add option to restrict deployments, require protected branch source

vivantehealth · Dec 21, 2021 · 24f653a · 24f653a
1 parent eb83dea
commit 24f653a
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/.github/workflows/publish-terraform-module.yml b/.github/workflows/publish-terraform-module.yml
@@ -42,7 +42,7 @@ jobs:
         id: tag
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          DEFAULT_BUMP: patch
+          DEFAULT_BUMP: minor
           WITH_V: false
           DRY_RUN: true
       - name: List Release

diff --git a/main.tf b/main.tf
@@ -17,6 +17,11 @@ resource "github_repository_environment" "repo_apply_environment" {
     teams = var.terraform_apply_reviewers
     users = []
   }
+  deployment_branch_policy {
+    protected_branches = var.require_protected_branches
+    #https://github.com/integrations/terraform-provider-github/issues/922#issuecomment-998957627
+    custom_branch_policies = false
+  }
 }
 
 # Store the domain's project id for easier access during github actions workflows

diff --git a/variables.tf b/variables.tf
@@ -55,3 +55,9 @@ variable "workload_identity_provider" {
   description = "GCP Workload Identity provider id for setting repo environment secrets for gcloud setup step"
   type        = string
 }
+
+variable "require_protected_branches" {
+  description = "Whether to restrict the apply environment to deploying from protected branches. Recommended to set to true for PRD"
+  type        = bool
+  default     = false
+}