diff --git a/README.md b/README.md index cef3d80..31699df 100644 --- a/README.md +++ b/README.md @@ -101,14 +101,10 @@ Django Commons packages. with repo owner to transfer repo 7. Wait for repository transferred in 8. [Make Terraform changes to add new project](#terraform-changes-to-add-a-new-project) -9. [Configure environments](https://docs.github.com/en/actions/administering-github-actions/managing-environments-for-deployment#creating-an-environment) - pypi and testpypi in the repository to - enable [publishing packages via GitHub Actions](https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#) -10. For pypi environment, add Deployment protection rule with reviewers as [repo]-admins and enable "Allow - administrators to bypass configured protection rules" -11. Under Actions > General > "Fork pull request workflows from outside collaborators", set "Require approval for +9. Under Actions > General > "Fork pull request workflows from outside collaborators", set "Require approval for first-time contributors" -12. Set a calendar event or reminder for 30 days in the future to remove previous repository owner from team +10. Have the maintainer push a new tag and walk them through the release process +11. Set a calendar event or reminder for 30 days in the future to remove previous repository owner from team ### Terraform changes to add a new project @@ -190,4 +186,4 @@ The expected changes: The expected changes: - The repository will be removed from the organization. -- The repository's teams will be removed from the organization. \ No newline at end of file +- The repository's teams will be removed from the organization. diff --git a/terraform/production/repositories.tfvars b/terraform/production/repositories.tfvars index 74ea041..dd4a858 100644 --- a/terraform/production/repositories.tfvars +++ b/terraform/production/repositories.tfvars @@ -56,6 +56,7 @@ repositories = { description = "Schedule async tasks using redis pub/sub." homepage_url = "https://django-tasks-scheduler.readthedocs.io/" allow_merge_commit = true + admins = [ "cunla", ] diff --git a/terraform/resources-environments.tf b/terraform/resources-environments.tf new file mode 100644 index 0000000..e6824c6 --- /dev/null +++ b/terraform/resources-environments.tf @@ -0,0 +1,18 @@ +resource "github_repository_environment" "pypi" { + for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false } + + environment = "pypi" + repository = each.key + prevent_self_review = false + reviewers { + teams = [github_team.repo_admin_team[each.key].id] + } +} + +resource "github_repository_environment" "testpypi" { + for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false } + + environment = "testpypi" + repository = each.key + prevent_self_review = false +} \ No newline at end of file diff --git a/terraform/tfstate.json b/terraform/tfstate.json index 1b392f9..68a23fd 100644 --- a/terraform/tfstate.json +++ b/terraform/tfstate.json @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.9.5", - "serial": 188, + "serial": 192, "lineage": "425397de-8394-a003-8a6c-bce854d9cc53", "outputs": {}, "resources": [ @@ -688,6 +688,100 @@ } ] }, + { + "mode": "managed", + "type": "github_repository_environment", + "name": "pypi", + "provider": "provider[\"registry.terraform.io/integrations/github\"]", + "instances": [ + { + "index_key": "django-commons-playground", + "schema_version": 0, + "attributes": { + "can_admins_bypass": true, + "deployment_branch_policy": [], + "environment": "pypi", + "id": "django-commons-playground:pypi", + "prevent_self_review": false, + "repository": "django-commons-playground", + "reviewers": [ + { + "teams": [ + 9757650 + ], + "users": [] + } + ], + "wait_timer": 0 + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + }, + { + "index_key": "django-fsm-2", + "schema_version": 0, + "attributes": { + "can_admins_bypass": true, + "deployment_branch_policy": [], + "environment": "pypi", + "id": "django-fsm-2:pypi", + "prevent_self_review": false, + "repository": "django-fsm-2", + "reviewers": [ + { + "teams": [ + 10870432 + ], + "users": [] + } + ], + "wait_timer": 0 + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + } + ] + }, + { + "mode": "managed", + "type": "github_repository_environment", + "name": "testpypi", + "provider": "provider[\"registry.terraform.io/integrations/github\"]", + "instances": [ + { + "index_key": "django-commons-playground", + "schema_version": 0, + "attributes": { + "can_admins_bypass": true, + "deployment_branch_policy": [], + "environment": "testpypi", + "id": "django-commons-playground:testpypi", + "prevent_self_review": null, + "repository": "django-commons-playground", + "reviewers": [], + "wait_timer": 0 + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + }, + { + "index_key": "django-fsm-2", + "schema_version": 0, + "attributes": { + "can_admins_bypass": true, + "deployment_branch_policy": [], + "environment": "testpypi", + "id": "django-fsm-2:testpypi", + "prevent_self_review": null, + "repository": "django-fsm-2", + "reviewers": [], + "wait_timer": 0 + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + } + ] + }, { "mode": "managed", "type": "github_team",