From 84c6bd2189177d0f685121b3b35f2bccecc70b9e Mon Sep 17 00:00:00 2001 From: Sumner Warren Date: Wed, 20 Nov 2024 19:33:45 -0500 Subject: [PATCH] Add support for tag-based environment deployment branch policy (#2165) * Add Type field to DeploymentBranchPolicyRequest struct The Type field is only necessary when creating a deployment branch policy. When updating a deployment branch policy, the Type field is not needed and is therefore set to nil. Resources: - https://docs.github.com/en/rest/deployments/branch-policies?apiVersion=2022-11-28 * Change name of branch_pattern argument to pattern for github_repository_environment_deployment_policy resource * Add type argument to github_repository_environment_deployment_policy resource * Add tag-based test for github_repository_environment_deployment_policy * Revert "Add tag-based test for github_repository_environment_deployment_policy" This reverts commit 88b13690b22c6dd9e2decc258d3e235b03a6d5cc. * Revert "Add type argument to github_repository_environment_deployment_policy resource" This reverts commit a534219a8dd1d94bbf6afef403992d1b74118d63. * Revert "Change name of branch_pattern argument to pattern for github_repository_environment_deployment_policy resource" This reverts commit 029960b78e43d8f5f5a42d7be769e5e72cba2431. * Revert "Add Type field to DeploymentBranchPolicyRequest struct" This reverts commit af308a1dff2cd51fc29d95e886f3eb0c3a886546. * Add tag_pattern attribute to github_repository_environment_deployment_policy resource * Correct typo See https://github.com/integrations/terraform-provider-github/pull/2050#discussion_r1426991279. * Remove type parameter from deployment policy update * Add pattern assertions to existing tests * Fix pattern read to address existing tag policy test * Fix update to read the configured pattern * Force new resource when pattern type changes * Fix tests by ignoring vulnerability_alerts --------- Co-authored-by: Peter McEvoy Co-authored-by: Keegan Campbell Co-authored-by: Nick Floyd <139819+nickfloyd@users.noreply.github.com> --- ...hub_repository_deployment_branch_policy.go | 2 +- ...epository_environment_deployment_policy.go | 77 +- ...tory_environment_deployment_policy_test.go | 724 +++++++++++++++++- ...nvironment_deployment_policy.html.markdown | 49 +- 4 files changed, 834 insertions(+), 18 deletions(-) diff --git a/github/resource_github_repository_deployment_branch_policy.go b/github/resource_github_repository_deployment_branch_policy.go index 6957d63067..12cd03c9db 100644 --- a/github/resource_github_repository_deployment_branch_policy.go +++ b/github/resource_github_repository_deployment_branch_policy.go @@ -80,7 +80,7 @@ func resourceGithubRepositoryDeploymentBranchPolicyCreate(d *schema.ResourceData environmentName := d.Get("environment_name").(string) name := d.Get("name").(string) - policy, _, err := client.Repositories.CreateDeploymentBranchPolicy(ctx, owner, repoName, environmentName, &github.DeploymentBranchPolicyRequest{Name: &name}) + policy, _, err := client.Repositories.CreateDeploymentBranchPolicy(ctx, owner, repoName, environmentName, &github.DeploymentBranchPolicyRequest{Name: &name, Type: github.String("branch")}) if err != nil { return err } diff --git a/github/resource_github_repository_environment_deployment_policy.go b/github/resource_github_repository_environment_deployment_policy.go index c74d8ea9c5..bfe6f619df 100644 --- a/github/resource_github_repository_environment_deployment_policy.go +++ b/github/resource_github_repository_environment_deployment_policy.go @@ -2,6 +2,7 @@ package github import ( "context" + "fmt" "log" "net/http" "net/url" @@ -34,12 +35,21 @@ func resourceGithubRepositoryEnvironmentDeploymentPolicy() *schema.Resource { Description: "The name of the environment.", }, "branch_pattern": { - Type: schema.TypeString, - Required: true, - ForceNew: false, - Description: "The name pattern that branches must match in order to deploy to the environment.", + Type: schema.TypeString, + Optional: true, + ForceNew: false, + ConflictsWith: []string{"tag_pattern"}, + Description: "The name pattern that branches must match in order to deploy to the environment.", + }, + "tag_pattern": { + Type: schema.TypeString, + Optional: true, + ForceNew: false, + ConflictsWith: []string{"branch_pattern"}, + Description: "The name pattern that tags must match in order to deploy to the environment.", }, }, + CustomizeDiff: customDeploymentPolicyDiffFunction, } } @@ -51,11 +61,21 @@ func resourceGithubRepositoryEnvironmentDeploymentPolicyCreate(d *schema.Resourc owner := meta.(*Owner).name repoName := d.Get("repository").(string) envName := d.Get("environment").(string) - branchPattern := d.Get("branch_pattern").(string) escapedEnvName := url.PathEscape(envName) - createData := github.DeploymentBranchPolicyRequest{ - Name: github.String(branchPattern), + var createData github.DeploymentBranchPolicyRequest + if v, ok := d.GetOk("branch_pattern"); ok { + createData = github.DeploymentBranchPolicyRequest{ + Name: github.String(v.(string)), + Type: github.String("branch"), + } + } else if v, ok := d.GetOk("tag_pattern"); ok { + createData = github.DeploymentBranchPolicyRequest{ + Name: github.String(v.(string)), + Type: github.String("tag"), + } + } else { + return fmt.Errorf("exactly one of %q and %q must be specified", "branch_pattern", "tag_pattern") } resultKey, _, err := client.Repositories.CreateDeploymentBranchPolicy(ctx, owner, repoName, escapedEnvName, &createData) @@ -98,7 +118,11 @@ func resourceGithubRepositoryEnvironmentDeploymentPolicyRead(d *schema.ResourceD return err } - d.Set("branch_pattern", branchPolicy.GetName()) + if branchPolicy.GetType() == "branch" { + d.Set("branch_pattern", branchPolicy.GetName()) + } else { + d.Set("tag_pattern", branchPolicy.GetName()) + } return nil } @@ -110,6 +134,7 @@ func resourceGithubRepositoryEnvironmentDeploymentPolicyUpdate(d *schema.Resourc repoName := d.Get("repository").(string) envName := d.Get("environment").(string) branchPattern := d.Get("branch_pattern").(string) + tagPattern := d.Get("tag_pattern").(string) escapedEnvName := url.PathEscape(envName) _, _, branchPolicyIdString, err := parseThreePartID(d.Id(), "repository", "environment", "branchPolicyId") if err != nil { @@ -121,8 +146,13 @@ func resourceGithubRepositoryEnvironmentDeploymentPolicyUpdate(d *schema.Resourc return err } + pattern := branchPattern + if branchPattern == "" { + pattern = tagPattern + } + updateData := github.DeploymentBranchPolicyRequest{ - Name: github.String(branchPattern), + Name: github.String(pattern), } resultKey, _, err := client.Repositories.UpdateDeploymentBranchPolicy(ctx, owner, repoName, escapedEnvName, branchPolicyId, &updateData) @@ -155,3 +185,32 @@ func resourceGithubRepositoryEnvironmentDeploymentPolicyDelete(d *schema.Resourc return nil } + +func customDeploymentPolicyDiffFunction(_ context.Context, diff *schema.ResourceDiff, v interface{}) error { + oldBranchPattern, newBranchPattern := diff.GetChange("branch_pattern") + + if oldBranchPattern != "" && newBranchPattern == "" { + if err := diff.ForceNew("branch_pattern"); err != nil { + return err + } + } + if oldBranchPattern == "" && newBranchPattern != "" { + if err := diff.ForceNew("branch_pattern"); err != nil { + return err + } + } + + oldTagPattern, newTagPattern := diff.GetChange("tag_pattern") + if oldTagPattern != "" && newTagPattern == "" { + if err := diff.ForceNew("tag_pattern"); err != nil { + return err + } + } + if oldTagPattern == "" && newTagPattern != "" { + if err := diff.ForceNew("tag_pattern"); err != nil { + return err + } + } + + return nil +} diff --git a/github/resource_github_repository_environment_deployment_policy_test.go b/github/resource_github_repository_environment_deployment_policy_test.go index f1de1880f3..61d8554703 100644 --- a/github/resource_github_repository_environment_deployment_policy_test.go +++ b/github/resource_github_repository_environment_deployment_policy_test.go @@ -6,13 +6,14 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" ) -func TestAccGithubRepositoryEnvironmentDeploymentPolicy(t *testing.T) { +func TestAccGithubRepositoryEnvironmentDeploymentPolicyBranch(t *testing.T) { randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) - t.Run("creates a repository environment with deployment policy", func(t *testing.T) { + t.Run("creates a repository environment with branch-based deployment policy", func(t *testing.T) { config := fmt.Sprintf(` @@ -22,6 +23,7 @@ func TestAccGithubRepositoryEnvironmentDeploymentPolicy(t *testing.T) { resource "github_repository" "test" { name = "tf-acc-test-%s" + ignore_vulnerability_alerts_during_read = true } resource "github_repository_environment" "test" { @@ -58,6 +60,237 @@ func TestAccGithubRepositoryEnvironmentDeploymentPolicy(t *testing.T) { "github_repository_environment_deployment_policy.test", "branch_pattern", "releases/*", ), + resource.TestCheckNoResourceAttr( + "github_repository_environment_deployment_policy.test", "tag_pattern", + ), + ) + + testCase := func(t *testing.T, mode string) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, mode) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config, + Check: check, + }, + }, + }) + } + + t.Run("with an anonymous account", func(t *testing.T) { + t.Skip("anonymous account not supported for this operation") + }) + + t.Run("with an individual account", func(t *testing.T) { + testCase(t, individual) + }) + + t.Run("with an organization account", func(t *testing.T) { + testCase(t, organization) + }) + + }) +} + +func TestAccGithubRepositoryEnvironmentDeploymentPolicyBranchUpdate(t *testing.T) { + + randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) + + t.Run("updates the pattern for a branch-based deployment policy", func(t *testing.T) { + var deploymentPolicyId string + + config1 := fmt.Sprintf(` + + data "github_user" "current" { + username = "" + } + + resource "github_repository" "test" { + name = "tf-acc-test-%s" + ignore_vulnerability_alerts_during_read = true + } + + resource "github_repository_environment" "test" { + repository = github_repository.test.name + environment = "environment/test" + wait_timer = 10000 + reviewers { + users = [data.github_user.current.id] + } + deployment_branch_policy { + protected_branches = false + custom_branch_policies = true + } + } + + resource "github_repository_environment_deployment_policy" "test" { + repository = github_repository.test.name + environment = github_repository_environment.test.environment + branch_pattern = "main" + } + + `, randomID) + + check1 := resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "repository", + fmt.Sprintf("tf-acc-test-%s", randomID), + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "environment", + "environment/test", + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "branch_pattern", + "main", + ), + resource.TestCheckNoResourceAttr( + "github_repository_environment_deployment_policy.test", "tag_pattern", + ), + testDeploymentPolicyId("github_repository_environment_deployment_policy.test", &deploymentPolicyId), + ) + + config2 := fmt.Sprintf(` + + data "github_user" "current" { + username = "" + } + + resource "github_repository" "test" { + name = "tf-acc-test-%s" + ignore_vulnerability_alerts_during_read = true + } + + resource "github_repository_environment" "test" { + repository = github_repository.test.name + environment = "environment/test" + wait_timer = 10000 + reviewers { + users = [data.github_user.current.id] + } + deployment_branch_policy { + protected_branches = false + custom_branch_policies = true + } + } + + resource "github_repository_environment_deployment_policy" "test" { + repository = github_repository.test.name + environment = github_repository_environment.test.environment + branch_pattern = "release/*" + } + + `, randomID) + + check2 := resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "repository", + fmt.Sprintf("tf-acc-test-%s", randomID), + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "environment", + "environment/test", + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "branch_pattern", + "release/*", + ), + resource.TestCheckNoResourceAttr( + "github_repository_environment_deployment_policy.test", "tag_pattern", + ), + testSameDeploymentPolicyId( + "github_repository_environment_deployment_policy.test", + &deploymentPolicyId, + ), + ) + + testCase := func(t *testing.T, mode string) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, mode) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config1, + Check: check1, + }, + { + Config: config2, + Check: check2, + }, + }, + }) + } + + t.Run("with an anonymous account", func(t *testing.T) { + t.Skip("anonymous account not supported for this operation") + }) + + t.Run("with an individual account", func(t *testing.T) { + testCase(t, individual) + }) + + t.Run("with an organization account", func(t *testing.T) { + testCase(t, organization) + }) + + }) +} + +func TestAccGithubRepositoryEnvironmentDeploymentPolicyTag(t *testing.T) { + + randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) + + t.Run("creates a repository environment with tag-based deployment policy", func(t *testing.T) { + + config := fmt.Sprintf(` + + data "github_user" "current" { + username = "" + } + + resource "github_repository" "test" { + name = "tf-acc-test-%s" + ignore_vulnerability_alerts_during_read = true + } + + resource "github_repository_environment" "test" { + repository = github_repository.test.name + environment = "environment/test" + wait_timer = 10000 + reviewers { + users = [data.github_user.current.id] + } + deployment_branch_policy { + protected_branches = false + custom_branch_policies = true + } + } + + resource "github_repository_environment_deployment_policy" "test" { + repository = github_repository.test.name + environment = github_repository_environment.test.environment + tag_pattern = "v*" + } + + `, randomID) + + check := resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "repository", + fmt.Sprintf("tf-acc-test-%s", randomID), + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "environment", + "environment/test", + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "tag_pattern", + "v*", + ), + resource.TestCheckNoResourceAttr( + "github_repository_environment_deployment_policy.test", "branch_pattern", + ), ) testCase := func(t *testing.T, mode string) { @@ -87,3 +320,490 @@ func TestAccGithubRepositoryEnvironmentDeploymentPolicy(t *testing.T) { }) } + +func TestAccGithubRepositoryEnvironmentDeploymentPolicyTagUpdate(t *testing.T) { + + randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) + + t.Run("updates the pattern for a tag-based deployment policy", func(t *testing.T) { + var deploymentPolicyId string + + config1 := fmt.Sprintf(` + + data "github_user" "current" { + username = "" + } + + resource "github_repository" "test" { + name = "tf-acc-test-%s" + ignore_vulnerability_alerts_during_read = true + } + + resource "github_repository_environment" "test" { + repository = github_repository.test.name + environment = "environment/test" + wait_timer = 10000 + reviewers { + users = [data.github_user.current.id] + } + deployment_branch_policy { + protected_branches = false + custom_branch_policies = true + } + } + + resource "github_repository_environment_deployment_policy" "test" { + repository = github_repository.test.name + environment = github_repository_environment.test.environment + tag_pattern = "v*" + } + + `, randomID) + + check1 := resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "repository", + fmt.Sprintf("tf-acc-test-%s", randomID), + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "environment", + "environment/test", + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "tag_pattern", + "v*", + ), + resource.TestCheckNoResourceAttr( + "github_repository_environment_deployment_policy.test", "branch_pattern", + ), + testDeploymentPolicyId("github_repository_environment_deployment_policy.test", &deploymentPolicyId), + ) + + config2 := fmt.Sprintf(` + + data "github_user" "current" { + username = "" + } + + resource "github_repository" "test" { + name = "tf-acc-test-%s" + ignore_vulnerability_alerts_during_read = true + } + + resource "github_repository_environment" "test" { + repository = github_repository.test.name + environment = "environment/test" + wait_timer = 10000 + reviewers { + users = [data.github_user.current.id] + } + deployment_branch_policy { + protected_branches = false + custom_branch_policies = true + } + } + + resource "github_repository_environment_deployment_policy" "test" { + repository = github_repository.test.name + environment = github_repository_environment.test.environment + tag_pattern = "version*" + } + + `, randomID) + + check2 := resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "repository", + fmt.Sprintf("tf-acc-test-%s", randomID), + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "environment", + "environment/test", + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "tag_pattern", + "version*", + ), + resource.TestCheckNoResourceAttr( + "github_repository_environment_deployment_policy.test", "branch_pattern", + ), + testSameDeploymentPolicyId( + "github_repository_environment_deployment_policy.test", + &deploymentPolicyId, + ), + ) + + testCase := func(t *testing.T, mode string) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, mode) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config1, + Check: check1, + }, + { + Config: config2, + Check: check2, + }, + }, + }) + } + + t.Run("with an anonymous account", func(t *testing.T) { + t.Skip("anonymous account not supported for this operation") + }) + + t.Run("with an individual account", func(t *testing.T) { + testCase(t, individual) + }) + + t.Run("with an organization account", func(t *testing.T) { + testCase(t, organization) + }) + + }) +} + +func TestAccGithubRepositoryEnvironmentDeploymentPolicyBranchToTagUpdate(t *testing.T) { + + randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) + + t.Run("recreates deployment policy when pattern type changes from branch to tag", func(t *testing.T) { + var deploymentPolicyId string + + config1 := fmt.Sprintf(` + + data "github_user" "current" { + username = "" + } + + resource "github_repository" "test" { + name = "tf-acc-test-%s" + ignore_vulnerability_alerts_during_read = true + } + + resource "github_repository_environment" "test" { + repository = github_repository.test.name + environment = "environment/test" + wait_timer = 10000 + reviewers { + users = [data.github_user.current.id] + } + deployment_branch_policy { + protected_branches = false + custom_branch_policies = true + } + } + + resource "github_repository_environment_deployment_policy" "test" { + repository = github_repository.test.name + environment = github_repository_environment.test.environment + branch_pattern = "release/*" + } + + `, randomID) + + check1 := resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "repository", + fmt.Sprintf("tf-acc-test-%s", randomID), + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "environment", + "environment/test", + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "branch_pattern", + "release/*", + ), + resource.TestCheckNoResourceAttr( + "github_repository_environment_deployment_policy.test", "tag_pattern", + ), + testDeploymentPolicyId("github_repository_environment_deployment_policy.test", &deploymentPolicyId), + ) + + config2 := fmt.Sprintf(` + + data "github_user" "current" { + username = "" + } + + resource "github_repository" "test" { + name = "tf-acc-test-%s" + ignore_vulnerability_alerts_during_read = true + } + + resource "github_repository_environment" "test" { + repository = github_repository.test.name + environment = "environment/test" + wait_timer = 10000 + reviewers { + users = [data.github_user.current.id] + } + deployment_branch_policy { + protected_branches = false + custom_branch_policies = true + } + } + + resource "github_repository_environment_deployment_policy" "test" { + repository = github_repository.test.name + environment = github_repository_environment.test.environment + tag_pattern = "v*" + } + + `, randomID) + + check2 := resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "repository", + fmt.Sprintf("tf-acc-test-%s", randomID), + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "environment", + "environment/test", + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "tag_pattern", + "v*", + ), + resource.TestCheckNoResourceAttr( + "github_repository_environment_deployment_policy.test", "branch_pattern", + ), + testNewDeploymentPolicyId( + "github_repository_environment_deployment_policy.test", + &deploymentPolicyId, + ), + ) + + testCase := func(t *testing.T, mode string) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, mode) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config1, + Check: check1, + }, + { + Config: config2, + Check: check2, + }, + }, + }) + } + + t.Run("with an anonymous account", func(t *testing.T) { + t.Skip("anonymous account not supported for this operation") + }) + + t.Run("with an individual account", func(t *testing.T) { + testCase(t, individual) + }) + + t.Run("with an organization account", func(t *testing.T) { + testCase(t, organization) + }) + + }) +} + +func TestAccGithubRepositoryEnvironmentDeploymentPolicyTagToBranchUpdate(t *testing.T) { + + randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) + + t.Run("recreates deployment policy when pattern type changes from tag to branch", func(t *testing.T) { + var deploymentPolicyId string + + config1 := fmt.Sprintf(` + + data "github_user" "current" { + username = "" + } + + resource "github_repository" "test" { + name = "tf-acc-test-%s" + ignore_vulnerability_alerts_during_read = true + } + + resource "github_repository_environment" "test" { + repository = github_repository.test.name + environment = "environment/test" + wait_timer = 10000 + reviewers { + users = [data.github_user.current.id] + } + deployment_branch_policy { + protected_branches = false + custom_branch_policies = true + } + } + + resource "github_repository_environment_deployment_policy" "test" { + repository = github_repository.test.name + environment = github_repository_environment.test.environment + tag_pattern = "v*" + } + + `, randomID) + + check1 := resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "repository", + fmt.Sprintf("tf-acc-test-%s", randomID), + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "environment", + "environment/test", + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "tag_pattern", + "v*", + ), + resource.TestCheckNoResourceAttr( + "github_repository_environment_deployment_policy.test", "branch_pattern", + ), + testDeploymentPolicyId("github_repository_environment_deployment_policy.test", &deploymentPolicyId), + ) + + config2 := fmt.Sprintf(` + + data "github_user" "current" { + username = "" + } + + resource "github_repository" "test" { + name = "tf-acc-test-%s" + ignore_vulnerability_alerts_during_read = true + } + + resource "github_repository_environment" "test" { + repository = github_repository.test.name + environment = "environment/test" + wait_timer = 10000 + reviewers { + users = [data.github_user.current.id] + } + deployment_branch_policy { + protected_branches = false + custom_branch_policies = true + } + } + + resource "github_repository_environment_deployment_policy" "test" { + repository = github_repository.test.name + environment = github_repository_environment.test.environment + branch_pattern = "release/*" + } + + `, randomID) + + check2 := resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "repository", + fmt.Sprintf("tf-acc-test-%s", randomID), + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "environment", + "environment/test", + ), + resource.TestCheckResourceAttr( + "github_repository_environment_deployment_policy.test", "branch_pattern", + "release/*", + ), + resource.TestCheckNoResourceAttr( + "github_repository_environment_deployment_policy.test", "tag_pattern", + ), + testNewDeploymentPolicyId( + "github_repository_environment_deployment_policy.test", + &deploymentPolicyId, + ), + ) + + testCase := func(t *testing.T, mode string) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { skipUnlessMode(t, mode) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: config1, + Check: check1, + }, + { + Config: config2, + Check: check2, + }, + }, + }) + } + + t.Run("with an anonymous account", func(t *testing.T) { + t.Skip("anonymous account not supported for this operation") + }) + + t.Run("with an individual account", func(t *testing.T) { + testCase(t, individual) + }) + + t.Run("with an organization account", func(t *testing.T) { + testCase(t, organization) + }) + + }) +} + +func testDeploymentPolicyId(resourceName string, id *string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("Not found: %s", resourceName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("Resource ID is not set") + } + + *id = rs.Primary.ID + + return nil + } +} + +func testSameDeploymentPolicyId(resourceName string, id *string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("Not found: %s", resourceName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("Resource ID is not set") + } + + if rs.Primary.ID != *id { + return fmt.Errorf("New resource does not match old resource id: %s, %s", rs.Primary.ID, *id) + } + + return nil + } +} + +func testNewDeploymentPolicyId(resourceName string, id *string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("Not found: %s", resourceName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("Resource ID is not set") + } + + if rs.Primary.ID == *id { + return fmt.Errorf("New resource matches old resource id: %s", rs.Primary.ID) + } + + return nil + } +} diff --git a/website/docs/r/repository_environment_deployment_policy.html.markdown b/website/docs/r/repository_environment_deployment_policy.html.markdown index df6739e4cb..cafc093ddc 100644 --- a/website/docs/r/repository_environment_deployment_policy.html.markdown +++ b/website/docs/r/repository_environment_deployment_policy.html.markdown @@ -11,6 +11,8 @@ This resource allows you to create and manage environment deployment branch poli ## Example Usage +Create a branch-based deployment policy: + ```hcl data "github_user" "current" { username = "" @@ -21,9 +23,9 @@ resource "github_repository" "test" { } resource "github_repository_environment" "test" { - repository = github_repository.test.name - environment = "environment/test" - wait_timer = 10000 + repository = github_repository.test.name + environment = "environment/test" + wait_timer = 10000 reviewers { users = [data.github_user.current.id] } @@ -34,12 +36,45 @@ resource "github_repository_environment" "test" { } resource "github_repository_environment_deployment_policy" "test" { - repository = github_repository.test.name - environment = github_repository_environment.test.environment + repository = github_repository.test.name + environment = github_repository_environment.test.environment branch_pattern = "releases/*" } ``` +Create a tag-based deployment policy: + +```hcl + +data "github_user" "current" { + username = "" +} + +resource "github_repository" "test" { + name = "tf-acc-test-%s" +} + +resource "github_repository_environment" "test" { + repository = github_repository.test.name + environment = "environment/test" + wait_timer = 10000 + reviewers { + users = [data.github_user.current.id] + } + deployment_branch_policy { + protected_branches = false + custom_branch_policies = true + } +} + +resource "github_repository_environment_deployment_policy" "test" { + repository = github_repository.test.name + environment = github_repository_environment.test.environment + tag_pattern = "v*" +} +``` + + ## Argument Reference The following arguments are supported: @@ -48,7 +83,9 @@ The following arguments are supported: * `repository` - (Required) The repository of the environment. -* `branch_pattern` - (Required) The name pattern that branches must match in order to deploy to the environment. +* `branch_pattern` - (Optional) The name pattern that branches must match in order to deploy to the environment. If not specified, `tag_pattern` must be specified. + +* `tag_pattern` - (Optional) The name pattern that tags must match in order to deploy to the environment. If not specified, `branch_pattern` must be specified. ## Import