From 71a79a30f3aa85014a212993618cd7927c8d76b7 Mon Sep 17 00:00:00 2001
From: wiseelf <wiseelf@gmail.com>
Date: Thu, 9 Oct 2025 13:08:17 +0200
Subject: [PATCH] feat: Add push support for deploy keys, bump version

---
 main.tf     | 8 ++++++--
 versions.tf | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/main.tf b/main.tf
index b9b5dfb..4d11ff0 100644
--- a/main.tf
+++ b/main.tf
@@ -507,6 +507,9 @@ locals {
 
   # Group by name for groups, allowing for duplicates
   exists_groups = { for group in data.gitlab_groups.this.groups : group.full_path => group... }
+
+  # Map deploy keys by project namespace/name and key title for easy lookup
+  exists_deploy_keys = { for key_id, key in gitlab_deploy_key.this : key_id => key }
 }
 
 # Create GitLab projects dynamically
@@ -1318,8 +1321,9 @@ resource "gitlab_branch_protection" "this" {
   dynamic "allowed_to_push" {
     for_each = lookup(each.value.branch, "allowed_to_push", [])
     content {
-      user_id  = contains(keys(local.exists_users), lookup(allowed_to_push.value, "user_email", "")) ? local.exists_users[allowed_to_push.value.user_email].id : null
-      group_id = contains(keys(local.exists_groups), lookup(allowed_to_push.value, "group", "")) ? local.exists_groups[allowed_to_push.value.group][0].group_id : null
+      user_id       = contains(keys(local.exists_users), lookup(allowed_to_push.value, "user_email", "")) ? local.exists_users[allowed_to_push.value.user_email].id : null
+      group_id      = contains(keys(local.exists_groups), lookup(allowed_to_push.value, "group", "")) ? local.exists_groups[allowed_to_push.value.group][0].group_id : null
+      deploy_key_id = lookup(allowed_to_push.value, "deploy_key_title", null) != null && contains(keys(local.exists_deploy_keys), "${each.value.project_namespace}-${each.value.project_name}-${lookup(allowed_to_push.value, "deploy_key_title", "")}") ? local.exists_deploy_keys["${each.value.project_namespace}-${each.value.project_name}-${lookup(allowed_to_push.value, "deploy_key_title", "")}"].deploy_key_id : null
     }
   }
 
diff --git a/versions.tf b/versions.tf
index 7653458..cea86bc 100644
--- a/versions.tf
+++ b/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     gitlab = {
       source  = "gitlabhq/gitlab"
-      version = "= 18.0.0"
+      version = "= 18.4.1"
     }
   }
   required_version = ">= 1.4.0"