Merge pull request #106 from mineiros-io/require_conversation_resolution

mariux · web-flow · commit 1e4550928f88 · 2022-02-21T12:22:54.000+01:00
Add Setting require_conversation_resolution for Branch Protection
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.14.0]
+
+### Added
+
+- Add suport for `require_conversation_resolution` for Branch Protection (thanks to @0x46616c6b)
+
+### Changed
+
+- BREAKING: update to provider `~> 4.20` fixing an issue that was just supporting `v4.19.x`
+
 ## [0.13.0]
 
 ### Added
@@ -340,7 +350,8 @@ Please review plans and report regressions and issues asap so we can improve doc
 - This is the initial release of our GitHub Repository module with support for
   creating and managing GitHub Repositories for Organizations.
 
-[unreleased]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.13.0...HEAD
+[unreleased]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.14.0...HEAD
+[0.14.0]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.13.0...v0.14.0
 [0.13.0]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.12.0...v0.13.0
 [0.12.0]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.11.0...v0.12.0
 [0.11.0]: https://github.com/mineiros-io/terraform-github-repository/compare/v0.10.1...v0.11.0
diff --git a/README.md b/README.md
@@ -483,15 +483,15 @@ This is due to some terraform limitation and we will update the module once terr
 
 #### Branch Protections Configuration
 
-- [**`branch_protections_v3`**](#var-branch_protections_v3): *(Optional `list(branch_protection)`)*<a name="var-branch_protections_v3"></a>
+- [**`branch_protections_v3`**](#var-branch_protections_v3): *(Optional `list(branch_protection_v3)`)*<a name="var-branch_protections_v3"></a>
 
   This resource allows you to configure branch protection for repositories in your organization.
   When applied, the branch will be protected from forced pushes and deletion.
   Additional constraints, such as required status checks or restrictions on users and teams, can also be configured.
 
   Default is `[]`.
 
-  Each `branch_protection` object in the list accepts the following attributes:
+  Each `branch_protection_v3` object in the list accepts the following attributes:
 
   - [**`branch`**](#attr-branch_protections_v3-branch): *(**Required** `string`)*<a name="attr-branch_protections_v3-branch"></a>
 
@@ -503,6 +503,12 @@ This is due to some terraform limitation and we will update the module once terr
 
     Default is `false`.
 
+  - [**`require_conversation_resolution`**](#attr-branch_protections_v3-require_conversation_resolution): *(Optional `bool`)*<a name="attr-branch_protections_v3-require_conversation_resolution"></a>
+
+    Setting this to true requires all conversations to be resolved.
+
+    Default is `false`.
+
   - [**`require_signed_commits`**](#attr-branch_protections_v3-require_signed_commits): *(Optional `bool`)*<a name="attr-branch_protections_v3-require_signed_commits"></a>
 
     Setting this to true requires all commits to be signed with GPG.
@@ -592,113 +598,13 @@ This is due to some terraform limitation and we will update the module once terr
 
       Default is `[]`.
 
-- [**`branch_protections`**](#var-branch_protections): *(Optional `list(branch_protection)`)*<a name="var-branch_protections"></a>
+- [**`branch_protections`**](#var-branch_protections): *(Optional `list(branch_protection_v3)`)*<a name="var-branch_protections"></a>
 
   **_DEPRECATED_** To ensure compatibility with future versions of this module, please use `branch_protections_v3`.
-  This argument is ignored if `branch_protections_v3` is used.
+  This argument is ignored if `branch_protections_v3` is used. Please see `branch_protections_v3` for supported attributes.
 
   Default is `[]`.
 
-  Each `branch_protection` object in the list accepts the following attributes:
-
-  - [**`branch`**](#attr-branch_protections-branch): *(**Required** `string`)*<a name="attr-branch_protections-branch"></a>
-
-    The Git branch to protect.
-
-  - [**`enforce_admins`**](#attr-branch_protections-enforce_admins): *(Optional `bool`)*<a name="attr-branch_protections-enforce_admins"></a>
-
-    Setting this to true enforces status checks for repository administrators.
-
-    Default is `false`.
-
-  - [**`require_signed_commits`**](#attr-branch_protections-require_signed_commits): *(Optional `bool`)*<a name="attr-branch_protections-require_signed_commits"></a>
-
-    Setting this to true requires all commits to be signed with GPG.
-
-    Default is `false`.
-
-  - [**`required_status_checks`**](#attr-branch_protections-required_status_checks): *(Optional `object(required_status_checks)`)*<a name="attr-branch_protections-required_status_checks"></a>
-
-    Enforce restrictions for required status checks.
-    See Required Status Checks below for details.
-
-    Default is `{}`.
-
-    The `required_status_checks` object accepts the following attributes:
-
-    - [**`strict`**](#attr-branch_protections-required_status_checks-strict): *(Optional `bool`)*<a name="attr-branch_protections-required_status_checks-strict"></a>
-
-      Require branches to be up to date before merging.
-      Defaults is `false`.
-
-    - [**`contexts`**](#attr-branch_protections-required_status_checks-contexts): *(Optional `list(string)`)*<a name="attr-branch_protections-required_status_checks-contexts"></a>
-
-      The list of status checks to require in order to merge into this branch. If default is `[]` no status checks are required.
-
-      Default is `[]`.
-
-  - [**`required_pull_request_reviews`**](#attr-branch_protections-required_pull_request_reviews): *(Optional `object(required_pull_request_reviews)`)*<a name="attr-branch_protections-required_pull_request_reviews"></a>
-
-    Enforce restrictions for pull request reviews.
-
-    Default is `{}`.
-
-    The `required_pull_request_reviews` object accepts the following attributes:
-
-    - [**`dismiss_stale_reviews`**](#attr-branch_protections-required_pull_request_reviews-dismiss_stale_reviews): *(Optional `bool`)*<a name="attr-branch_protections-required_pull_request_reviews-dismiss_stale_reviews"></a>
-
-      Dismiss approved reviews automatically when a new commit is pushed.
-
-      Default is `true`.
-
-    - [**`dismissal_users`**](#attr-branch_protections-required_pull_request_reviews-dismissal_users): *(Optional `list(string)`)*<a name="attr-branch_protections-required_pull_request_reviews-dismissal_users"></a>
-
-      The list of user logins with dismissal access
-
-      Default is `[]`.
-
-    - [**`dismissal_teams`**](#attr-branch_protections-required_pull_request_reviews-dismissal_teams): *(Optional `list(string)`)*<a name="attr-branch_protections-required_pull_request_reviews-dismissal_teams"></a>
-
-      The list of team slugs with dismissal access.
-      Always use slug of the team, not its name.
-      Each team already has to have access to the repository.
-
-      Default is `[]`.
-
-    - [**`require_code_owner_reviews`**](#attr-branch_protections-required_pull_request_reviews-require_code_owner_reviews): *(Optional `bool`)*<a name="attr-branch_protections-required_pull_request_reviews-require_code_owner_reviews"></a>
-
-      Require an approved review in pull requests including files with a designated code owner.
-
-      Default is `false`.
-
-  - [**`restrictions`**](#attr-branch_protections-restrictions): *(Optional `object(restrictions)`)*<a name="attr-branch_protections-restrictions"></a>
-
-    Enforce restrictions for the users and teams that may push to the branch - only available for organization-owned repositories. See Restrictions below for details.
-
-    Default is `{}`.
-
-    The `restrictions` object accepts the following attributes:
-
-    - [**`users`**](#attr-branch_protections-restrictions-users): *(Optional `list(string)`)*<a name="attr-branch_protections-restrictions-users"></a>
-
-      The list of user logins with push access.
-
-      Default is `[]`.
-
-    - [**`teams`**](#attr-branch_protections-restrictions-teams): *(Optional `list(string)`)*<a name="attr-branch_protections-restrictions-teams"></a>
-
-      The list of team slugs with push access.
-      Always use slug of the team, not its name.
-      Each team already has to have access to the repository.
-
-      Default is `[]`.
-
-    - [**`apps`**](#attr-branch_protections-restrictions-apps): *(Optional `list(string)`)*<a name="attr-branch_protections-restrictions-apps"></a>
-
-      The list of app slugs with push access.
-
-      Default is `[]`.
-
 #### Issue Labels Configuration
 
 - [**`issue_labels`**](#var-issue_labels): *(Optional `list(issue_label)`)*<a name="var-issue_labels"></a>
diff --git a/README.tfdoc.hcl b/README.tfdoc.hcl
@@ -622,7 +622,7 @@ section {
         title = "Branch Protections Configuration"
 
         variable "branch_protections_v3" {
-          type        = list(branch_protection)
+          type        = list(branch_protection_v3)
           default     = []
           description = <<-END
             This resource allows you to configure branch protection for repositories in your organization.
@@ -646,6 +646,14 @@ section {
             END
           }
 
+          attribute "require_conversation_resolution" {
+            type        = bool
+            default     = false
+            description = <<-END
+              Setting this to true requires all conversations to be resolved.
+            END
+          }
+
           attribute "require_signed_commits" {
             type        = bool
             default     = false
@@ -757,137 +765,12 @@ section {
         }
 
         variable "branch_protections" {
-          type        = list(branch_protection)
+          type        = list(branch_protection_v3)
           default     = []
           description = <<-END
             **_DEPRECATED_** To ensure compatibility with future versions of this module, please use `branch_protections_v3`.
-            This argument is ignored if `branch_protections_v3` is used.
+            This argument is ignored if `branch_protections_v3` is used. Please see `branch_protections_v3` for supported attributes.
           END
-
-          attribute "branch" {
-            required    = true
-            type        = string
-            description = <<-END
-              The Git branch to protect.
-            END
-          }
-
-          attribute "enforce_admins" {
-            type        = bool
-            default     = false
-            description = <<-END
-              Setting this to true enforces status checks for repository administrators.
-            END
-          }
-
-          attribute "require_signed_commits" {
-            type        = bool
-            default     = false
-            description = <<-END
-              Setting this to true requires all commits to be signed with GPG.
-            END
-          }
-
-          attribute "required_status_checks" {
-            type        = object(required_status_checks)
-            default     = {}
-            description = <<-END
-              Enforce restrictions for required status checks.
-              See Required Status Checks below for details.
-            END
-
-            attribute "strict" {
-              type        = bool
-              description = <<-END
-                Require branches to be up to date before merging.
-                Defaults is `false`.
-              END
-            }
-
-            attribute "contexts" {
-              type        = list(string)
-              default     = []
-              description = <<-END
-                The list of status checks to require in order to merge into this branch. If default is `[]` no status checks are required.
-              END
-            }
-          }
-
-          attribute "required_pull_request_reviews" {
-            type        = object(required_pull_request_reviews)
-            default     = {}
-            description = <<-END
-              Enforce restrictions for pull request reviews.
-            END
-
-            attribute "dismiss_stale_reviews" {
-              type        = bool
-              default     = true
-              description = <<-END
-                Dismiss approved reviews automatically when a new commit is pushed.
-              END
-            }
-
-            attribute "dismissal_users" {
-              type        = list(string)
-              default     = []
-              description = <<-END
-                The list of user logins with dismissal access
-              END
-            }
-
-            attribute "dismissal_teams" {
-              type        = list(string)
-              default     = []
-              description = <<-END
-                The list of team slugs with dismissal access.
-                Always use slug of the team, not its name.
-                Each team already has to have access to the repository.
-              END
-            }
-
-            attribute "require_code_owner_reviews" {
-              type        = bool
-              default     = false
-              description = <<-END
-                Require an approved review in pull requests including files with a designated code owner.
-              END
-            }
-          }
-
-          attribute "restrictions" {
-            type        = object(restrictions)
-            default     = {}
-            description = <<-END
-              Enforce restrictions for the users and teams that may push to the branch - only available for organization-owned repositories. See Restrictions below for details.
-            END
-
-            attribute "users" {
-              type        = list(string)
-              default     = []
-              description = <<-END
-                The list of user logins with push access.
-              END
-            }
-
-            attribute "teams" {
-              type        = list(string)
-              default     = []
-              description = <<-END
-                The list of team slugs with push access.
-                Always use slug of the team, not its name.
-                Each team already has to have access to the repository.
-              END
-            }
-
-            attribute "apps" {
-              type        = list(string)
-              default     = []
-              description = <<-END
-                The list of app slugs with push access.
-              END
-            }
-          }
         }
       }
 
diff --git a/examples/public-repository/main.tf b/examples/public-repository/main.tf
@@ -49,9 +49,10 @@ module "repository" {
 
   branch_protections = [
     {
-      branch                 = "main"
-      enforce_admins         = true
-      require_signed_commits = true
+      branch                          = "main"
+      enforce_admins                  = true
+      require_conversation_resolution = true
+      require_signed_commits          = true
 
       required_status_checks = {
         strict   = true
diff --git a/main.tf b/main.tf
@@ -43,12 +43,13 @@ locals {
 locals {
   branch_protections = try([
     for b in local.branch_protections_v3 : merge({
-      branch                        = null
-      enforce_admins                = null
-      require_signed_commits        = null
-      required_status_checks        = {}
-      required_pull_request_reviews = {}
-      restrictions                  = {}
+      branch                          = null
+      enforce_admins                  = null
+      require_conversation_resolution = null
+      require_signed_commits          = null
+      required_status_checks          = {}
+      required_pull_request_reviews   = {}
+      restrictions                    = {}
     }, b)
   ], [])
 
@@ -171,10 +172,11 @@ resource "github_branch_protection_v3" "branch_protection" {
     github_team_repository.team_repository_by_slug
   ]
 
-  repository             = github_repository.repository.name
-  branch                 = local.branch_protections[count.index].branch
-  enforce_admins         = local.branch_protections[count.index].enforce_admins
-  require_signed_commits = local.branch_protections[count.index].require_signed_commits
+  repository                      = github_repository.repository.name
+  branch                          = local.branch_protections[count.index].branch
+  enforce_admins                  = local.branch_protections[count.index].enforce_admins
+  require_conversation_resolution = local.branch_protections[count.index].require_conversation_resolution
+  require_signed_commits          = local.branch_protections[count.index].require_signed_commits
 
   dynamic "required_status_checks" {
     for_each = local.required_status_checks[count.index]
diff --git a/test/unit-complete/main.tf b/test/unit-complete/main.tf
diff --git a/versions.tf b/versions.tf
