Skip to content

Commit 478eb8c

Browse files
mnasiadkamnasiadka
authored
Merge pull request #530 from stackhpc/zuul_merge_permissions
Add stackhpc-zuul merge rights in Ansible,Kayobe and OpenStack repos
2 parents ee2cd7a + aeba578 commit 478eb8c

2 files changed

Lines changed: 48 additions & 24 deletions

File tree

terraform/github/branches.tf

Lines changed: 34 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -45,15 +45,16 @@ resource "github_branch_protection" "ansible_branch_protection" {
4545
required_approving_review_count = 1
4646
}
4747

48-
# Only permit members of the `Developers` team to push to the protected branch. Members
49-
# would still need to get the required approval from reviewers and pass any checks before
50-
# being able to merge. Also this should prevent outsiders from pushing to the protected branch,
51-
# however, whilst they can open a pull request they shoud not be able to merge that would be
48+
# Only permit members of the `Developers` team to push to the protected branch. Members
49+
# would still need to get the required approval from reviewers and pass any checks before
50+
# being able to merge. Also this should prevent outsiders from pushing to the protected branch,
51+
# however, whilst they can open a pull request they shoud not be able to merge that would be
5252
# upto the reviewers or codeowners.
5353
restrict_pushes {
5454
blocks_creations = false
5555
push_allowances = [
56-
resource.github_team.organisation_teams["Developers"].node_id
56+
resource.github_team.organisation_teams["Developers"].node_id,
57+
local.zuul_app_node_id
5758
]
5859
}
5960

@@ -121,7 +122,8 @@ resource "github_branch_protection" "kayobe_branch_protection_py_3-6" {
121122
restrict_pushes {
122123
blocks_creations = false
123124
push_allowances = [
124-
resource.github_team.organisation_teams["Developers"].node_id
125+
resource.github_team.organisation_teams["Developers"].node_id,
126+
local.zuul_app_node_id
125127
]
126128
}
127129

@@ -158,7 +160,8 @@ resource "github_branch_protection" "kayobe_branch_protection_zed" {
158160
restrict_pushes {
159161
blocks_creations = false
160162
push_allowances = [
161-
resource.github_team.organisation_teams["Developers"].node_id
163+
resource.github_team.organisation_teams["Developers"].node_id,
164+
local.zuul_app_node_id
162165
]
163166
}
164167

@@ -196,7 +199,8 @@ resource "github_branch_protection" "kayobe_branch_protection_antelope" {
196199
restrict_pushes {
197200
blocks_creations = false
198201
push_allowances = [
199-
resource.github_team.organisation_teams["Developers"].node_id
202+
resource.github_team.organisation_teams["Developers"].node_id,
203+
local.zuul_app_node_id
200204
]
201205
}
202206

@@ -234,7 +238,8 @@ resource "github_branch_protection" "kayobe_branch_protection_caracal" {
234238
restrict_pushes {
235239
blocks_creations = false
236240
push_allowances = [
237-
resource.github_team.organisation_teams["Developers"].node_id
241+
resource.github_team.organisation_teams["Developers"].node_id,
242+
local.zuul_app_node_id
238243
]
239244
}
240245

@@ -271,7 +276,8 @@ resource "github_branch_protection" "kayobe_branch_protection_epoxy" {
271276
restrict_pushes {
272277
blocks_creations = false
273278
push_allowances = [
274-
resource.github_team.organisation_teams["Developers"].node_id
279+
resource.github_team.organisation_teams["Developers"].node_id,
280+
local.zuul_app_node_id
275281
]
276282
}
277283

@@ -309,7 +315,8 @@ resource "github_branch_protection" "kayobe_branch_protection_gazpacho" {
309315
restrict_pushes {
310316
blocks_creations = false
311317
push_allowances = [
312-
resource.github_team.organisation_teams["Developers"].node_id
318+
resource.github_team.organisation_teams["Developers"].node_id,
319+
local.zuul_app_node_id
313320
]
314321
}
315322

@@ -346,7 +353,8 @@ resource "github_branch_protection" "kayobe_branch_protection_master" {
346353
restrict_pushes {
347354
blocks_creations = false
348355
push_allowances = [
349-
resource.github_team.organisation_teams["Developers"].node_id
356+
resource.github_team.organisation_teams["Developers"].node_id,
357+
local.zuul_app_node_id
350358
]
351359
}
352360

@@ -381,7 +389,8 @@ resource "github_branch_protection" "openstack_branch_protection_py_3-6" {
381389
restrict_pushes {
382390
blocks_creations = false
383391
push_allowances = [
384-
resource.github_team.organisation_teams["Developers"].node_id
392+
resource.github_team.organisation_teams["Developers"].node_id,
393+
local.zuul_app_node_id
385394
]
386395
}
387396

@@ -417,7 +426,8 @@ resource "github_branch_protection" "openstack_branch_protection_zed" {
417426
restrict_pushes {
418427
blocks_creations = false
419428
push_allowances = [
420-
resource.github_team.organisation_teams["Developers"].node_id
429+
resource.github_team.organisation_teams["Developers"].node_id,
430+
local.zuul_app_node_id
421431
]
422432
}
423433

@@ -455,7 +465,8 @@ resource "github_branch_protection" "openstack_branch_protection_antelope" {
455465
restrict_pushes {
456466
blocks_creations = false
457467
push_allowances = [
458-
resource.github_team.organisation_teams["Developers"].node_id
468+
resource.github_team.organisation_teams["Developers"].node_id,
469+
local.zuul_app_node_id
459470
]
460471
}
461472

@@ -493,7 +504,8 @@ resource "github_branch_protection" "openstack_branch_protection_caracal" {
493504
restrict_pushes {
494505
blocks_creations = false
495506
push_allowances = [
496-
resource.github_team.organisation_teams["Developers"].node_id
507+
resource.github_team.organisation_teams["Developers"].node_id,
508+
local.zuul_app_node_id
497509
]
498510
}
499511

@@ -530,7 +542,8 @@ resource "github_branch_protection" "openstack_branch_protection_epoxy" {
530542
restrict_pushes {
531543
blocks_creations = false
532544
push_allowances = [
533-
resource.github_team.organisation_teams["Developers"].node_id
545+
resource.github_team.organisation_teams["Developers"].node_id,
546+
local.zuul_app_node_id
534547
]
535548
}
536549

@@ -568,7 +581,8 @@ resource "github_branch_protection" "openstack_branch_protection_gazpacho" {
568581
restrict_pushes {
569582
blocks_creations = false
570583
push_allowances = [
571-
resource.github_team.organisation_teams["Developers"].node_id
584+
resource.github_team.organisation_teams["Developers"].node_id,
585+
local.zuul_app_node_id
572586
]
573587
}
574588

@@ -605,7 +619,8 @@ resource "github_branch_protection" "openstack_branch_protection_master" {
605619
restrict_pushes {
606620
blocks_creations = false
607621
push_allowances = [
608-
resource.github_team.organisation_teams["Developers"].node_id
622+
resource.github_team.organisation_teams["Developers"].node_id,
623+
local.zuul_app_node_id
609624
]
610625
}
611626

terraform/github/repositories.tf

Lines changed: 14 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -80,15 +80,24 @@ resource "github_issue_label" "monitoring_label" {
8080
description = "All things related to observability & telemetry"
8181
}
8282

83-
data "github_repository" "repositories" {
84-
for_each = toset(flatten(values(var.repositories)))
85-
full_name = format("%s/%s", var.owner, each.value)
86-
}
87-
8883
resource "github_issue_label" "workflows_label" {
8984
for_each = toset(flatten(values(var.repositories)))
9085
repository = each.value
9186
name = "workflows"
9287
color = "638475"
9388
description = "Workflow files have been modified"
9489
}
90+
91+
data "github_repository" "repositories" {
92+
for_each = toset(flatten(values(var.repositories)))
93+
full_name = format("%s/%s", var.owner, each.value)
94+
}
95+
96+
data "github_app" "zuul" {
97+
slug = "stackhpc-zuul"
98+
}
99+
100+
locals {
101+
zuul_app_node_id = data.github_app.zuul.node_id
102+
}
103+

0 commit comments

Comments
 (0)