FociSolutions · vedantthapa · Mar 11, 2025 · Mar 10, 2025 · Mar 10, 2025 · Mar 10, 2025
diff --git a/modules/internal_repository/README.md b/modules/internal_repository/README.md
@@ -0,0 +1,59 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6 |
+| <a name="requirement_github"></a> [github](#requirement\_github) | ~> 6.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_repository_base"></a> [repository\_base](#module\_repository\_base) | ../repository_base | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_action_secrets"></a> [action\_secrets](#input\_action\_secrets) | An (Optional) map of GitHub Actions secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
+| <a name="input_advance_security"></a> [advance\_security](#input\_advance\_security) | Enables advance security for the repository. If repository is public `advance_security` is enabled by default and cannot be changed. | `bool` | `true` | no |
+| <a name="input_allow_auto_merge"></a> [allow\_auto\_merge](#input\_allow\_auto\_merge) | Allow auto-merging pull requests on the repository | `bool` | `true` | no |
+| <a name="input_allow_merge_commit"></a> [allow\_merge\_commit](#input\_allow\_merge\_commit) | (Optional) Set to `false` to disable merge commits on the repository. | `bool` | `true` | no |
+| <a name="input_allow_rebase_merge"></a> [allow\_rebase\_merge](#input\_allow\_rebase\_merge) | (Optional) Set to `false` to disable rebase merges on the repository. | `bool` | `true` | no |
+| <a name="input_allow_squash_merge"></a> [allow\_squash\_merge](#input\_allow\_squash\_merge) | (Optional) Set to `false` to disable squash merges on the repository. | `bool` | `true` | no |
+| <a name="input_codespace_secrets"></a> [codespace\_secrets](#input\_codespace\_secrets) | An (Optional) map of GitHub Codespace secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
+| <a name="input_default_branch"></a> [default\_branch](#input\_default\_branch) | The branch to set as the default branch for this repository. Defaults to "main" | `string` | `"main"` | no |
+| <a name="input_delete_head_on_merge"></a> [delete\_head\_on\_merge](#input\_delete\_head\_on\_merge) | Sets the delete head on merge option for the repository. If true it will delete pull request branches automatically on merge. Defaults to true | `bool` | `true` | no |
+| <a name="input_dependabot_secrets"></a> [dependabot\_secrets](#input\_dependabot\_secrets) | An (Optional) map of Dependabot secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
+| <a name="input_dependabot_security_updates"></a> [dependabot\_security\_updates](#input\_dependabot\_security\_updates) | Enables dependabot security updates. Only works when `has_vulnerability_alerts` is set because that is required to enable dependabot for the repository. | `bool` | `true` | no |
+| <a name="input_description"></a> [description](#input\_description) | The description to give to the repository. Defaults to `""` | `string` | `""` | no |
+| <a name="input_environments"></a> [environments](#input\_environments) | Environments to create for the repository. | <pre>map(object({<br/>    wait_timer          = optional(number)<br/>    can_admins_bypass   = optional(bool)<br/>    prevent_self_review = optional(bool)<br/>    action_secrets      = optional(map(string))<br/>    reviewers = optional(object({<br/>      teams = optional(list(string))<br/>      users = optional(list(string))<br/>    }))<br/>    deployment_branch_policy = optional(object({<br/>      protected_branches     = bool<br/>      custom_branch_policies = bool<br/>      branch_patterns        = list(string)<br/>    }))<br/>  }))</pre> | `{}` | no |
+| <a name="input_homepage"></a> [homepage](#input\_homepage) | The homepage for the repository | `string` | `""` | no |
+| <a name="input_license_template"></a> [license\_template](#input\_license\_template) | The (Optional) license template to apply to the repository | `string` | `null` | no |
+| <a name="input_merge_commit_message"></a> [merge\_commit\_message](#input\_merge\_commit\_message) | (Optional) Can be `PR_BODY`, `PR_TITLE`, or `BLANK` for a default merge commit message. Applicable only if allow\_merge\_commit is `true`. | `string` | `"PR_TITLE"` | no |
+| <a name="input_merge_commit_title"></a> [merge\_commit\_title](#input\_merge\_commit\_title) | (Optional) Can be `PR_TITLE` or `MERGE_MESSAGE` for a default merge commit title. Applicable only if allow\_merge\_commit is `true`. | `string` | `"MERGE_MESSAGE"` | no |
+| <a name="input_name"></a> [name](#input\_name) | The name of the repository to create/import. | `string` | n/a | yes |
+| <a name="input_pages"></a> [pages](#input\_pages) | The (Optional) configuration for GitHub Pages for the repository | <pre>object({<br/>    source = optional(object({<br/>      branch = string<br/>      path   = optional(string)<br/>    }))<br/>    build_type = optional(string)<br/>    cname      = optional(string)<br/>  })</pre> | `null` | no |
+| <a name="input_protected_branches"></a> [protected\_branches](#input\_protected\_branches) | A list of ref names or patterns that should be protected. Defaults `["main"]` | `list(string)` | <pre>[<br/>  "main"<br/>]</pre> | no |
+| <a name="input_repository_team_permissions"></a> [repository\_team\_permissions](#input\_repository\_team\_permissions) | A map where the keys are github team slugs and the value is the permissions the team should have in the repository | `map(string)` | n/a | yes |
+| <a name="input_repository_user_permissions"></a> [repository\_user\_permissions](#input\_repository\_user\_permissions) | A map where the keys are github usernames and the value is the permissions the user should have in the repository | `map(string)` | n/a | yes |
+| <a name="input_requires_web_commit_signing"></a> [requires\_web\_commit\_signing](#input\_requires\_web\_commit\_signing) | If set commit signatures are required for commits to the organization. Defaults to `false`. | `bool` | `false` | no |
+| <a name="input_rulesets"></a> [rulesets](#input\_rulesets) | n/a | <pre>map(object({<br/>    bypass_actors = optional(object({<br/>      repository_roles = optional(list(object({<br/>        role          = string<br/>        always_bypass = optional(bool)<br/>      })))<br/>      teams = optional(list(object({<br/>        team          = string<br/>        always_bypass = optional(bool)<br/>      })))<br/>      integrations = optional(list(object({<br/>        installation_id = number<br/>        always_bypass   = optional(bool)<br/>      })))<br/>      organization_admins = optional(list(object({<br/>        user          = string<br/>        always_bypass = optional(bool)<br/>      })))<br/>    }))<br/>    conditions = optional(object({<br/>      ref_name = object({<br/>        include = list(string)<br/>        exclude = list(string)<br/>      })<br/>    }))<br/>    rules = object({<br/>      branch_name_pattern = optional(object({<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string)<br/>        negate   = optional(bool)<br/>      }))<br/>      tag_name_pattern = optional(object({<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string)<br/>        negate   = optional(bool)<br/>      }))<br/>      commit_author_email_pattern = optional(object({<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string)<br/>        negate   = optional(bool)<br/>      }))<br/>      commit_message_pattern = optional(object({<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string)<br/>        negate   = optional(bool)<br/>      }))<br/>      committer_email_pattern = optional(object({<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string)<br/>        negate   = optional(bool)<br/>      }))<br/>      creation                      = optional(bool)<br/>      deletion                      = optional(bool)<br/>      update                        = optional(bool)<br/>      non_fast_forward              = optional(bool)<br/>      required_linear_history       = optional(bool)<br/>      required_signatures           = optional(bool)<br/>      update_allows_fetch_and_merge = optional(bool)<br/>      pull_request = optional(object({<br/>        dismiss_stale_reviews_on_push     = optional(bool)<br/>        require_code_owner_review         = optional(bool)<br/>        require_last_push_approval        = optional(bool)<br/>        required_approving_review_count   = optional(number)<br/>        required_review_thread_resolution = optional(bool)<br/>      }))<br/>      required_status_checks = optional(object({<br/>        required_check = list(object({<br/>          context        = string<br/>          integration_id = optional(number)<br/>        }))<br/>        strict_required_status_check_policy = optional(bool)<br/>      }))<br/>      required_deployment_environments = optional(list(string))<br/>    })<br/>    target      = string<br/>    enforcement = string<br/>  }))</pre> | `{}` | no |
+| <a name="input_squash_merge_commit_message"></a> [squash\_merge\_commit\_message](#input\_squash\_merge\_commit\_message) | (Optional) Can be `PR_BODY`, `COMMIT_MESSAGES`, or `BLANK` for a default squash merge commit message. Applicable only if allow\_squash\_merge is `true`. | `string` | `"PR_BODY"` | no |
+| <a name="input_squash_merge_commit_title"></a> [squash\_merge\_commit\_title](#input\_squash\_merge\_commit\_title) | (Optional) Can be `PR_TITLE` or `COMMIT_OR_PR_TITLE` for a default squash merge commit title. Applicable only if allow\_squash\_merge is `true`. | `string` | `"PR_TITLE"` | no |
+| <a name="input_template_repository"></a> [template\_repository](#input\_template\_repository) | A (Optional) list of template repositories to use for the repository | <pre>object({<br/>    owner                = string<br/>    repository           = string<br/>    include_all_branches = bool<br/>  })</pre> | `null` | no |
+| <a name="input_topics"></a> [topics](#input\_topics) | The topics to apply to the repository | `list(string)` | `[]` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_id"></a> [id](#output\_id) | The ID of the repository |
diff --git a/modules/internal_repository/outputs.tf b/modules/internal_repository/outputs.tf
@@ -0,0 +1,4 @@
+output "id" {
+  value       = module.repository_base.id
+  description = "The ID of the repository"
+}
diff --git a/modules/internal_repository/repository.tf b/modules/internal_repository/repository.tf
@@ -0,0 +1,48 @@
+module "repository_base" {
+  source = "../repository_base"
+
+  name            = var.name
+  description     = var.description
+  homepage        = var.homepage
+  topics          = var.topics
+  visibility      = "internal"
+  has_downloads   = false
+  has_issues      = true
+  has_projects    = true
+  has_wiki        = true
+  has_discussions = true
+
+  repository_team_permissions = var.repository_team_permissions
+  repository_user_permissions = var.repository_user_permissions
+
+  default_branch              = var.default_branch
+  protected_branches          = var.protected_branches
+  delete_head_on_merge        = var.delete_head_on_merge
+  allow_auto_merge            = var.allow_auto_merge
+  allow_merge_commit          = var.allow_merge_commit
+  allow_rebase_merge          = var.allow_rebase_merge
+  allow_squash_merge          = var.allow_squash_merge
+  squash_merge_commit_message = var.squash_merge_commit_message
+  squash_merge_commit_title   = var.squash_merge_commit_title
+  merge_commit_message        = var.merge_commit_message
+  merge_commit_title          = var.merge_commit_title
+  requires_web_commit_signing = var.requires_web_commit_signing
+  pages                       = var.pages
+
+  secret_scanning             = true
+  secret_scanning_on_push     = true
+  has_vulnerability_alerts    = true
+  advance_security            = var.advance_security
+  dependabot_security_updates = var.dependabot_security_updates
+
+  codespace_secrets  = var.codespace_secrets
+  dependabot_secrets = var.dependabot_secrets
+  action_secrets     = var.action_secrets
+
+  environments = var.environments
+
+  template_repository = var.template_repository
+  license_template    = var.license_template
+
+  rulesets = var.rulesets
+}
diff --git a/modules/internal_repository/repository.tftest.hcl b/modules/internal_repository/repository.tftest.hcl
@@ -0,0 +1,65 @@
+mock_provider "github" {}
+
+variables {
+  name                        = "github-foundations-modules"
+  description                 = "A collection of terraform modules used in the Github Foundations framework."
+  visibility                  = "internal"
+  has_downloads               = true
+  has_issues                  = true
+  has_projects                = true
+  has_wiki                    = true
+  has_discussions             = true
+  has_vulnerability_alerts    = true
+  topics                      = ["terraform", "github", "foundations"]
+  homepage                    = "myhomepage"
+  delete_head_on_merge        = false
+  allow_auto_merge            = true
+  allow_squash_merge          = false
+  squash_merge_commit_message = "COMMIT_MESSAGES"
+  squash_merge_commit_title   = "COMMIT_OR_PR_TITLE"
+  allow_merge_commit          = false
+  merge_commit_message        = "PR_BODY"
+  merge_commit_title          = "PR_TITLE"
+  allow_rebase_merge          = true
+  requires_web_commit_signing = false
+  license_template            = "mit"
+  dependabot_security_updates = true
+  advance_security            = true
+  secret_scanning             = true
+  secret_scanning_on_push     = true
+
+  default_branch     = "main"
+  protected_branches = ["main", "develop"]
+
+  template_repository = {
+    owner                = "owner"
+    repository           = "template_repository"
+    include_all_branches = true
+  }
+
+  pages = {
+    source = {
+      branch = "main"
+      path   = "path"
+    }
+    cname = "cname"
+  }
+
+  repository_team_permissions = {
+    "repo_team1" = "push"
+    "repo_team2" = "admin"
+  }
+  repository_user_permissions = {
+    "user1" = "push"
+    "user2" = "admin"
+  }
+}
+
+run "create_test" {
+  command = apply
+
+  assert {
+    condition     = module.repository_base.id != null
+    error_message = "The repository was not created"
+  }
+}