feat: split repo owners

GoogleCloudPlatform · Dec 26, 2024 · 3956227 · 3956227
1 parent c1f3ebb
commit 3956227
Show file tree

Hide file tree

Showing 7 changed files with 125 additions and 98 deletions.
diff --git a/infra/terraform/modules/codeowners_file/main.tf b/infra/terraform/modules/codeowners_file/main.tf
@@ -17,7 +17,7 @@
 locals {
   commit_author = "CFT Bot"
   commit_email  = "[email protected]"
-  owners        = { for value in var.repos_map : value.name => "${join(" ", formatlist("@%s", value.owners))} " if length(value.owners) > 0 }
+  owners        = { for value in var.repos_map : value.name => "${join(" ", formatlist("@%s", concat(value.admins, value.maintainers)))} " if concat(value.admins, value.maintainers) > 0 }
   groups        = { for value in var.repos_map : value.name => "${join(" ", formatlist("@${value.org}/%s", value.groups))} " if length(value.groups) > 0 }
   header        = "# NOTE: This file is automatically generated from values at:\n# https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/master/infra/terraform/test-org/org/locals.tf\n"
   footer_prefix = "# NOTE: GitHub CODEOWNERS locations:\n# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-and-branch-protection\n"

diff --git a/infra/terraform/modules/codeowners_file/variables.tf b/infra/terraform/modules/codeowners_file/variables.tf
@@ -1,5 +1,5 @@
 /**
- * Copyright 2022-2023 Google LLC
+ * Copyright 2022-2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -32,10 +32,11 @@ variable "owner" {
 variable "repos_map" {
   description = "Map of Repos"
   type = map(object({
-    name   = string
-    org    = string
-    owners = optional(list(string), [])
-    groups = optional(list(string), [])
+    name        = string
+    org         = string
+    admins      = optional(list(string), [])
+    maintainers = optional(list(string), [])
+    groups      = optional(list(string), [])
   }))
 }
 

diff --git a/infra/terraform/modules/repositories/main.tf b/infra/terraform/modules/repositories/main.tf
@@ -1,5 +1,5 @@
 /**
- * Copyright 2022-2023 Google LLC
+ * Copyright 2022-2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,11 +15,20 @@
  */
 
 locals {
-  owners = flatten([
+  admins = flatten([
     for repo, val in var.repos_map : [
-      for owner in val.owners : {
+      for admin in val.admins : {
         "repo" : repo
-        "owner" : owner
+        "admin" : admin
+      }
+    ]
+  ])
+
+  maintainers = flatten([
+    for repo, val in var.repos_map : [
+      for maintainer in val.maintainers : {
+        "repo" : repo
+        "maintainer" : maintainer
       }
     ]
   ])
@@ -79,13 +88,27 @@ resource "github_repository_collaborator" "cftbot" {
   permission = "admin"
 }
 
-resource "github_repository_collaborator" "owners" {
+resource "github_repository_collaborator" "admins" {
   for_each = {
-    for v in local.owners : "${v.repo}/${v.owner}" => v
+    for v in local.admins : "${v.repo}/${v.admin}" => v
   }
   repository = each.value.repo
-  username   = each.value.owner
-  permission = "admin"
+  username   = each.value.admin
+  permission = "maintain"
+}
+
+moved {
+  from = github_repository_collaborator.owners
+  to   = github_repository_collaborator.maintainers
+}
+
+resource "github_repository_collaborator" "maintainers" {
+  for_each = {
+    for v in local.maintainers : "${v.repo}/${v.maintainer}" => v
+  }
+  repository = each.value.repo
+  username   = each.value.maintainer
+  permission = "write"
 }
 
 resource "github_team_repository" "groups" {
@@ -94,7 +117,7 @@ resource "github_team_repository" "groups" {
   }
   repository = each.value.repo
   team_id    = each.value.group
-  permission = "admin"
+  permission = "write"
 }
 
 resource "github_team_repository" "ci_teams" {

diff --git a/infra/terraform/modules/repositories/variables.tf b/infra/terraform/modules/repositories/variables.tf
@@ -1,5 +1,5 @@
 /**
- * Copyright 2022 Google LLC
+ * Copyright 2022-2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,7 +25,8 @@ variable "repos_map" {
     short_name   = optional(string)
     org          = string
     description  = optional(string)
-    owners       = optional(list(string), [])
+    admins       = optional(list(string), [])
+    maintainers  = optional(list(string), [])
     homepage_url = optional(string, null)
     module       = optional(bool, true)
     topics       = optional(string)

diff --git a/infra/terraform/test-org/org/github.tf b/infra/terraform/test-org/org/github.tf
@@ -1,5 +1,5 @@
 /**
- * Copyright 2023 Google LLC
+ * Copyright 2023-2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,7 +18,7 @@ provider "github" {}
 locals {
   owners = distinct(
     flatten(
-      [for repo, val in local.repos : [for owner in val.owners : lower(owner)] if try(val.owners != null, false)]
+      [for repo, val in local.repos : [for owner in concat(val.admins, val.maintainers) : lower(owner)] if try(val.admins != null || val.maintainers != null, false)]
     )
   )