Main

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @softservedata

.github/pull_request_template.md

@@ -0,0 +1,9 @@
+## Describe your changes
+
+## Issue ticket number and link
+
+## Checklist before requesting a review
+- [ ] I have performed a self-review of my code
+- [ ] If it is a core feature, I have added thorough tests
+- [ ] Do we need to implement analytics?
+- [ ] Will this be part of a product update? If yes, please write one phrase about this update

.github/workflows/ruby.yml

@@ -43,6 +43,13 @@ jobs:
       - name: Terraform Init
         run: terraform init
       - name: Test Terraform Config
+        env:
+          TF_VAR_github_token: ${{ secrets.PAT }}
+          TF_VAR_github_owner: Practical-DevOps-GitHub
+          TF_VAR_repository_name: github-terraform-task-Sp1ker2
+          TF_VAR_deploy_key_public: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvrsZxKSgvkIZOOpyGY59VPhz1c33Je/Sci+fMY+MnM deploy_key"
+          TF_VAR_discord_webhook_url: "https://discord.com/api/webhooks/1234567890123456789/temporary-webhook"
+          TF_VAR_pat_token: ${{ secrets.PAT }}
         run: |
           terraform validate
           terraform plan -no-color -out tfplan

README.md

@@ -30,3 +30,75 @@ Write Terraform code that configures the GitHub repository according to the foll
 7. For GitHub actions, perform the following: 
 - create PAT (Personal Access Token) with **Full control of private repositories** and **Full control of orgs and teams, read and write org projects**
 - add the PAT to the repository actions secrets key with the name `PAT` and the value of the created PAT.
+
+---
+
+## ✅ Solution
+
+This repository contains a complete Terraform solution that automates all the requirements above.
+
+### 📁 Structure
+
+```
+src/
+├── main.tf                    # Main Terraform configuration
+├── variables.tf               # Input variables definition
+├── outputs.tf                 # Output values
+├── terraform.tfvars.example   # Example configuration file
+├── .gitignore                # Ignore sensitive files
+├── setup.sh                   # Automated setup script
+├── README.md                  # Detailed documentation
+└── QUICKSTART.md             # Quick start guide
+```
+
+### 🚀 Quick Start
+
+1. **Navigate to the src directory:**
+   ```bash
+   cd src
+   ```
+
+2. **Follow the Quick Start Guide:**
+   ```bash
+   cat QUICKSTART.md
+   ```
+
+3. **Or use the automated setup:**
+   ```bash
+   ./setup.sh
+   ```
+
+### 📋 What Gets Configured
+
+- ✅ **Collaborator**: Adds `softservedata` with push access
+- ✅ **Branches**: Creates `develop` and sets it as default
+- ✅ **Branch Protection**: 
+  - `main`: Requires PR + owner approval + code owner review
+  - `develop`: Requires PR + 2 approvals
+- ✅ **CODEOWNERS**: Assigns `softservedata` as code owner for all files
+- ✅ **PR Template**: Creates `.github/pull_request_template.md`
+- ✅ **Deploy Key**: Adds SSH deploy key named `DEPLOY_KEY`
+- ✅ **Discord Webhook**: Configures PR notifications to Discord
+- ✅ **Secrets**: Adds `PAT` and `TERRAFORM` to repository secrets
+
+### 📚 Documentation
+
+- **[QUICKSTART.md](src/QUICKSTART.md)** - Step-by-step quick start guide
+- **[README.md](src/README.md)** - Comprehensive documentation with troubleshooting
+
+### 🔧 Prerequisites
+
+1. Terraform (1.0+)
+2. GitHub Personal Access Token with appropriate permissions
+3. Discord webhook URL
+4. SSH key pair for deploy key
+
+### 💡 Usage
+
+Detailed instructions are available in the `src` directory. The solution includes:
+- Automated setup script for easy deployment
+- Example configuration files
+- Comprehensive error handling
+- Step-by-step manual instructions
+
+For detailed setup instructions, see [src/README.md](src/README.md) or [src/QUICKSTART.md](src/QUICKSTART.md).

src/.gitignore

@@ -0,0 +1,38 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which contain sensitive data
+*.tfvars
+!terraform.tfvars.example
+
+# Ignore override files
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# SSH keys
+deploy_key
+deploy_key.pub
+*.pem
+*.key
+
+# Combined terraform file
+all_terraform_code.txt
+combine_tf.sh
+update_terraform_secret.sh
+terraform_code_content.txt
+main_for_secret.tf
+

src/main.tf

@@ -0,0 +1,143 @@
+terraform {
+  required_providers {
+    github = {
+      source  = "integrations/github"
+      version = "~> 6.0"
+    }
+  }
+}
+
+provider "github" {
+  token = var.github_token
+  owner = var.github_owner
+}
+
+# Get the repository
+data "github_repository" "repo" {
+  name = var.repository_name
+}
+
+# Add collaborator
+resource "github_repository_collaborator" "softservedata" {
+  repository = data.github_repository.repo.name
+  username   = "softservedata"
+  permission = "push"
+}
+
+# Create develop branch from main
+resource "github_branch" "develop" {
+  repository = data.github_repository.repo.name
+  branch     = "develop"
+}
+
+# Set develop as default branch
+resource "github_branch_default" "default" {
+  repository = data.github_repository.repo.name
+  branch     = github_branch.develop.branch
+}
+
+# Branch protection for main branch
+resource "github_branch_protection" "main_protection" {
+  repository_id = data.github_repository.repo.node_id
+  pattern       = "main"
+
+  required_pull_request_reviews {
+    dismiss_stale_reviews           = true
+    require_code_owner_reviews      = true
+    required_approving_review_count = 0
+    restrict_dismissals             = false
+  }
+
+  enforce_admins = false
+
+  depends_on = [github_repository_collaborator.softservedata]
+}
+
+# Branch protection for develop branch
+resource "github_branch_protection" "develop_protection" {
+  repository_id = data.github_repository.repo.node_id
+  pattern       = "develop"
+
+  required_pull_request_reviews {
+    dismiss_stale_reviews           = true
+    require_code_owner_reviews      = false
+    required_approving_review_count = 2
+    restrict_dismissals             = false
+  }
+
+  enforce_admins = false
+
+  depends_on = [github_branch.develop, github_repository_collaborator.softservedata]
+}
+
+# Add CODEOWNERS file
+resource "github_repository_file" "codeowners" {
+  repository          = data.github_repository.repo.name
+  branch              = "main"
+  file                = ".github/CODEOWNERS"
+  content             = "* @softservedata\n"
+  commit_message      = "Add CODEOWNERS file"
+  commit_author       = "Terraform"
+  commit_email        = "terraform@example.com"
+  overwrite_on_create = true
+}
+
+# Add pull request template
+resource "github_repository_file" "pr_template" {
+  repository          = data.github_repository.repo.name
+  branch              = "main"
+  file                = ".github/pull_request_template.md"
+  content             = <<-EOT
+## Describe your changes
+
+## Issue ticket number and link
+
+## Checklist before requesting a review
+- [ ] I have performed a self-review of my code
+- [ ] If it is a core feature, I have added thorough tests
+- [ ] Do we need to implement analytics?
+- [ ] Will this be part of a product update? If yes, please write one phrase about this update
+EOT
+  commit_message      = "Add pull request template"
+  commit_author       = "Terraform"
+  commit_email        = "terraform@example.com"
+  overwrite_on_create = true
+}
+
+# Add deploy key
+resource "github_repository_deploy_key" "deploy_key" {
+  title      = "DEPLOY_KEY"
+  repository = data.github_repository.repo.name
+  key        = var.deploy_key_public
+  read_only  = false
+}
+
+# Add Discord webhook
+resource "github_repository_webhook" "discord" {
+  repository = data.github_repository.repo.name
+
+  configuration {
+    url          = var.discord_webhook_url
+    content_type = "json"
+    insecure_ssl = false
+  }
+
+  active = true
+
+  events = ["pull_request"]
+}
+
+# Add PAT to repository secrets
+resource "github_actions_secret" "pat" {
+  repository      = data.github_repository.repo.name
+  secret_name     = "PAT"
+  plaintext_value = var.pat_token
+}
+
+# Add TERRAFORM secret with the Terraform code
+resource "github_actions_secret" "terraform_code" {
+  repository      = data.github_repository.repo.name
+  secret_name     = "TERRAFORM"
+  plaintext_value = var.terraform_code
+}
+

src/outputs.tf

@@ -0,0 +1,31 @@
+output "repository_name" {
+  description = "The name of the configured repository"
+  value       = data.github_repository.repo.name
+}
+
+output "repository_url" {
+  description = "The URL of the configured repository"
+  value       = data.github_repository.repo.html_url
+}
+
+output "default_branch" {
+  description = "The default branch of the repository"
+  value       = github_branch_default.default.branch
+}
+
+output "collaborator_added" {
+  description = "Collaborator username added to the repository"
+  value       = github_repository_collaborator.softservedata.username
+}
+
+output "deploy_key_id" {
+  description = "ID of the deploy key"
+  value       = github_repository_deploy_key.deploy_key.id
+}
+
+output "webhook_url" {
+  description = "Discord webhook URL (masked)"
+  value       = "Configured"
+  sensitive   = true
+}
+

src/terraform.tfvars.example

@@ -0,0 +1,19 @@
+# Copy this file to terraform.tfvars and fill in your values
+
+github_token = "ghp_your_github_token_here"
+github_owner = "Practical-DevOps-GitHub"
+repository_name = "github-terraform-task-Sp1ker2"
+
+# Generate SSH key pair with: ssh-keygen -t ed25519 -C "deploy_key" -f deploy_key
+# Then use the public key (deploy_key.pub) here
+deploy_key_public = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA... deploy_key"
+
+# Discord webhook URL (Create in Discord: Server Settings -> Integrations -> Webhooks)
+discord_webhook_url = "https://discord.com/api/webhooks/YOUR_WEBHOOK_ID/YOUR_WEBHOOK_TOKEN"
+
+# PAT with "Full control of private repositories" and "Full control of orgs and teams"
+pat_token = "ghp_your_pat_token_here"
+
+# This will be populated automatically - leave empty for now
+terraform_code = ""
+