feat: add branch_protection resource (#72)

added terraform tests for the resource

Reviewed-on: https://gitea.com/gitea/terraform-provider-gitea/pulls/72
Co-authored-by: Jörg Markert <[email protected]>
Co-committed-by: Jörg Markert <[email protected]>

Author: venc0r

.gitea/workflows/test.yml

@@ -22,7 +22,9 @@ jobs:
     - name: Terraform Init
       id: init
       run: terraform init
+      working-directory: examples
 
     - name: Terraform Validate
       id: validate
-      run: terraform validate -no-color
+      run: terraform validate -no-color
+      working-directory: examples

.gitignore

@@ -1,3 +1,6 @@
 .vscode
 .idea/
 dist/
+tests/terraform.tfvars
+tests/.terraform
+tests/.terraform.lock.hcl

docs/resources/repository_branch_protection.md

@@ -0,0 +1,68 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitea_repository_branch_protection Resource - terraform-provider-gitea"
+subcategory: ""
+description: |-
+  This resource allows you to create and manage branch protections for repositories.
+---
+
+# gitea_repository_branch_protection (Resource)
+
+This resource allows you to create and manage branch protections for repositories.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Repository name
+- `rule_name` (String) Protected Branch Name Pattern
+- `username` (String) User name or organization name
+
+### Optional
+
+- `approval_whitelist_teams` (List of String) Only reviews from allowlisted teams will count to the required
+								approvals. Without approval allowlist, reviews from anyone with
+								write access count to the required approvals.
+- `approval_whitelist_users` (List of String) Only reviews from allowlisted users will count to the required
+								approvals. Without approval allowlist, reviews from anyone with
+								write access count to the required approvals.
+- `block_merge_on_official_review_requests` (Boolean) Merging will not be possible when it has official
+								review requests, even if there are enough approvals.
+- `block_merge_on_outdated_branch` (Boolean) Merging will not be possible when head branch is behind base branch.
+- `block_merge_on_rejected_reviews` (Boolean) Merging will not be possible when changes are
+								requested by official reviewers, even if there are enough
+								approvals.
+- `dismiss_stale_approvals` (Boolean) When new commits that change the content of the pull request
+								are pushed to the branch, old approvals will be dismissed.
+- `enable_push` (Boolean) Anyone with write access will be allowed to push to this branch
+								(but not force push), add a whitelist users or teams to limit
+								access.
+- `merge_whitelist_teams` (List of String) Allow only allowlisted teams to merge pull requests into this branch.
+- `merge_whitelist_users` (List of String) Allow only allowlisted users to merge pull requests into this branch.
+- `protected_file_patterns` (String) Protected file patterns (separated using semicolon ';')
+- `push_whitelist_deploy_keys` (Boolean) Allow deploy keys with write access to push. Requires enable_push to be set to true.
+- `push_whitelist_teams` (List of String) Allowlisted teams for pushing. Requires enable_push to be set to true.
+- `push_whitelist_users` (List of String) Allowlisted users for pushing. Requires enable_push to be set to true.
+- `require_signed_commits` (Boolean) Reject pushes to this branch if they are unsigned or unverifiable.
+- `required_approvals` (Number) Allow only to merge pull request with enough positive reviews.
+- `status_check_patterns` (List of String) Enter patterns to specify which status checks must pass before
+								branches can be merged into a branch that matches this rule.
+								Each line specifies a pattern. Patterns cannot be empty.
+- `unprotected_file_patterns` (String) Unprotected file patterns (separated using semicolon ';')
+
+### Read-Only
+
+- `created_at` (String) Webhook creation timestamp
+- `enable_approval_whitelist` (Boolean) True if a approval whitelist is used.
+- `enable_merge_whitelist` (Boolean) True if a merge whitelist is used.
+- `enable_push_whitelist` (Boolean) True if a push whitelist is used.
+- `enable_status_check` (Boolean) Require status checks to pass before merging. When enabled,
+								commits must first be pushed to another branch, then merged
+								or pushed directly to a branch that matches this rule after
+								status checks have passed. If no contexts are matched, the
+								last commit must be successful regardless of context
+- `id` (String) The ID of this resource.
+- `updated_at` (String) Webhook creation timestamp

examples/provider.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     gitea = {
       source = "go-gitea/gitea"
-      version = "0.1.0"
+      version = "0.3.0"
     }
   }
 }
@@ -12,4 +12,4 @@ provider "gitea" {
   username = "lerentis"
   password = var.gitea_password
   #token    = var.gitea_token
-}
+}

examples/resources/gitea_repo_branch_protection/resource.tf

@@ -0,0 +1,14 @@
+resource "gitea_repository" "repo" {
+  username  = var.username
+  name      = var.name
+  auto_init = false
+}
+
+resource "gitea_repository_branch_protection" "main" {
+  username = gitea_repository.repo.username
+  name     = gitea_repository.repo.name
+
+  rule_name             = "main"
+  enable_push           = true
+  status_check_patterns = var.branch_protection_patterns
+}

gitea/provider.go

@@ -75,18 +75,19 @@ func Provider() *schema.Provider {
 			"gitea_org": resourceGiteaOrg(),
 			// "gitea_team":       resourceGiteaTeam(),
 			// "gitea_repo":       resourceGiteaRepo(),
-			"gitea_user":               resourceGiteaUser(),
-			"gitea_oauth2_app":         resourceGiteaOauthApp(),
-			"gitea_repository":         resourceGiteaRepository(),
-			"gitea_fork":               resourceGiteaFork(),
-			"gitea_public_key":         resourceGiteaPublicKey(),
-			"gitea_team":               resourceGiteaTeam(),
-			"gitea_team_membership":    resourceGiteaTeamMembership(),
-			"gitea_team_members":       resourceGiteaTeamMembers(),
-			"gitea_git_hook":           resourceGiteaGitHook(),
-			"gitea_token":              resourceGiteaToken(),
-			"gitea_repository_key":     resourceGiteaRepositoryKey(),
-			"gitea_repository_webhook": resourceGiteaRepositoryWebhook(),
+			"gitea_user":                         resourceGiteaUser(),
+			"gitea_oauth2_app":                   resourceGiteaOauthApp(),
+			"gitea_repository":                   resourceGiteaRepository(),
+			"gitea_fork":                         resourceGiteaFork(),
+			"gitea_public_key":                   resourceGiteaPublicKey(),
+			"gitea_team":                         resourceGiteaTeam(),
+			"gitea_team_membership":              resourceGiteaTeamMembership(),
+			"gitea_team_members":                 resourceGiteaTeamMembers(),
+			"gitea_git_hook":                     resourceGiteaGitHook(),
+			"gitea_token":                        resourceGiteaToken(),
+			"gitea_repository_key":               resourceGiteaRepositoryKey(),
+			"gitea_repository_webhook":           resourceGiteaRepositoryWebhook(),
+			"gitea_repository_branch_protection": resourceGiteaRepositoryBranchProtection(),
 		},
 
 		ConfigureFunc: providerConfigure,