Support repository environments

This allows projects to do things like * require deployment reviews * Ensure deployments come from defined set of branches/tags Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
sigstore · Apr 16, 2024 · ee1d380 · ee1d380
1 parent 100eab7
commit ee1d380
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 0 deletions.
diff --git a/main.go b/main.go
@@ -5,6 +5,7 @@ import (
 	"log"
 	"os"
 	"path"
+	"strconv"
 	"strings"
 
 	github "github.com/pulumi/pulumi-github/sdk/v6/go/github"
@@ -157,6 +158,55 @@ func main() {
 				return err
 			}
 
+			for _, env := range repo.Environments {
+				var reviewerIDs []int
+				for _, username := range env.Reviewers {
+					user, err := github.GetUser(ctx, &github.GetUserArgs{Username: username})
+					if err != nil {
+						return err
+					}
+					userID, err := strconv.Atoi(user.Id)
+					if err != nil {
+						return err
+					}
+					reviewerIDs = append(reviewerIDs, userID)
+				}
+
+				pulumiEnv, err := github.NewRepositoryEnvironment(ctx, env.Name, &github.RepositoryEnvironmentArgs{
+					Environment:     pulumi.String(env.Name),
+					Repository:      newRepo.Name,
+					CanAdminsBypass: pulumi.Bool(env.CanAdminsBypass),
+					DeploymentBranchPolicy: &github.RepositoryEnvironmentDeploymentBranchPolicyArgs{
+						ProtectedBranches:    pulumi.Bool(env.ProtectedBranches),
+						CustomBranchPolicies: pulumi.Bool(env.CustomBranchPolicies),
+					},
+					PreventSelfReview: pulumi.Bool(env.PreventSelfReview),
+					Reviewers: github.RepositoryEnvironmentReviewerArray{
+						&github.RepositoryEnvironmentReviewerArgs{
+							Users: pulumi.ToIntArray(reviewerIDs),
+						},
+					},
+					WaitTimer: pulumi.Int(env.WaitTimer),
+				})
+				if err != nil {
+					return err
+				}
+
+				for _, policy := range env.DeploymentBranchPolicies {
+					_, err = github.NewRepositoryDeploymentBranchPolicy(ctx, policy.Name, &github.RepositoryDeploymentBranchPolicyArgs{
+						Repository:      newRepo.Name,
+						EnvironmentName: pulumi.String(env.Name),
+						Name:            pulumi.String(policy.Pattern),
+					}, pulumi.DependsOn([]pulumi.Resource{
+						pulumiEnv,
+					}))
+
+					if err != nil {
+						return err
+					}
+				}
+			}
+
 			_, err = github.NewBranchDefault(ctx, repo.Name, &github.BranchDefaultArgs{
 				Branch:     pulumi.String(repo.DefaultBranch),
 				Repository: pulumi.String(repo.Name),

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -25,6 +25,22 @@ type Team struct {
 	ParentTeamID int    `yaml:"parentTeamId"`
 }
 
+type DeploymentBranchPolicy struct {
+	Name    string `yaml:"name"`
+	Pattern string `yaml:"pattern"`
+}
+
+type Environment struct {
+	Name                     string                   `yaml:"name"`
+	CanAdminsBypass          bool                     `yaml:"canAdminsBypass"`
+	Reviewers                []string                 `yaml:"reviewers"`
+	PreventSelfReview        bool                     `yaml:"preventSelfReview"`
+	WaitTimer                int                      `yaml:"waitTimer"`
+	ProtectedBranches        bool                     `yaml:"protectedBranches"`
+	CustomBranchPolicies     bool                     `yaml:"protectedBranches"`
+	DeploymentBranchPolicies []DeploymentBranchPolicy `yaml:"deploymentBranchPolicies"`
+}
+
 type Repository struct {
 	AllowAutoMerge           bool               `yaml:"allowAutoMerge"`
 	AllowMergeCommit         bool               `yaml:"allowMergeCommit"`
@@ -33,6 +49,7 @@ type Repository struct {
 	Archived                 bool               `yaml:"archived"`
 	AutoInit                 bool               `yaml:"autoInit"`
 	DeleteBranchOnMerge      bool               `yaml:"deleteBranchOnMerge"`
+	Environments             []Environment      `yaml:"environments"`
 	HasDiscussions           bool               `yaml:"hasDiscussions"`
 	HasDownloads             bool               `yaml:"hasDownloads"`
 	HasIssues                bool               `yaml:"hasIssues"`