS
+	DOCKER_GCP_FLAGS += -e TEST_GCP_PROJECT
+	DOCKER_GCP_FLAGS += -e TEST_GCP_ORG_DOMAIN
+endif
+
+# If GITHUB_OWNER is defined, we are likely running inside a GitHub provider
+# module. To enable GitHub authentication inside the docker container,
+# we inject the relevant environment variables.
 ifdef GITHUB_OWNER
   DOCKER_GITHUB_FLAGS += -e GITHUB_TOKEN
   DOCKER_GITHUB_FLAGS += -e GITHUB_OWNER
@@ -70,28 +86,58 @@ template/adjust:
 	@find . $(FILTER) -exec sed -i -e "s,terraform-module-template,$${PWD##*/},g" {} \;
 
 ## Run pre-commit hooks inside a build-tools docker container.
+.PHONY: test/docker/pre-commit
+test/docker/pre-commit: DOCKER_FLAGS += ${DOCKER_SSH_FLAGS}
+test/docker/pre-commit: DOCKER_FLAGS += -e NOCOLOR=1
+test/docker/pre-commit:
+	$(call docker-run,make test/pre-commit)
+
+## Run all Go tests inside a build-tools docker container. This is complementary to running 'go test ./test/...'.
+.PHONY: test/docker/unit-tests
+test/docker/unit-tests: DOCKER_FLAGS += ${DOCKER_SSH_FLAGS}
+test/docker/unit-tests: DOCKER_FLAGS += ${DOCKER_GITHUB_FLAGS}
+test/docker/unit-tests: DOCKER_FLAGS += ${DOCKER_AWS_FLAGS}
+test/docker/unit-tests: DOCKER_FLAGS += ${DOCKER_GCP_FLAGS}
+test/docker/unit-tests: DOCKER_FLAGS += $(shell env | grep ^TF_VAR_ | cut -d = -f 1 | xargs -i printf ' -e {}')
+test/docker/unit-tests: DOCKER_FLAGS += -e TF_DATA_DIR=.terratest
+test/docker/unit-tests: DOCKER_FLAGS += -e NOCOLOR=1
+test/docker/unit-tests: TEST ?= "TestUnit"
+test/docker/unit-tests:
+	@echo "${YELLOW}[TEST] ${GREEN}Start Running Go Tests in Docker Container.${RESET}"
+	$(call docker-run,make test/unit-tests)
+
+## Run pre-commit hooks.
 .PHONY: test/pre-commit
 test/pre-commit: DOCKER_FLAGS += ${DOCKER_SSH_FLAGS}
 test/pre-commit:
-	$(call docker-run,pre-commit run -a)
+	$(call quiet-command,pre-commit run -a)
 
-## Run all Go tests inside a build-tools docker container. This is complementary to running 'go test ./test/...'.
-.PHONY: test/unit-tests
-test/unit-tests: DOCKER_FLAGS += ${DOCKER_SSH_FLAGS}
-test/unit-tests: DOCKER_FLAGS += ${DOCKER_GITHUB_FLAGS}
-test/unit-tests: DOCKER_FLAGS += ${DOCKER_AWS_FLAGS}
+## Run all unit tests.
+.PHONY: test/docker/unit-tests
 test/unit-tests: TEST ?= "TestUnit"
 test/unit-tests:
-	@echo "${YELLOW}[TEST] ${GREEN}Start Running Go Tests in Docker Container.${RESET}"
-	$(call go-test,./test -run $(TEST))
+	@echo "${YELLOW}[TEST] ${GREEN}Start Running unit tests.${RESET}"
+	$(call quiet-command,cd test ; go test -v -count 1 -timeout 45m -parallel 128 -run $(TEST))
+
+## Generate README.md with Terradoc
+.PHONY: terradoc
+terradoc:
+	$(call quiet-command,terradoc generate -o README.md README.tfdoc.hcl)
+
+## Generate shared configuration for tests
+.PHONY: terramate
+terramate:
+	$(call quiet-command,terramate generate)
 
 ## Clean up cache and temporary files
 .PHONY: clean
 clean:
 	$(call rm-command,.terraform)
+	$(call rm-command,.terratest)
 	$(call rm-command,.terraform.lock.hcl)
 	$(call rm-command,*.tfplan)
 	$(call rm-command,*/*/.terraform)
+	$(call rm-command,*/*/.terratest)
 	$(call rm-command,*/*/*.tfplan)
 	$(call rm-command,*/*/.terraform.lock.hcl)
 
@@ -108,16 +154,10 @@ help:
 	} \
 	{ lastLine = $$0 }' $(MAKEFILE_LIST)
 
-## Generate README.md with Terradoc
-.PHONY: terradoc
-terradoc:
-	$(call quiet-command,terradoc -o README.md README.tfdoc.hcl)
-
-# define helper functions
+# Define helper functions
 DOCKER_FLAGS   += ${DOCKER_RUN_FLAGS}
 DOCKER_RUN_CMD  = docker run ${DOCKER_FLAGS} ${BUILD_TOOLS_DOCKER_IMAGE}
 
 quiet-command = $(if ${V},${1},$(if ${2},@echo ${2} && ${1}, @${1}))
 docker-run    = $(call quiet-command,${DOCKER_RUN_CMD} ${1} | cat,"${YELLOW}[DOCKER RUN] ${GREEN}${1}${RESET}")
-go-test       = $(call quiet-command,${DOCKER_RUN_CMD} go test -v -count 1 -timeout 45m -parallel 128 ${1} | cat,"${YELLOW}[TEST] ${GREEN}${1}${RESET}")
 rm-command    = $(call quiet-command,rm -rf ${1},"${YELLOW}[CLEAN] ${GREEN}${1}${RESET}")

README.md

@@ -33,6 +33,7 @@ _Security related notice: Versions 4.7.0, 4.8.0, 4.9.0 and 4.9.1 of the Terrafor
     - [Webhooks Configuration](#webhooks-configuration)
     - [Secrets Configuration](#secrets-configuration)
     - [Autolink References Configuration](#autolink-references-configuration)
+    - [App Installations](#app-installations)
   - [Module Configuration](#module-configuration)
 - [Module Outputs](#module-outputs)
 - [External Documentation](#external-documentation)
@@ -808,6 +809,20 @@ This is due to some terraform limitation and we will update the module once terr
 
     The template of the target URL used for the links; must be a valid URL and contain `<num>` for the reference number.
 
+#### App Installations
+
+- [**`app_installations`**](#var-app_installations): *(Optional `set(number)`)*<a name="var-app_installations"></a>
+
+  A set of GitHub App IDs to be installed in this repository.
+
+  Default is `{}`.
+
+  Example:
+
+  ```hcl
+  app_installations = [25405144, 12556423]
+  ```
+
 ### Module Configuration
 
 - [**`module_depends_on`**](#var-module_depends_on): *(Optional `list(dependency)`)*<a name="var-module_depends_on"></a>
@@ -886,6 +901,10 @@ The following attributes are exported by the module:
 
   List of secrets available.
 
+- [**`app_installations`**](#output-app_installations): *(`set(number)`)*<a name="output-app_installations"></a>
+
+  A map of deploy app installations keyed by installation id.
+
 ## External Documentation
 
 ### Terraform Github Provider Documentation

README.tfdoc.hcl

@@ -1052,6 +1052,22 @@ section {
           }
         }
       }
+
+      section {
+        title = "App Installations"
+
+        variable "app_installations" {
+          type        = set(number)
+          default     = {}
+          description = <<-END
+            A set of GitHub App IDs to be installed in this repository.
+          END
+
+          readme_example = <<-END
+            app_installations = [25405144, 12556423]
+          END
+        }
+      }
     }
 
     section {
@@ -1177,6 +1193,13 @@ section {
         List of secrets available.
       END
     }
+
+    output "app_installations" {
+      type        = set(number)
+      description = <<-END
+        A map of deploy app installations keyed by installation id.
+      END
+    }
   }
 
   section {

main.tf

@@ -496,3 +496,14 @@ resource "github_repository_autolink_reference" "repository_autolink_reference"
   key_prefix          = each.value.key_prefix
   target_url_template = each.value.target_url_template
 }
+
+# ---------------------------------------------------------------------------------------------------------------------
+# App installation
+# ---------------------------------------------------------------------------------------------------------------------
+
+resource "github_app_installation_repository" "app_installation_repository" {
+  for_each = var.app_installations
+
+  repository      = github_repository.repository.name
+  installation_id = each.value
+}

outputs.tf

@@ -79,6 +79,11 @@ output "secrets" {
   description = "List of secrets available."
 }
 
+output "app_installations" {
+  value       = github_app_installation_repository.app_installation_repository
+  description = "A map of deploy app installations keyed by installation id."
+}
+
 # ----------------------------------------------------------------------------------------------------------------------
 # OUTPUT MODULE CONFIGURATION
 # ----------------------------------------------------------------------------------------------------------------------

test/unit-complete/main.tf

@@ -132,6 +132,8 @@ module "repository" {
   projects = var.projects
 
   autolink_references = var.autolink_references
+
+  app_installations = var.app_installations
 }
 
 # ---------------------------------------------------------------------------------------------------------------------

test/unit-complete/variables.tf

@@ -255,3 +255,9 @@ variable "autolink_references" {
     target_url_template = "https://hello.there/TICKET?query=<num>"
   }]
 }
+
+variable "app_installations" {
+  type        = set(number)
+  description = "A list of GitHub App IDs to be installed in this repository."
+  default     = []
+}

variables.tf

@@ -528,6 +528,12 @@ variable "archive_on_destroy" {
   default     = true
 }
 
+variable "app_installations" {
+  type        = set(number)
+  description = "(Optional) A list of GitHub App IDs to be installed in this repository."
+  default     = []
+}
+
 # ------------------------------------------------------------------------------
 # MODULE CONFIGURATION PARAMETERS
 # These variables are used to configure the module.