Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

1332 workflow restrictions #1462

Merged
merged 6 commits into from
Jan 12, 2023
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ Once you have the repository cloned, there's a couple of additional steps you'll

- If you haven't already, [create a GitHub organization you can use for testing](#github-organization).
- Optional: some may find it beneficial to create a test user as well in order to avoid potential rate-limiting issues on your main account.
- Your organization _must_ have a repository called `terraform-module-template`. The [terraformtesting/terraform-template-module](https://github.com/terraformtesting/terraform-template-module) repo is a good, re-usable example.
- Your organization _must_ have a repository called `terraform-template-module`. The [terraformtesting/terraform-template-module](https://github.com/terraformtesting/terraform-template-module) repo is a good, re-usable example.
- You _must_ make sure that the "Template Repository" item in Settings is checked for this repo.
- If you haven't already, [generate a Personal Access Token (PAT) for authenticating your test runs](#github-personal-access-token).
- Export the necessary configuration for authenticating your provider with GitHub
Expand Down Expand Up @@ -218,7 +218,7 @@ Once the token has been created, it must be exported in your environment as `GIT

If you do not have an organization already that you are comfortable running tests against, you will need to [create one](https://help.github.com/en/articles/creating-a-new-organization-from-scratch). The free "Team for Open Source" org type is fine for these tests. The name of the organization must then be exported in your environment as `GITHUB_ORGANIZATION`.

Make sure that your organization has a `terraform-module-template` repository ([terraformtesting/terraform-template-module](https://github.com/terraformtesting/terraform-template-module) is an example you can clone) and that its "Template repository" item in Settings is checked.
Make sure that your organization has a `terraform-template-module` repository ([terraformtesting/terraform-template-module](https://github.com/terraformtesting/terraform-template-module) is an example you can clone) and that its "Template repository" item in Settings is checked.
bob-bins marked this conversation as resolved.
Show resolved Hide resolved

If you are interested in using and/or testing Github's [Team synchronization](https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/synchronizing-teams-between-your-identity-provider-and-github) feature, please contact a maintainer as special arrangements can be made for your convenience.

Expand Down
13 changes: 13 additions & 0 deletions github/resource_github_actions_runner_group.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,15 @@ func resourceGithubActionsRunnerGroup() *schema.Resource {
Required: true,
ValidateFunc: validation.StringInSlice([]string{"all", "selected", "private"}, false),
},
"restricted_to_workflows": {
Type: schema.TypeBool,
Computed: true,
},
"selected_workflows": {
Type: schema.TypeList,
Elem: &schema.Schema{Type: schema.TypeString},
Computed: true,
},
},
}
}
Expand Down Expand Up @@ -118,6 +127,8 @@ func resourceGithubActionsRunnerGroupCreate(d *schema.ResourceData, meta interfa
d.Set("selected_repositories_url", runnerGroup.GetSelectedRepositoriesURL())
d.Set("visibility", runnerGroup.GetVisibility())
d.Set("selected_repository_ids", selectedRepositoryIDs) // Note: runnerGroup has no method to get selected repository IDs
d.Set("restricted_to_workflows", runnerGroup.GetRestrictedToWorkflows())
bob-bins marked this conversation as resolved.
Show resolved Hide resolved
d.Set("selected_workflows", runnerGroup.SelectedWorkflows)

return resourceGithubActionsRunnerGroupRead(d, meta)
}
Expand Down Expand Up @@ -173,6 +184,8 @@ func resourceGithubActionsRunnerGroupRead(d *schema.ResourceData, meta interface
d.Set("runners_url", runnerGroup.GetRunnersURL())
d.Set("selected_repositories_url", runnerGroup.GetSelectedRepositoriesURL())
d.Set("visibility", runnerGroup.GetVisibility())
d.Set("restricted_to_workflows", runnerGroup.GetRestrictedToWorkflows())
d.Set("selected_workflows", runnerGroup.SelectedWorkflows)

selectedRepositoryIDs := []int64{}
options := github.ListOptions{
Expand Down
10 changes: 10 additions & 0 deletions github/resource_github_actions_runner_group_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ func TestAccGithubActionsRunnerGroup(t *testing.T) {
resource "github_actions_runner_group" "test" {
name = github_repository.test.name
visibility = "all"
restricted_to_workflows = true
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i don't think i can run these tests... i think they require an enterprise account?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On main, I'm getting a failure on these acceptance tests:

--- FAIL: TestAccGithubActionsRunnerGroup (47.67s)
    --- FAIL: TestAccGithubActionsRunnerGroup/creates_runner_groups_without_error (12.52s)
        --- SKIP: TestAccGithubActionsRunnerGroup/creates_runner_groups_without_error/with_an_anonymous_account (0.00s)
        --- SKIP: TestAccGithubActionsRunnerGroup/creates_runner_groups_without_error/with_an_individual_account (0.00s)
        --- FAIL: TestAccGithubActionsRunnerGroup/creates_runner_groups_without_error/with_an_organization_account (12.52s)
    --- FAIL: TestAccGithubActionsRunnerGroup/manages_runner_visibility (11.71s)
        --- SKIP: TestAccGithubActionsRunnerGroup/manages_runner_visibility/with_an_anonymous_account (0.00s)
        --- SKIP: TestAccGithubActionsRunnerGroup/manages_runner_visibility/with_an_individual_account (0.00s)
        --- FAIL: TestAccGithubActionsRunnerGroup/manages_runner_visibility/with_an_organization_account (11.71s)
    --- FAIL: TestAccGithubActionsRunnerGroup/imports_an_all_runner_group_without_error (11.47s)
        --- SKIP: TestAccGithubActionsRunnerGroup/imports_an_all_runner_group_without_error/with_an_anonymous_account (0.00s)
        --- SKIP: TestAccGithubActionsRunnerGroup/imports_an_all_runner_group_without_error/with_an_individual_account (0.00s)
        --- FAIL: TestAccGithubActionsRunnerGroup/imports_an_all_runner_group_without_error/with_an_organization_account (11.47s)
    --- PASS: TestAccGithubActionsRunnerGroup/imports_a_private_runner_group_without_error (0.00s)
        --- SKIP: TestAccGithubActionsRunnerGroup/imports_a_private_runner_group_without_error/with_an_anonymous_account (0.00s)
        --- SKIP: TestAccGithubActionsRunnerGroup/imports_a_private_runner_group_without_error/with_an_individual_account (0.00s)
        --- SKIP: TestAccGithubActionsRunnerGroup/imports_a_private_runner_group_without_error/with_an_organization_account (0.00s)
    --- FAIL: TestAccGithubActionsRunnerGroup/imports_a_selected_runner_group_without_error (11.98s)
        --- SKIP: TestAccGithubActionsRunnerGroup/imports_a_selected_runner_group_without_error/with_an_individual_account (0.00s)
        --- FAIL: TestAccGithubActionsRunnerGroup/imports_a_selected_runner_group_without_error/with_an_organization_account (11.98s)
FAIL

On this branch, I'm seeing a panic on line 179 of github/resource_github_actions_runner_group.go:

d.Set("selected_workflows", runnerGroup.SelectedWorkflows).

The error reads panic: runtime error: invalid memory address or nil pointer dereference. Can you reproduce that when you run these tests on the branch locally?

Copy link
Contributor Author

@bob-bins bob-bins Jan 7, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not able to successfully run the TestAccGithubActionsRunnerGroup tests even from the main branch, so it makes it difficult for me to verify my own PR (other tests work file however). I think these tests require me to have an Enterprise Account, which I do not have on my personal account. Hm...

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ohh that makes sense. We currently don't have a framework in place for enterprise testing, although it's on the TODO list in the effort starting with #1414.

selected_workflows = [".github/workflows/test.yml"]
}
`, randomID)

Expand All @@ -41,6 +43,14 @@ func TestAccGithubActionsRunnerGroup(t *testing.T) {
"github_actions_runner_group.test", "visibility",
"all",
),
resource.TestCheckResourceAttr(
"github_actions_runner_group.test", "restricted_to_workflows",
"true",
),
resource.TestCheckResourceAttr(
"github_actions_runner_group.test", "selected_workflows",
"[\".github/workflows/test.yml\"]",
),
)

testCase := func(t *testing.T, mode string) {
Expand Down
2 changes: 2 additions & 0 deletions website/docs/r/actions_runner_group.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ The following arguments are supported:
* `selected_repository_ids` - List of repository IDs that can access the runner group
* `selected_repositories_url` - Github API URL for the runner group's repositories
* `visibility` - The visibility of the runner group
* `restricted_to_workflows` - If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array
bob-bins marked this conversation as resolved.
Show resolved Hide resolved
* `selected_workflows` - List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true.

## Import

Expand Down
2 changes: 1 addition & 1 deletion website/docs/r/repository.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ resource "github_repository" "example" {

template {
owner = "github"
repository = "terraform-module-template"
repository = "terraform-template-module"
include_all_branches = true
}
}
Expand Down