From 9009fa6223a6703234e1cbec9f269761716e7576 Mon Sep 17 00:00:00 2001 From: Elior Erez Date: Thu, 18 Jun 2026 09:14:31 -0400 Subject: [PATCH] OSAC-1568: Add e2e-test GitHub environment to osac-test-infra Add environment support to the common_repository module and create an e2e-test environment on osac-test-infra. This environment will be used by e2e workflows to authenticate to Vault via GitHub OIDC and retrieve test secrets. --- modules/common_repository/main.tf | 28 ++++++++++++++++++++++++++ modules/common_repository/variables.tf | 26 ++++++++++++++++++++++++ repositories.tf | 1 + 3 files changed, 55 insertions(+) diff --git a/modules/common_repository/main.tf b/modules/common_repository/main.tf index ae6c0ca..fa0f0b1 100644 --- a/modules/common_repository/main.tf +++ b/modules/common_repository/main.tf @@ -105,6 +105,34 @@ resource "github_branch_protection" "repo_protection" { depends_on = [github_repository.repo, github_repository_collaborators.repo_collaborators] } +resource "github_repository_environment" "env" { + for_each = { + for env in var.environments : + env.name => env + } + + repository = var.name + environment = each.value.name + + dynamic "reviewers" { + for_each = each.value.reviewers != null ? [each.value.reviewers] : [] + content { + teams = reviewers.value.teams + users = reviewers.value.users + } + } + + dynamic "deployment_branch_policy" { + for_each = each.value.deployment_branch_policy != null ? [each.value.deployment_branch_policy] : [] + content { + protected_branches = deployment_branch_policy.value.protected_branches + custom_branch_policies = deployment_branch_policy.value.custom_branch_policies + } + } + + depends_on = [github_repository.repo] +} + resource "github_repository_collaborators" "repo_collaborators" { repository = var.name diff --git a/modules/common_repository/variables.tf b/modules/common_repository/variables.tf index f5c855a..4512a3a 100644 --- a/modules/common_repository/variables.tf +++ b/modules/common_repository/variables.tf @@ -149,6 +149,32 @@ variable "allow_rebase_merge" { default = true } +variable "environments" { + description = "GitHub environments to create for this repository" + type = list(object({ + name = string + reviewers = optional(object({ + teams = optional(list(string), []) + users = optional(list(string), []) + })) + deployment_branch_policy = optional(object({ + protected_branches = optional(bool, true) + custom_branch_policies = optional(bool, false) + })) + })) + default = [] + + validation { + condition = alltrue([for env in var.environments : trimspace(env.name) != ""]) + error_message = "All environment names must be non-empty strings." + } + + validation { + condition = length(distinct([for env in var.environments : env.name])) == length(var.environments) + error_message = "Environment names must be unique; duplicates would cause a for_each key collision." + } +} + variable "all_members_permission" { description = "Permission for all organization members" type = string diff --git a/repositories.tf b/repositories.tf index 26c701d..44c0ca4 100644 --- a/repositories.tf +++ b/repositories.tf @@ -245,6 +245,7 @@ module "repo_osac_test_infra" { "ci/prow/temp" ] push_allowances = ["/openshift-merge-robot", "osac-project/wg-infra", "osac-project/org-admins"] + environments = [{ name = "e2e-test" }] } module "repo_massopencloud_templates" {