feat:check and output invalid users (#133)

Author: cunla

.github/workflows/apply.yml

@@ -6,6 +6,7 @@ on:
       - main
     paths:
       - 'terraform/production/*.tfvars'
+      - 'terraform/*.tf'
 
 concurrency:
   group: terraform-actions

.github/workflows/plan.yml

@@ -5,6 +5,7 @@ on:
       - main
     paths:
       - 'terraform/production/*.tfvars'
+      - 'terraform/*.tf'
 
 concurrency:
   group: terraform-actions

terraform/README.md

@@ -51,7 +51,6 @@ All changes should be made in `production/*.tfvars`:
         topics = []
         visibility = "public" # optional, default is "public"
         is_django_commons_repo = optional(bool, false) # Do not create teams for repository
-        enable_branch_protection = true # optional, default is true
         required_status_checks_contexts = [] # optional, default is []
         admins = [] # Members of the repository's admin and repository teams. Have admin permissions
         committers = [] # Members of the repository's committers and repository teams. Have write permissions

terraform/locals.tf

@@ -3,21 +3,6 @@
 
 locals {
 
-  admins = {
-    for user in var.admins : user => "admin"
-  }
-
-  branch_protections = {
-    for repository_key, repository in var.repositories : repository_key => repository
-    if repository.enable_branch_protection
-  }
-
-  members = {
-    for user in var.members : user => "member"
-  }
-
-  users = merge(local.admins, local.members)
-
   project_repositories = {
     for repository_key, repository in var.repositories : repository_key => repository
     if !repository.is_django_commons_repo

terraform/production/repositories.tfvars

@@ -2,23 +2,21 @@
 repositories = {
 
   ".github" = {
-    description              = "A Special Repository."
-    enable_branch_protection = false
+    description = "A Special Repository."
 
     topics                 = []
     push_allowances        = []
     is_django_commons_repo = true
   }
 
   "controls" = {
-    description              = "The controls for managing Django Commons projects"
-    enable_branch_protection = false
-    allow_merge_commit       = true
-    allow_rebase_merge       = true
-    allow_squash_merge       = true
-    topics                   = []
-    push_allowances          = []
-    is_django_commons_repo   = true
+    description            = "The controls for managing Django Commons projects"
+    allow_merge_commit     = true
+    allow_rebase_merge     = true
+    allow_squash_merge     = true
+    topics                 = []
+    push_allowances        = []
+    is_django_commons_repo = true
   }
 
   "membership" = {
@@ -162,7 +160,6 @@ repositories = {
       "tailwindcss",
     ]
     visibility                      = "public"
-    enable_branch_protection        = true
     required_status_checks_contexts = []
     admins = [
       "oliverandrich",

terraform/resources-org.tf

@@ -1,5 +1,19 @@
 # GitHub Membership Resource
 # https://registry.terraform.io/providers/integrations/github/latest/docs/resources/membership
+data "github_users" "users" {
+  usernames = setunion(var.admins, var.members)
+}
+
+output "invalid_users" {
+  value = data.github_users.users.unknown_logins
+}
+
+locals {
+  users = merge(
+    { for user in var.admins : user => "admin" if contains(data.github_users.users.logins, user) },
+    { for user in var.members : user => "member" if contains(data.github_users.users.logins, user) }
+  )
+}
 
 resource "github_membership" "this" {
   for_each = local.users

terraform/variables.tf

@@ -33,7 +33,6 @@ variable "repositories" {
     homepage_url                    = optional(string, "")
     has_wiki                        = optional(bool, false)
     push_allowances                 = optional(list(string), [])
-    enable_branch_protection        = optional(bool, true)
     required_status_checks_contexts = optional(list(string), [])
     is_template                     = optional(bool, false) # Is the repository a template repository
     topics                          = optional(list(string))