Merge pull request #8 from Homebrew/feat/github/creat_all_teams

feat: add all teams as an import

Author: SMillerDev

.tfvars

@@ -102,7 +102,7 @@ teams = {
       "timsutton",
       "woodruffw",
     ],
-    formulae-web = [
+    formulae_brew_sh = [
       "EricFromCanada",
       "MikeMcQuaid",
       "Rylan12",
@@ -130,10 +130,10 @@ teams = {
       "jacobbednarz",
       "MikeMcQuaid",
     ],
-    linux-fonts = [
+    homebrew-linux-fonts = [
       "tani",
     ],
-    pip = [
+    brew-pip-audit = [
     "alex",
     "woodruffw",
     ],

README.md

@@ -1,6 +1,6 @@
-# terraform-user-management
+# homebrew-user-management
 
-User management for the Homebrew organisation using Terraform
+User management for the Homebrew organisation using OpenTofu
 
 ## Requirements
 
@@ -18,3 +18,4 @@ User management for the Homebrew organisation using Terraform
 
 - Google workspace management for brew.sh
 - Google Cloud manangement for self-hosted workers
+- Add DNSSimple

github/groups.tf

@@ -0,0 +1,62 @@
+locals {
+  teams = concat(
+    [for team in keys(var.teams) : team if !contains(["bots", "taps"], team)],
+    keys(tomap(var.teams.maintainers)),
+    keys(tomap(var.teams.taps))
+  )
+}
+
+resource "github_team" "main" {
+  name    = each.key
+  privacy = "closed"
+
+  for_each = { for team in keys(var.teams) : team => team if !contains(["bots", "taps"], team) }
+
+  lifecycle {
+    ignore_changes = [description]
+  }
+}
+
+resource "github_team" "maintainers" {
+  name           = replace(each.key, "_", ".")
+  privacy        = "closed"
+  parent_team_id = github_team.main["maintainers"].id
+
+  for_each = { for team in keys(var.teams.maintainers) : team => team }
+
+  lifecycle {
+    ignore_changes = [description]
+  }
+}
+
+resource "github_team" "taps" {
+  name    = replace(each.key, "_", ".")
+  privacy = "closed"
+
+  for_each = { for team in keys(var.teams.taps) : team => team }
+
+  lifecycle {
+    ignore_changes = [description]
+  }
+}
+
+resource "github_team_membership" "ops_membership" {
+  for_each = toset(var.teams.maintainers.ops)
+  team_id  = github_team.maintainers["ops"].id
+  username = each.key
+  role     = contains(var.admins, each.key) ? "maintainer" : "member"
+}
+
+resource "github_team_membership" "plc_membership" {
+  for_each = toset(var.teams.plc)
+  team_id  = github_team.main["plc"].id
+  username = each.key
+  role     = contains(var.admins, each.key) ? "maintainer" : "member"
+}
+
+resource "github_team_membership" "tsc_membership" {
+  for_each = toset(var.teams.maintainers.tsc)
+  team_id  = github_team.maintainers["tsc"].id
+  username = each.key
+  role     = contains(var.admins, each.key) ? "maintainer" : "member"
+}

github/main_groups.tf

@@ -11,7 +11,7 @@ locals {
 }
 
 resource "github_membership" "general" {
-  for_each = toset([ for member in local.members: member if !contains(var.unmanagable_members, member)])
+  for_each = toset([for member in local.members : member if !contains(var.unmanagable_members, member)])
   username = each.key
   role     = contains(var.admins, each.key) ? "admin" : "member"
 }

github/membership.tf

@@ -5,19 +5,19 @@ variable "teams" {
     bots     = list(string)
     members  = list(string)
     maintainers = object({
-      cask            = list(string)
-      brew            = list(string)
-      core            = list(string)
-      tsc             = list(string)
-      ops             = list(string)
-      formulae-web    = list(string)
-      ci-orchestrator = list(string)
+      cask             = list(string)
+      brew             = list(string)
+      core             = list(string)
+      tsc              = list(string)
+      ops              = list(string)
+      formulae_brew_sh = list(string)
+      ci-orchestrator  = list(string)
     })
     taps = object({
-      bundle      = list(string)
-      pip         = list(string)
-      linux-fonts = list(string)
-      services    = list(string)
+      bundle               = list(string)
+      brew-pip-audit       = list(string)
+      homebrew-linux-fonts = list(string)
+      services             = list(string)
     })
   })
 }

github/ops.tf

@@ -32,4 +32,22 @@ import {
   for_each = toset([for member in local.members : member if !contains(local.unmanagable_members, member)])
   to       = module.github.github_membership.general[each.key]
   id       = "Homebrew:${each.key}"
+}
+
+import {
+  for_each = { for team in keys(var.teams) : team => team if !contains(["bots", "taps"], team) }
+  to       = module.github.github_team.main[each.key]
+  id       = each.key
+}
+
+import {
+  for_each = { for team in keys(var.teams.taps) : team => team }
+  to       = module.github.github_team.taps[each.key]
+  id       = replace(each.key, "_", "-")
+}
+
+import {
+  for_each = { for team in keys(var.teams.maintainers) : team => team }
+  to       = module.github.github_team.maintainers[each.key]
+  id       = replace(each.key, "_", "-")
 }

github/plc.tf

@@ -6,6 +6,15 @@ terraform {
   }
 }
 
+terraform {
+  required_providers {
+    github = {
+      source  = "integrations/github"
+      version = "~> 6.0"
+    }
+  }
+}
+
 locals {
   # these people can't have their membership managed by OpenTofu becuase they are Billing Managers in GitHub
   unmanagable_members = ["p-linnane", "issyl0", "colindean", "MikeMcQuaid", "BrewSponsorsBot"]

github/tsc.tf

@@ -5,19 +5,19 @@ variable "teams" {
     bots     = list(string)
     members  = list(string)
     maintainers = object({
-      cask            = list(string)
-      brew            = list(string)
-      core            = list(string)
-      tsc             = list(string)
-      ops             = list(string)
-      formulae-web    = list(string)
-      ci-orchestrator = list(string)
+      cask             = list(string)
+      brew             = list(string)
+      core             = list(string)
+      tsc              = list(string)
+      ops              = list(string)
+      formulae_brew_sh = list(string)
+      ci-orchestrator  = list(string)
     })
     taps = object({
-      bundle      = list(string)
-      pip         = list(string)
-      linux-fonts = list(string)
-      services    = list(string)
+      bundle               = list(string)
+      brew-pip-audit       = list(string)
+      homebrew-linux-fonts = list(string)
+      services             = list(string)
     })
   })
 }