From ac5c902a21632e35783a9eb1ad4a53635ebcf485 Mon Sep 17 00:00:00 2001 From: galargh Date: Fri, 16 Feb 2024 12:05:57 +0000 Subject: [PATCH] upgrade@7930283418 --- terraform/locals.tf | 245 ++++++++++++++---------- terraform/resources.tf | 411 ++++++++++++++++++++--------------------- 2 files changed, 350 insertions(+), 306 deletions(-) diff --git a/terraform/locals.tf b/terraform/locals.tf index b04af96..817428f 100644 --- a/terraform/locals.tf +++ b/terraform/locals.tf @@ -1,102 +1,157 @@ locals { organization = terraform.workspace - config = yamldecode(file("${path.module}/../github/${local.organization}.yml")) - state = { - for resource in jsondecode(file("${path.module}/${local.organization}.tfstate.json")).values.root_module.resources : - "${resource.mode}.${resource.type}.${resource.name}.${resource.index}" => merge(resource.values, { "index" = resource.index }) - } resource_types = [] advanced_security = false - defaults = { - github_membership = { - username = null - role = null - } - github_repository = { - name = null - allow_auto_merge = null - allow_merge_commit = null - allow_rebase_merge = null - allow_squash_merge = null - allow_update_branch = null - archive_on_destroy = null - archived = null - auto_init = null - default_branch = null - delete_branch_on_merge = null - description = null - gitignore_template = null - has_discussions = null - has_downloads = null - has_issues = null - has_projects = null - has_wiki = null - homepage_url = null - ignore_vulnerability_alerts_during_read = null - is_template = null - license_template = null - merge_commit_message = null - merge_commit_title = null - squash_merge_commit_message = null - squash_merge_commit_title = null - topics = null - visibility = null - vulnerability_alerts = null - security_and_analysis = [] - pages = [] - template = [] - } - github_repository_collaborator = { - repository = null - username = null - permission = null - } - github_branch_protection = { - pattern = null - repository_id = null - allows_deletions = null - allows_force_pushes = null - blocks_creations = null - enforce_admins = null - lock_branch = null - push_restrictions = null - require_conversation_resolution = null - require_signed_commits = null - required_linear_history = null - required_pull_request_reviews = [] - required_status_checks = [] - } - github_team = { - name = null - description = null - parent_team_id = null - privacy = null - } - github_team_repository = { - repository = null - team_id = null - permission = null - } - github_team_membership = { - team_id = null - username = null - role = null - } - github_repository_file = { - repository = null - file = null - content = null - branch = null - overwrite_on_create = null - commit_author = null - commit_email = null - commit_message = null - } - github_issue_label = { - repository = null - name = null - color = null - description = null + config = yamldecode(file("${path.module}/../github/${local.organization}.yml")) + state = jsondecode(file("${path.module}/${local.organization}.tfstate.json")) + resources = { + "config" = { + "github_membership" = { + "this" = { + for item in flatten([ + for role, members in lookup(local.config, "members", {}) : [ + for member in members : { + username = member + role = role + } + ] + ]) : lower("${item.username}") => item... + } + } + "github_repository" = { + "this" = { + for item in [ + for repository, config in lookup(local.config, "repositories", {}): merge(config, { + name = repository + security_and_analysis = (try(config.visibility, "private") == "public" || local.advanced_security) ? [ + { + advanced_security = try(config.visibility, "private") == "public" || !local.advanced_security ? [] : [{ "status" : try(config.advanced_security, false) ? "enabled" : "disabled" }] + secret_scanning = try(config.visibility, "private") != "public" ? [] : [{ "status" : try(config.secret_scanning, false) ? "enabled" : "disabled" }] + secret_scanning_push_protection = try(config.visibility, "private") != "public" ? [] : [{ "status" : try(config.secret_scanning_push_protection, false) ? "enabled" : "disabled" }] + }] : [] + pages = try(config.pages, null) != null ? [ + { + cname = try(config.pages.cname, null) + source = try(config.pages.source, null) == null ? [] : [ + { + branch = config.pages.source.branch + path = try(config.pages.source.path, null) + } + ] + }] : [] + template = try([config.template], []) + }) + ] : lower("${item.name}") => item... + } + } + "github_repository_collaborator" = { + "this" = { + for item in flatten([ + for repository, config in lookup(local.config, "repositories", {}): flatten([ + for permission, members in lookup(config, "collaborators", {}) : [ + for member in members : { + repository = repository + username = member + permission = permission + } + ] + ]) + ]): lower("${item.repository}:${item.username}") => item... + } + } + "github_branch_protection" = { + "this" = { + for item in flatten([ + for repository, config in lookup(local.config, "repositories", {}): [ + for pattern, config in lookup(config, "branch_protection", {}) : merge(config, { + pattern = pattern + repository = repository + required_pull_request_reviews = try([config.required_pull_request_reviews], []) + required_status_checks = try([config.required_status_checks], []) + }) + ] + ]): lower("${item.repository}:${item.username}") => item... + } + } + "github_team" = { + "this" = { + for item in [for team, config in lookup(local.config, "teams", {}) : merge(config, { + name = team + })] : lower("${item.name}") => item... + } + } + "github_team_repository" = { + "this" = { + for item in flatten([ + for repository, config in lookup(local.config, "repositories", {}): flatten([ + for permission, teams in lookup(config, "teams", {}) : [ + for team in teams : { + repository = repository + team = team + permission = permission + } + ] + ]) + ]): lower("${item.team}:${item.repository}") => item... + } + } + "github_team_membership" = { + "this" = { + for item in flatten([ + for team, config in lookup(local.config, "teams", {}): flatten([ + for role, members in lookup(config, "members", {}) : [ + for member in members : { + team = team + username = member + role = role + } + ] + ]) + ]): lower("${item.repository}:${item.username}") => item... + } + } + "github_repository_file" = { + "this" = { + for item in flatten([ + for repository, config in lookup(local.config, "repositories", {}): [ + for file, config in lookup(config, "files", {}) : merge(config, { + repository = repository + file = file + content = try(file("${path.module}/../files/${config.content}"), config.content) + }) + ] + ]): lower("${item.repository}/${item.path}") => item... + } + } + "github_issue_label" = { + "this" = { + for item in flatten([ + for repository, config in lookup(local.config, "repositories", {}): [ + for label, config in lookup(config, "labels", {}) : merge(config, { + repository = repository + label = label + }) + ] + ]): lower("${item.repository}:${item.label}") => item... + } + } } + "state" = { + for mode, item in { + for item in local.state.values.root_module.resources : item.mode => item... + } : mode => { + for type, item in { + for item in item : item.type => item... + } : type => { + for name, item in { + for item in item : item.name => item... + } : name => { + for index, item in { + for item in item : item.index => item.values + } : index => item + } + } + } + }.managed } } diff --git a/terraform/resources.tf b/terraform/resources.tf index 23ec243..8160f5c 100644 --- a/terraform/resources.tf +++ b/terraform/resources.tf @@ -1,15 +1,15 @@ resource "github_membership" "this" { - for_each = merge([ - for role, members in lookup(local.config, "members", {}) : { - for member in members : lower("${member}") => { - username = member - role = role + for_each = { + for item in [ + for member, config in local.resources.config.github_membership.this : { + source = "config" + index = member } - } - ]...) + ] : item.index => item.source + } - username = each.value.username - role = each.value.role + username = local.resources[each.value].github_membership.this[each.key].username + role = local.resources[each.value].github_membership.this[each.key].role lifecycle { ignore_changes = [] @@ -19,64 +19,50 @@ resource "github_membership" "this" { resource "github_repository" "this" { for_each = { - for repository, config in lookup(local.config, "repositories", {}) : lower(repository) => - try(config.archived, false) ? - merge(local.defaults.github_repository, local.state["managed.github_repository.this.${lower(repository)}"]) : - merge(local.defaults.github_repository, merge(config, { - name = repository - security_and_analysis = (try(config.visibility, "private") == "public" || local.advanced_security) ? [ - { - advanced_security = try(config.visibility, "private") == "public" || !local.advanced_security ? [] : [{ "status" : try(config.advanced_security, false) ? "enabled" : "disabled" }] - secret_scanning = try(config.visibility, "private") != "public" ? [] : [{ "status" : try(config.secret_scanning, false) ? "enabled" : "disabled" }] - secret_scanning_push_protection = try(config.visibility, "private") != "public" ? [] : [{ "status" : try(config.secret_scanning_push_protection, false) ? "enabled" : "disabled" }] - }] : [] - pages = try(config.pages, null) == null ? [] : [ - { - cname = try(config.pages.cname, null) - source = try(config.pages.source, null) == null ? [] : [ - { - branch = config.pages.source.branch - path = try(config.pages.source.path, null) - } - ] + for item in [ + for repository, config in local.resources.config.github_repository.this : + try(config.archived, false) ? { + source = "state" + index = repository + } : { + source = "config" + index = repository } - ] - template = try([config.template], []) - })) + ] : item.index => item.source } - name = each.value.name - allow_auto_merge = each.value.allow_auto_merge - allow_merge_commit = each.value.allow_merge_commit - allow_rebase_merge = each.value.allow_rebase_merge - allow_squash_merge = each.value.allow_squash_merge - allow_update_branch = each.value.allow_update_branch - archive_on_destroy = each.value.archive_on_destroy - archived = each.value.archived - auto_init = each.value.auto_init - default_branch = each.value.default_branch - delete_branch_on_merge = each.value.delete_branch_on_merge - description = each.value.description - gitignore_template = each.value.gitignore_template - has_discussions = each.value.has_discussions - has_downloads = each.value.has_downloads - has_issues = each.value.has_issues - has_projects = each.value.has_projects - has_wiki = each.value.has_wiki - homepage_url = each.value.homepage_url - ignore_vulnerability_alerts_during_read = each.value.ignore_vulnerability_alerts_during_read - is_template = each.value.is_template - license_template = each.value.license_template - merge_commit_message = each.value.merge_commit_message - merge_commit_title = each.value.merge_commit_title - squash_merge_commit_message = each.value.squash_merge_commit_message - squash_merge_commit_title = each.value.squash_merge_commit_title - topics = each.value.topics - visibility = each.value.visibility - vulnerability_alerts = each.value.vulnerability_alerts + name = local.resources[each.value].github_repository.this[each.key].name + allow_auto_merge = try(local.resources[each.value].github_repository.this[each.key].allow_auto_merge, null) + allow_merge_commit = try(local.resources[each.value].github_repository.this[each.key].allow_merge_commit, null) + allow_rebase_merge = try(local.resources[each.value].github_repository.this[each.key].allow_rebase_merge, null) + allow_squash_merge = try(local.resources[each.value].github_repository.this[each.key].allow_squash_merge, null) + allow_update_branch = try(local.resources[each.value].github_repository.this[each.key].allow_update_branch, null) + archive_on_destroy = try(local.resources[each.value].github_repository.this[each.key].archive_on_destroy, null) + archived = try(local.resources[each.value].github_repository.this[each.key].archived, null) + auto_init = try(local.resources[each.value].github_repository.this[each.key].auto_init, null) + default_branch = try(local.resources[each.value].github_repository.this[each.key].default_branch, null) + delete_branch_on_merge = try(local.resources[each.value].github_repository.this[each.key].delete_branch_on_merge, null) + description = try(local.resources[each.value].github_repository.this[each.key].description, null) + gitignore_template = try(local.resources[each.value].github_repository.this[each.key].gitignore_template, null) + has_discussions = try(local.resources[each.value].github_repository.this[each.key].has_discussions, null) + has_downloads = try(local.resources[each.value].github_repository.this[each.key].has_downloads, null) + has_issues = try(local.resources[each.value].github_repository.this[each.key].has_issues, null) + has_projects = try(local.resources[each.value].github_repository.this[each.key].has_projects, null) + has_wiki = try(local.resources[each.value].github_repository.this[each.key].has_wiki, null) + homepage_url = try(local.resources[each.value].github_repository.this[each.key].homepage_url, null) + ignore_vulnerability_alerts_during_read = try(local.resources[each.value].github_repository.this[each.key].ignore_vulnerability_alerts_during_read, null) + is_template = try(local.resources[each.value].github_repository.this[each.key].is_template, null) + license_template = try(local.resources[each.value].github_repository.this[each.key].license_template, null) + merge_commit_message = try(local.resources[each.value].github_repository.this[each.key].merge_commit_message, null) + merge_commit_title = try(local.resources[each.value].github_repository.this[each.key].merge_commit_title, null) + squash_merge_commit_message = try(local.resources[each.value].github_repository.this[each.key].squash_merge_commit_message, null) + squash_merge_commit_title = try(local.resources[each.value].github_repository.this[each.key].squash_merge_commit_title, null) + topics = try(local.resources[each.value].github_repository.this[each.key].topics, null) + visibility = try(local.resources[each.value].github_repository.this[each.key].visibility, null) + vulnerability_alerts = try(local.resources[each.value].github_repository.this[each.key].vulnerability_alerts, null) dynamic "security_and_analysis" { - for_each = each.value.security_and_analysis + for_each = try(local.resources[each.value].github_repository.this[each.key].security_and_analysis, []) content { dynamic "advanced_security" { @@ -101,7 +87,7 @@ resource "github_repository" "this" { } dynamic "pages" { - for_each = each.value.pages + for_each = try(local.resources[each.value].github_repository.this[each.key].pages, []) content { cname = try(pages.value["cname"], null) dynamic "source" { @@ -114,7 +100,7 @@ resource "github_repository" "this" { } } dynamic "template" { - for_each = each.value.template + for_each = try(local.resources[each.value].github_repository.this[each.key].template, []) content { owner = template.value["owner"] repository = template.value["repository"] @@ -128,30 +114,29 @@ resource "github_repository" "this" { } resource "github_repository_collaborator" "this" { - for_each = merge(flatten([ - for repository, repository_config in lookup(local.config, "repositories", {}) : - try(repository_config.archived, false) ? - [ - { - for address, resource in local.state : resource.index => resource if try(regex("managed.github_repository_collaborator.this.${lower(repository)}:", address), null) != null - } - ] : - [ - for permission, members in lookup(repository_config, "collaborators", {}) : { - for member in members : lower("${repository}:${member}") => merge(local.defaults.github_repository_collaborator, { - repository = repository - username = member - permission = permission - }) - } - ] - ])...) + for_each = { + for item in [ + for repository, config in local.resources.config.github_repository.this : flatten([ + try(config.archived, false) ? [ + for member, config in local.resources.state.github_repository_collaborator.this : { + source = "state" + index = member + } if try(regex("^${repository}:", member), null) != null + ] : [ + for member, config in local.resources.config.github_repository_collaborator.this : { + source = "config" + index = member + } if try(regex("^${repository}:", member), null) != null + ] + ]) + ] : item.index => item.source + } depends_on = [github_repository.this] - repository = each.value.repository - username = each.value.username - permission = each.value.permission + repository = local.resources[each.value].github_repository_collaborator.this[each.key].repository + username = local.resources[each.value].github_repository_collaborator.this[each.key].username + permission = local.resources[each.value].github_repository_collaborator.this[each.key].permission lifecycle { ignore_changes = [] @@ -159,38 +144,42 @@ resource "github_repository_collaborator" "this" { } resource "github_branch_protection" "this" { - for_each = merge([ - for repository, repository_config in lookup(local.config, "repositories", {}) : - try(repository_config.archived, false) ? - { - for address, resource in local.state : resource.index => merge(resource, { - repository_key = null - }) if try(regex("managed.github_branch_protection.this.${lower(repository)}:", address), null) != null - } : - { - for pattern, config in lookup(repository_config, "branch_protection", {}) : lower("${repository}:${pattern}") => merge(local.defaults.github_branch_protection, merge(config, { - pattern = pattern - repository_key = lower(repository) - required_pull_request_reviews = try([config.required_pull_request_reviews], []) - required_status_checks = try([config.required_status_checks], []) - })) - } - ]...) - - pattern = each.value.pattern - repository_id = each.value.repository_id != null ? each.value.repository_id : github_repository.this[each.value.repository_key].node_id - allows_deletions = each.value.allows_deletions - allows_force_pushes = each.value.allows_force_pushes - blocks_creations = each.value.blocks_creations - enforce_admins = each.value.enforce_admins - lock_branch = each.value.lock_branch - push_restrictions = each.value.push_restrictions - require_conversation_resolution = each.value.require_conversation_resolution - require_signed_commits = each.value.require_signed_commits - required_linear_history = each.value.required_linear_history + for_each = { + for item in [ + for repository, config in local.resources.config.github_repository.this : flatten([ + try(config.archived, false) ? [ + for branch_protection, config in local.resources.state.github_branch_protection.this : { + source = "state" + index = branch_protection + } if try(regex("^${repository}:", branch_protection), null) != null + ] : [ + for branch_protection, config in local.resources.config.github_branch_protection.this : { + source = "config" + index = branch_protection + } if try(regex("^${repository}:", branch_protection), null) != null + ] + ]) + ] : item.index => item.source + } + + depends_on = [github_repository.this] + + pattern = local.resources[each.value].github_branch_protection.this[each.key].pattern + + repository_id = try(local.resources[each.value].github_branch_protection.this[each.key].repository_id, github_repository.this[lower(local.resources[each.value].github_branch_protection.this[each.key].repository)].node_id) + + allows_deletions = try(local.resources[each.value].github_branch_protection.this[each.key].allows_deletions, null) + allows_force_pushes = try(local.resources[each.value].github_branch_protection.this[each.key].allows_force_pushes, null) + blocks_creations = try(local.resources[each.value].github_branch_protection.this[each.key].blocks_creations, null) + enforce_admins = try(local.resources[each.value].github_branch_protection.this[each.key].enforce_admins, null) + lock_branch = try(local.resources[each.value].github_branch_protection.this[each.key].lock_branch, null) + push_restrictions = try(local.resources[each.value].github_branch_protection.this[each.key].push_restrictions, null) + require_conversation_resolution = try(local.resources[each.value].github_branch_protection.this[each.key].require_conversation_resolution, null) + require_signed_commits = try(local.resources[each.value].github_branch_protection.this[each.key].require_signed_commits, null) + required_linear_history = try(local.resources[each.value].github_branch_protection.this[each.key].required_linear_history, null) dynamic "required_pull_request_reviews" { - for_each = each.value.required_pull_request_reviews + for_each = try(local.resources[each.value].github_branch_protection.this[each.key].required_pull_request_reviews, []) content { dismiss_stale_reviews = try(required_pull_request_reviews.value["dismiss_stale_reviews"], null) dismissal_restrictions = try(required_pull_request_reviews.value["dismissal_restrictions"], null) @@ -201,7 +190,7 @@ resource "github_branch_protection" "this" { } } dynamic "required_status_checks" { - for_each = each.value.required_status_checks + for_each = try(local.resources[each.value].github_branch_protection.this[each.key].required_status_checks, null) content { contexts = try(required_status_checks.value["contexts"], null) strict = try(required_status_checks.value["strict"], null) @@ -211,15 +200,20 @@ resource "github_branch_protection" "this" { resource "github_team" "this" { for_each = { - for team, config in lookup(local.config, "teams", {}) : lower(team) => merge(local.defaults.github_team, merge(config, { - name = team - })) + for item in [ + for team, config in local.resources.config.github_team.this : { + source = "config" + index = team + } + ] : item.index => item.source } - name = each.value.name - description = each.value.description - parent_team_id = try(try(element(data.github_organization_teams.this[0].teams, index(data.github_organization_teams.this[0].teams.*.name, each.value.parent_team_id)).id, each.value.parent_team_id), null) - privacy = each.value.privacy + name = local.resources[each.value].github_team.this[each.key].name + + parent_team_id = try(try(element(data.github_organization_teams.this[0].teams, index(data.github_organization_teams.this[0].teams.*.name, local.resources[each.value].github_team.this[each.key].parent_team_id)).id, local.resources[each.value].github_team.this[each.key].parent_team_id), null) + + description = try(local.resources[each.value].github_team.this[each.key].description, null) + privacy = try(local.resources[each.value].github_team.this[each.key].privacy, null) lifecycle { ignore_changes = [] @@ -227,35 +221,30 @@ resource "github_team" "this" { } resource "github_team_repository" "this" { - for_each = merge(flatten([ - for repository, repository_config in lookup(local.config, "repositories", {}) : - try(repository_config.archived, false) ? - [ - { - for address, resource in local.state : resource.index => merge(resource, { - team_key = null - }) if try(regex("managed.github_team_repository.this.${lower(repository)}:", address), null) != null - } - ] : - [ - for permission, teams in lookup(repository_config, "teams", {}) : { - for team in teams : lower("${team}:${repository}") => merge(local.defaults.github_team_repository, { - repository = repository - team_key = lower(team) - permission = permission - }) - } - ] - ])...) + for_each = { + for item in [ + for repository, config in local.resources.config.github_repository.this : flatten([ + try(config.archived, false) ? [ + for team, config in local.resources.state.github_team_repository.this : { + source = "state" + index = team + } if try(regex(":${repository}$", team), null) != null + ] : [ + for team, config in local.resources.config.github_team_repository.this : { + source = "config" + index = team + } if try(regex(":${repository}$", team), null) != null + ] + ]) + ] : item.index => item.source + } - depends_on = [ - github_repository.this - ] + depends_on = [github_team.this, github_repository.this] - repository = each.value.repository - team_id = each.value.team_id != null ? each.value.team_id : github_team.this[each.value.team_key].id + repository = local.resources[each.value].github_team_repository.this[each.key].repository + permission = local.resources[each.value].github_team_repository.this[each.key].permission - permission = each.value.permission + team_id = try(local.resources[each.value].github_team_repository.this[each.key].team_id, github_team.this[lower(local.resources[each.value].github_team_repository.this[each.key].team)].id) lifecycle { ignore_changes = [] @@ -263,22 +252,21 @@ resource "github_team_repository" "this" { } resource "github_team_membership" "this" { - for_each = merge(flatten([ - for team, team_config in lookup(local.config, "teams", {}) : - [ - for role, members in lookup(team_config, "members", {}) : { - for member in members : lower("${team}:${member}") => merge(local.defaults.github_team_membership, { - team_key = lower(team) - username = member - role = role - }) + for_each = { + for item in [ + for member, config in local.resources.config.github_team_membership.this : { + source = "config" + index = member } - ] - ])...) + ] : item.index => item.source + } + + depends_on = [github_team.this] - team_id = each.value.team_id != null ? each.value.team_id : github_team.this[each.value.team_key].id - username = each.value.username - role = each.value.role + username = local.resources[each.value].github_team_membership.this[each.key].username + role = local.resources[each.value].github_team_membership.this[each.key].role + + team_id = try(local.resources[each.value].github_team_membership.this[each.key].team_id, github_team.this[lower(local.resources[each.value].github_team_membership.this[each.key].team)].id) lifecycle { ignore_changes = [] @@ -286,42 +274,37 @@ resource "github_team_membership" "this" { } resource "github_repository_file" "this" { - for_each = merge([ - for repository, repository_config in lookup(local.config, "repositories", {}) : - try(repository_config.archived, false) ? - { - for address, resource in local.state : resource.index => merge(resource, { - repository_key = null - }) if try(regex("managed.github_repository_file.this.${lower(repository)}:", address), null) != null - } : - { - for obj in [ - for file, config in lookup(repository_config, "files", {}) : { - config = merge(local.defaults.github_repository_file, merge(config, { - repository = repository - file = file - repository_key = lower(repository) - content = try(file("${path.module}/../files/${config.content}"), config.content) - })) - state = merge(try(local.state["managed.github_repository_file.this.${lower("${repository}/${file}")}"], {}), { - repository_key = null - }) - } if contains(keys(config), "content") - ] : lower("${obj.config.repository}/${obj.config.file}") => try(obj.state.content, "") == obj.config.content ? obj.state : obj.config - } - ]...) + for_each = { + for item in [ + for repository, config in local.resources.config.github_repository.this : flatten([ + try(config.archived, false) ? [ + for file, config in local.resources.state.github_repository_file.this : { + source = "state" + index = file + } if try(regex("^${repository}/", file), null) != null + ] : [ + for file, config in local.resources.config.github_repository_file.this : { + source = try(local.resources.state.github_repository_file.this[file].content, "") == try(config.content, "") ? "state" : "config" + index = file + } if try(regex("^${repository}/", file), null) != null + ] + ]) + ] : item.index => item.source + } + + depends_on = [github_repository.this] - repository = each.value.repository - file = each.value.file - content = each.value.content + repository = local.resources[each.value].github_repository_file.this[each.key].repository + file = local.resources[each.value].github_repository_file.this[each.key].file + content = local.resources[each.value].github_repository_file.this[each.key].content # Since 5.25.0 the branch attribute defaults to the default branch of the repository # branch = try(each.value.branch, null) - branch = each.value.branch != null ? each.value.branch : github_repository.this[each.value.repository_key].default_branch - overwrite_on_create = each.value.overwrite_on_create != null ? each.value.overwrite_on_create : true + branch = try(local.resources[each.value].github_repository_file.this[each.key].repository, github_repository.this[lower(local.resources[each.value].github_repository_file.this[each.key].repository)].default_branch) + overwrite_on_create = try(local.resources[each.value].github_repository_file.this[each.key].overwrite_on_create, true) # Keep the defaults from 4.x - commit_author = each.value.commit_author != null ? each.value.commit_author : "GitHub" - commit_email = each.value.commit_email != null ? each.value.commit_email : "noreply@github.com" - commit_message = each.value.commit_message != null ? each.value.commit_message : "chore: Update ${each.value.file} [skip ci]" + commit_author = try(local.resources[each.value].github_repository_file.this[each.key].commit_author, "GitHub") + commit_email = try(local.resources[each.value].github_repository_file.this[each.key].commit_email, "noreply@github.com") + commit_message = try(local.resources[each.value].github_repository_file.this[each.key].commit_message, "chore: Update ${each.value.file} [skip ci]") lifecycle { ignore_changes = [] @@ -329,25 +312,31 @@ resource "github_repository_file" "this" { } resource "github_issue_label" "this" { - for_each = merge([ - for repository, repository_config in lookup(local.config, "repositories", {}) : - try(repository_config.archived, false) ? - { - for address, resource in local.state : resource.index => resource if try(regex("managed.github_issue_label.this.${lower(repository)}:", address), null) != null - } : { - for label, config in lookup(repository_config, "labels", {}) : lower("${repository}:${label}") => merge(local.defaults.github_issue_label, merge(config, { - repository = repository - label = label - })) - } - ]...) + for_each = { + for item in [ + for repository, config in local.resources.config.github_repository.this : flatten([ + try(config.archived, false) ? [ + for label, config in local.resources.state.github_issue_label.this : { + source = "state" + index = label + } if try(regex("^${repository}:", label), null) != null + ] : [ + for label, config in local.resources.config.github_issue_label.this : { + source = "config" + index = label + } if try(regex("^${repository}:", label), null) != null + ] + ]) + ] : item.index => item.source + } depends_on = [github_repository.this] - repository = each.value.repository - name = each.value.label - color = each.value.color - description = each.value.description + repository = local.resources[each.value].github_issue_label.this[each.key].repository + name = local.resources[each.value].github_issue_label.this[each.key].name + + color = try(local.resources[each.value].github_issue_label.this[each.key].color, null) + description = try(local.resources[each.value].github_issue_label.this[each.key].description, null) lifecycle { ignore_changes = []