Skip to content

Latest commit

 

History

History
103 lines (71 loc) · 5.14 KB

ReadMe.md

File metadata and controls

103 lines (71 loc) · 5.14 KB
Raw

GitHub Repository Rules

This repository contains code to manage GitHub repository branch protection rules for HMCTS.

Overview

This Terraform configuration automates the process of setting up rule sets at the organisation level.

Repository Type Count
Production Repositories 311
Development Repositories 0

Getting Started

Prerequisites

  • Terraform (version 1.5.7 or later)
  • Oauth or PAT Token with appropriate permissions.

What This Does

  • Reads a list of repositories from production-repos.json
  • Creates a ruleset at the organisation level, this applies standardisation across all repositories.
  • Creates custom properties for repositories, such as marking repositories as "is_production."
  • A good note to make is that you do not have to update this codebase as it will pull any new production repositories from the URL's provided and update itself at midnight.
  • If you want to you can add repositories in yourself by raising a PR from main, add your repositories to the production-repos.json. Then merge the PR once ready.

Maintenance

To add or remove repositories follow the below:

  1. Open a fresh PR from the master branch ensuring you have pulled down recent changes to the master branch.
  2. Applies standardised rule sets to repositories listed in the production-repos.json file, ensuring consistent management and configuration across all repositories.
  3. Create a PR and allow the GH Actions pipeline to run a Terraform Plan to confirm changes are accepted.
  4. Once the plan is good, you can merge your PR into main branch and the pipeline will trigger an apply.
  5. Once applied delete your branch.

Troubleshooting

  • Check your Terraform version and ensure there are no underlying bugs with the provider versions.
  • Ensure you have formatted your repository name correctly as it may not pick it up properly.

Terraform documentation

Requirements

Name Version
terraform >= 1.5.7
github ~> 6.0

Providers

Name Version
azurerm n/a
github ~> 6.0
local n/a

Modules

Name Source Version
tags git::https://github.com/hmcts/terraform-module-common-tags.git master

Resources

Name Type
azurerm_resource_group.rg resource
azurerm_storage_account.sa resource
azurerm_storage_container.tfstate resource
github_organization_ruleset.default_ruleset resource
github_team.admin data source
local_file.repos_json data source

Inputs

Name Description Type Default Required
builtFrom Information about the build source or version string "https://github.com/hmcts/github-repository-rules" no
env The environment for the deployment (e.g., dev, staging, prod) string "dev" no
location The location for the resources string "UK South" no
oauth_token OAUTH token to use for authentication. string n/a yes
override_action The action to override string "plan" no
product The product name or identifier string "sds-platform" no
resource_group_name The name of the resource group string "rule-set-rg" no
storage_account_name The name of the storage account string "rulesetsa" no

Outputs

Name Description
common_tags n/a