Initial Commit

math280h · math280h · commit 7a05573bafaf · 2022-06-22T15:59:01.000+02:00
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -0,0 +1,30 @@
+on:
+  push:
+
+jobs:
+  tflint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+        name: Checkout source code
+
+      - uses: actions/cache@v2
+        name: Cache plugin dir
+        with:
+          path: ~/.tflint.d/plugins
+          key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
+
+      - uses: terraform-linters/setup-tflint@v1
+        name: Setup TFLint
+        with:
+          tflint_version: v0.29.0
+
+      - name: Show version
+        run: tflint --version
+
+      - name: Init TFLint
+        run: tflint --init
+
+      - name: Run TFLint
+        run: tflint -f compact
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,16 @@
+**/.terraform/*
+*.tfstate
+*.tfstate.*
+crash.log
+*.tfvars
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+.terraformrc
+terraform.rc
+.idea
+**.idea/**
+*.iml
+out
+gen
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Mathias V. Nielsen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
@@ -0,0 +1,37 @@
+# terraform-github-action-secrets
+
+Easily manage secrets across multiple repositories with shared and unique secrets.
+
+## How to use
+
+All secrets stored under the "all" object will be applied to all repositories.
+To add secrets that only go to one repository add an object (In the example, see "test") that contains the unique secrets
+
+```hcl
+terraform {
+  required_providers {
+    github = {
+      source  = "integrations/github"
+      version = "~> 4.0"
+    }
+  }
+}
+
+# Remember the repository owner always defaults to the key owner
+# define the owner attribute if you need another
+provider "github" {
+  token = var.token
+}
+
+module "github-secrets" {
+  source  = "math280h/action-secrets/github"
+  version = "0.0.1"
+  
+  # In this example this would point to one repository with the full name
+  # math280h/test
+  # And two secrets would be created, "test" from the "all" object and
+  # since the name matches, "test1" from the "test" object.
+  repositories = [{ name = "test" }] 
+  secrets      = { "all" = { "test" = "test" }, "test" = { "test1" = "test1" } }
+}
+```
diff --git a/locals.tf b/locals.tf
@@ -0,0 +1,21 @@
+locals {
+    module_secrets = flatten([
+        for module_key, gh_module in var.repositories : {
+            name    = gh_module[ "name" ],
+            secrets = merge(
+                var.secrets[ "all" ],
+                lookup(var.secrets, gh_module[ "name" ], {})
+            )
+        }
+    ])
+
+    module_secrets_list = flatten([
+        for module_secret_key, module_secret_object in local.module_secrets : [
+            for secret_key, secret_value in module_secret_object[ "secrets" ] : {
+                repo  = module_secret_object[ "name" ]
+                name  = secret_key
+                value = secret_value
+            }
+        ]
+    ])
+}
diff --git a/providers.tf b/providers.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    github = {
+      source  = "integrations/github"
+      version = "~> 4.0"
+    }
+  }
+}
diff --git a/secrets.tf b/secrets.tf
@@ -0,0 +1,17 @@
+data "github_actions_public_key" "repo_public_key" {
+
+    for_each = { for project_module in var.repositories : project_module[ "name" ] => project_module }
+
+    repository = each.value.name
+
+}
+
+resource "github_actions_secret" "custom_repo_secrets" {
+
+    for_each = { for object in local.module_secrets_list : "${ object[ "repo" ] }-${ object[ "name" ] }" => object }
+
+    repository      = each.value.repo
+    secret_name     = each.value.name
+    plaintext_value = each.value.value
+
+}
diff --git a/test/main.tf b/test/main.tf
@@ -0,0 +1,19 @@
+terraform {
+    required_providers {
+        github = {
+            source  = "integrations/github"
+            version = "~> 4.0"
+        }
+    }
+}
+
+provider "github" {
+    token = var.token
+}
+
+module "github-secrets" {
+    source = "../"
+
+    repositories = [ { name = "test" } ]
+    secrets = {"all"={"test"="test"}, "test"={"test1"="test1"}}
+}
diff --git a/test/variables.tf b/test/variables.tf
@@ -0,0 +1 @@
+variable "token" {}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,8 @@
+variable "repositories" {
+    type = list(object({name=string}))
+    description = "List of repositories"
+}
+
+variable "secrets" {
+    description = "Secrets to add"
+}
