Atlantis support (#1)

Author: zarsky-broad

bard.tf

@@ -1,41 +1,42 @@
 module "bard-repo" {
-  source = "./defaults/github"
+  source       = "./defaults/github"
+  github_token = var.github_token
 
   repo_name        = "bard"
   repo_description = "Metrics collection service"
 }
 
 module "bard-dev" {
-  source = "./defaults/gcp"
-
-  google_project    = "terra-bard-dev"
-  requires_suitable = false
+  source             = "./defaults/gcp"
+  google_credentials = var.google_credentials
+  google_project     = "terra-bard-dev"
+  requires_suitable  = false
 }
 
 module "bard-alpha" {
-  source = "./defaults/gcp"
-
-  google_project    = "terra-bard-alpha"
-  requires_suitable = false
+  source             = "./defaults/gcp"
+  google_credentials = var.google_credentials
+  google_project     = "terra-bard-alpha"
+  requires_suitable  = false
 }
 
 module "bard-perf" {
-  source = "./defaults/gcp"
-
-  google_project    = "terra-bard-perf"
-  requires_suitable = false
+  source             = "./defaults/gcp"
+  google_credentials = var.google_credentials
+  google_project     = "terra-bard-perf"
+  requires_suitable  = false
 }
 
 module "bard-staging" {
-  source = "./defaults/gcp"
-
-  google_project    = "terra-bard-staging"
-  requires_suitable = false
+  source             = "./defaults/gcp"
+  google_credentials = var.google_credentials
+  google_project     = "terra-bard-staging"
+  requires_suitable  = false
 }
 
 module "bard-prod" {
-  source = "./defaults/gcp"
-
-  google_project    = "terra-bard-prod"
-  requires_suitable = true
+  source             = "./defaults/gcp"
+  google_credentials = var.google_credentials
+  google_project     = "terra-bard-prod"
+  requires_suitable  = true
 }

calhoun.tf

@@ -1,42 +1,43 @@
 module "calhoun-repo" {
-  source = "./defaults/github"
+  source       = "./defaults/github"
+  github_token = var.github_token
 
   repo_name                      = "calhoun"
   repo_description               = "Notebook preview service"
   require_circle_build_for_merge = false
 }
 
 module "calhoun-dev" {
-  source = "./defaults/gcp"
-
-  google_project    = "terra-calhoun-dev"
-  requires_suitable = false
+  source             = "./defaults/gcp"
+  google_credentials = var.google_credentials
+  google_project     = "terra-calhoun-dev"
+  requires_suitable  = false
 }
 
 module "calhoun-alpha" {
-  source = "./defaults/gcp"
-
-  google_project    = "terra-calhoun-alpha"
-  requires_suitable = false
+  source             = "./defaults/gcp"
+  google_credentials = var.google_credentials
+  google_project     = "terra-calhoun-alpha"
+  requires_suitable  = false
 }
 
 module "calhoun-perf" {
-  source = "./defaults/gcp"
-
-  google_project    = "terra-calhoun-perf"
-  requires_suitable = false
+  source             = "./defaults/gcp"
+  google_credentials = var.google_credentials
+  google_project     = "terra-calhoun-perf"
+  requires_suitable  = false
 }
 
 module "calhoun-staging" {
-  source = "./defaults/gcp"
-
-  google_project    = "terra-calhoun-staging"
-  requires_suitable = false
+  source             = "./defaults/gcp"
+  google_credentials = var.google_credentials
+  google_project     = "terra-calhoun-staging"
+  requires_suitable  = false
 }
 
 module "calhoun-prod" {
-  source = "./defaults/gcp"
-
-  google_project    = "terra-calhoun-prod"
-  requires_suitable = true
+  source             = "./defaults/gcp"
+  google_credentials = var.google_credentials
+  google_project     = "terra-calhoun-prod"
+  requires_suitable  = true
 }

defaults/gcp/gcp.tf

@@ -10,14 +10,13 @@ locals {
 
 ##### SETUP
 
-# billing account?
 provider "google" {
   version = "~> 3.20"
 
   project = var.google_project
   region  = "us-central"
 
-  credentials = file("${var.google_project}-key.json")
+  credentials = var.google_credentials
 }
 
 ##### ENABLE APIS
@@ -30,7 +29,7 @@ resource "google_project_service" "iam_api" {
 
 resource "google_service_account" "circleci" {
   account_id   = "circleci"
-  display_name = "CircleCi"
+  display_name = "CircleCI"
 }
 
 ##### ROLE ASSIGNMENTS

defaults/gcp/variables.tf

@@ -5,3 +5,7 @@ variable "google_project" {
 variable "requires_suitable" {
   type = bool
 }
+
+variable "google_credentials" {
+  type = string
+}

defaults/github/github.tf

@@ -1,36 +1,42 @@
 provider "github" {
   version = "~> 2.7"
 
+  token        = var.github_token
   organization = "DataBiosphere"
-  token        = ""
 }
 
-module "repository" {
-  source  = "innovationnorway/repository/github"
-  version = "~> 2.1"
-
+resource "github_repository" "main" {
   name           = var.repo_name
   description    = var.repo_description
   default_branch = "dev"
 
-  allow_merge_commit = false
-  allow_rebase_merge = false
-  allow_squash_merge = true
-
-  branch_protection = [{
-    branch = "dev"
-
-    enforce_admins         = true
-    required_status_checks = {
-      contexts = var.require_circle_build_for_merge ? ["ci/circleci: build"] : []
-    }
-  }]
+  allow_merge_commit     = false
+  allow_rebase_merge     = false
+  allow_squash_merge     = true
+  delete_branch_on_merge = true
 
   has_issues   = false
   has_projects = false
+  has_wiki     = var.has_wiki
+}
+
+resource "github_branch_protection" "dev_protections" {
+  repository = github_repository.main.name
+  branch     = "dev"
+
+  enforce_admins = true
+  required_status_checks {
+    contexts = var.require_circle_build_for_merge ? ["ci/circleci: build"] : []
+  }
+}
+
+
+data "github_team" "codeowner_team" {
+  slug = var.codeowner_team
+}
 
-  teams = [{
-    name       = var.codeowner_team
-    permission = "push"
-  }]
+resource "github_team_repository" "codeowner_permission" {
+  team_id    = data.github_team.codeowner_team.id
+  repository = github_repository.main.name
+  permission = "push"
 }

defaults/github/variables.tf

@@ -11,7 +11,16 @@ variable "require_circle_build_for_merge" {
   default = true
 }
 
+variable "has_wiki" {
+  type    = bool
+  default = false
+}
+
 variable "codeowner_team" {
   type    = string
   default = "terra-devs"
 }
+
+variable "github_token" {
+  type = string
+}

lyle.tf

@@ -1,13 +1,14 @@
 module "lyle-repo" {
-  source = "./defaults/github"
+  source       = "./defaults/github"
+  github_token = var.github_token
 
-  repo_name                      = "lyle"
-  repo_description               = "Test user allocation service"
+  repo_name        = "lyle"
+  repo_description = "Test user allocation service"
 }
 
 module "lyle-service" {
-  source = "./defaults/gcp"
-
-  google_project    = "terra-lyle"
-  requires_suitable = false
+  source             = "./defaults/gcp"
+  google_credentials = var.google_credentials
+  google_project     = "terra-lyle"
+  requires_suitable  = false
 }

rex.tf

@@ -1,41 +1,42 @@
 module "rex-repo" {
-  source = "./defaults/github"
+  source       = "./defaults/github"
+  github_token = var.github_token
 
-  repo_name                      = "rex"
-  repo_description               = "Survey response service"
+  repo_name        = "rex"
+  repo_description = "Survey response service"
 }
 
 module "rex-dev" {
-  source = "./defaults/gcp"
-
-  google_project    = "terra-rex-dev"
-  requires_suitable = false
+  source             = "./defaults/gcp"
+  google_credentials = var.google_credentials
+  google_project     = "terra-rex-dev"
+  requires_suitable  = false
 }
 
 module "rex-alpha" {
-  source = "./defaults/gcp"
-
-  google_project    = "terra-rex-alpha"
-  requires_suitable = false
+  source             = "./defaults/gcp"
+  google_credentials = var.google_credentials
+  google_project     = "terra-rex-alpha"
+  requires_suitable  = false
 }
 
 module "rex-perf" {
-  source = "./defaults/gcp"
-
-  google_project    = "terra-rex-perf"
-  requires_suitable = false
+  source             = "./defaults/gcp"
+  google_credentials = var.google_credentials
+  google_project     = "terra-rex-perf"
+  requires_suitable  = false
 }
 
 module "rex-staging" {
-  source = "./defaults/gcp"
-
-  google_project    = "terra-rex-staging"
-  requires_suitable = false
+  source             = "./defaults/gcp"
+  google_credentials = var.google_credentials
+  google_project     = "terra-rex-staging"
+  requires_suitable  = false
 }
 
 module "rex-prod" {
-  source = "./defaults/gcp"
-
-  google_project    = "terra-rex-prod"
-  requires_suitable = true
+  source             = "./defaults/gcp"
+  google_credentials = var.google_credentials
+  google_project     = "terra-rex-prod"
+  requires_suitable  = true
 }

saturn-ui-prod-deploy.tf

@@ -1,8 +1,9 @@
 module "saturn-ui-prod-deploy-repo" {
-  source = "./defaults/github"
+  source       = "./defaults/github"
+  github_token = var.github_token
 
   repo_name                      = "saturn-ui-prod-deploy"
   repo_description               = "Terra UI automated prod deploy service"
   require_circle_build_for_merge = false
-  codeowner_team                 = "SaturnDeployers"
+  codeowner_team                 = "saturndeployers"
 }