Add doppler_secrets_sync_github_actions resource

DopplerHQ · Mar 18, 2024 · 2635c22 · 2635c22
1 parent 4aaa818
commit 2635c22
Show file tree

Hide file tree

Showing 5 changed files with 178 additions and 8 deletions.
diff --git a/docs/resources/secrets_sync_github_actions.md b/docs/resources/secrets_sync_github_actions.md
@@ -0,0 +1,65 @@
+---
+page_title: "doppler_secrets_sync_github_actions Resource - terraform-provider-doppler"
+subcategory: ""
+description: |-
+	Manage a GitHub Actions Doppler sync.
+---
+
+# doppler_secrets_sync_github_actions (Resource)
+
+Manage a GitHub Actions Doppler sync.
+
+## Example Usage
+
+```terraform
+# Repo
+resource "doppler_secrets_sync_github_actions" "backend_prod" {
+  integration = "bae40485-eca7-478b-abd8-34100c82c679"
+  project     = "backend"
+  config      = "prd"
+
+  sync_target = "repo"
+  repo_name   = "backend"
+}
+
+# Repo + Environment
+resource "doppler_secrets_sync_github_actions" "backend_prod" {
+  integration = "bae40485-eca7-478b-abd8-34100c82c679"
+  project     = "backend"
+  config      = "prd"
+
+  sync_target      = "repo"
+  repo_name        = "backend"
+  environment_name = "production"
+}
+
+# Org
+resource "doppler_secrets_sync_github_actions" "backend_prod" {
+  integration = "bae40485-eca7-478b-abd8-34100c82c679"
+  project     = "backend"
+  config      = "prd"
+
+  sync_target = "org"
+  org_scope   = "private"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `config` (String) The name of the Doppler config
+- `integration` (String) The slug of the integration to use for this sync
+- `project` (String) The name of the Doppler project
+- `sync_target` (String) Either "repo" or "org", based on the resource type to sync to
+
+### Optional
+
+- `environment_name` (String) The GitHub repo environment name to sync to (only used when `sync_target` is set to "repo")
+- `org_scope` (String) Either "all" or "private", based on the which repos you want to have access (only used when `sync_target` is set to "org")
+- `repo_name` (String) The GitHub repo name to sync to (only used when `sync_target` is set to "repo")
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
diff --git a/doppler/provider.go b/doppler/provider.go
@@ -54,6 +54,10 @@ func Provider() *schema.Provider {
 
 			"doppler_integration_terraform_cloud":  resourceIntegrationTerraformCloud(),
 			"doppler_secrets_sync_terraform_cloud": resourceSyncTerraformCloud(),
+
+			// creating integrations is not currently supported for GitHub Actions
+			// "doppler_integration_github_actions":  resourceIntegrationGitHubActions(),
+			"doppler_secrets_sync_github_actions": resourceSyncGitHubActions(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"doppler_secrets": dataSourceSecrets(),

diff --git a/doppler/resource_sync_types.go b/doppler/resource_sync_types.go
@@ -2,6 +2,7 @@ package doppler
 
 import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 )
 
 func resourceSyncAWSSecretsManager() *schema.Resource {
@@ -84,6 +85,60 @@ func resourceSyncAWSParameterStore() *schema.Resource {
 	return builder.Build()
 }
 
+func resourceSyncGitHubActions() *schema.Resource {
+	builder := ResourceSyncBuilder{
+		DataSchema: map[string]*schema.Schema{
+			"sync_target": {
+				Description:  "Either \"repo\" or \"org\", based on the resource type to sync to",
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validation.StringInSlice([]string{"repo", "org"}, false),
+			},
+			"repo_name": {
+				Description:  "The GitHub repo name to sync to (only used when `sync_target` is set to \"repo\")",
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				ExactlyOneOf: []string{"repo_name", "org_scope"},
+			},
+			"org_scope": {
+				Description:  "Either \"all\" or \"private\", based on the which repos you want to have access (only used when `sync_target` is set to \"org\")",
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				ExactlyOneOf: []string{"repo_name", "org_scope"},
+				ValidateFunc: validation.StringInSlice([]string{"all", "private"}, false),
+			},
+			"environment_name": {
+				Description: "The GitHub repo environment name to sync to (only used when `sync_target` is set to \"repo\")",
+				Type:        schema.TypeString,
+				Optional:    true,
+				ForceNew:    true,
+			},
+		},
+		DataBuilder: func(d *schema.ResourceData) IntegrationData {
+			payload := map[string]interface{}{
+				"sync_target": d.Get("sync_target"),
+			}
+			repo_name := d.Get("repo_name")
+			if repo_name != "" {
+				payload["repo_name"] = repo_name
+			}
+			org_scope := d.Get("org_scope")
+			if org_scope != "" {
+				payload["org_scope"] = org_scope
+			}
+			environment_name := d.Get("environment_name")
+			if environment_name != "" {
+				payload["environment_name"] = environment_name
+			}
+			return payload
+		},
+	}
+	return builder.Build()
+}
+
 func resourceSyncTerraformCloud() *schema.Resource {
 	builder := ResourceSyncBuilder{
 		DataSchema: map[string]*schema.Schema{
@@ -94,17 +149,17 @@ func resourceSyncTerraformCloud() *schema.Resource {
 				ForceNew:    true,
 			},
 			"workspace_id": {
-				Description: "The Terraform Cloud workspace ID to sync to",
-				Type:        schema.TypeString,
-				Optional:    true,
-				ForceNew:    true,
+				Description:  "The Terraform Cloud workspace ID to sync to",
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
 				ExactlyOneOf: []string{"workspace_id", "variable_set_id"},
 			},
 			"variable_set_id": {
-				Description: "The Terraform Cloud variable set ID to sync to",
-				Type:        schema.TypeString,
-				Optional:    true,
-				ForceNew:    true,
+				Description:  "The Terraform Cloud variable set ID to sync to",
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
 				ExactlyOneOf: []string{"workspace_id", "variable_set_id"},
 			},
 			"variable_sync_type": {

diff --git a/examples/resources/secrets_sync_github_actions.tf b/examples/resources/secrets_sync_github_actions.tf
@@ -0,0 +1,30 @@
+# Repo
+resource "doppler_secrets_sync_github_actions" "backend_prod" {
+  integration = "bae40485-eca7-478b-abd8-34100c82c679"
+  project     = "backend"
+  config      = "prd"
+
+  sync_target = "repo"
+  repo_name   = "backend"
+}
+
+# Repo + Environment
+resource "doppler_secrets_sync_github_actions" "backend_prod" {
+  integration = "bae40485-eca7-478b-abd8-34100c82c679"
+  project     = "backend"
+  config      = "prd"
+
+  sync_target      = "repo"
+  repo_name        = "backend"
+  environment_name = "production"
+}
+
+# Org
+resource "doppler_secrets_sync_github_actions" "backend_prod" {
+  integration = "bae40485-eca7-478b-abd8-34100c82c679"
+  project     = "backend"
+  config      = "prd"
+
+  sync_target = "org"
+  org_scope   = "private"
+}
diff --git a/templates/resources/secrets_sync_github_actions.md.tmpl b/templates/resources/secrets_sync_github_actions.md.tmpl
@@ -0,0 +1,16 @@
+---
+page_title: "doppler_secrets_sync_github_actions Resource - terraform-provider-doppler"
+subcategory: ""
+description: |-
+	Manage a GitHub Actions Doppler sync.
+---
+
+# doppler_secrets_sync_github_actions (Resource)
+
+Manage a GitHub Actions Doppler sync.
+
+## Example Usage
+
+{{tffile "examples/resources/secrets_sync_github_actions.tf"}}
+
+{{ .SchemaMarkdown | trimspace }}