Skip to content

feat: add GitHub environments support with deployment policies#3

Open
ljuboops257 wants to merge 27 commits intogcss-1135--add-environment-with-deployment-policyfrom
test-gcss-1135
Open

feat: add GitHub environments support with deployment policies#3
ljuboops257 wants to merge 27 commits intogcss-1135--add-environment-with-deployment-policyfrom
test-gcss-1135

Conversation

@ljuboops257
Copy link
Copy Markdown
Collaborator

@ljuboops257 ljuboops257 commented Mar 19, 2026
edited
Loading

What

Full GitHub Environments support with deployment policies, moved to the root Terraform module. Includes a feature flag refactor as prerequisite.

Commits by area

Feature flag refactor

  • 7394dae docs: remove importer-specific text from DEVELOPERS_GUIDE.md
  • 5ae421f refactor: replace dynamic feature flag map with explicit Features struct

Terraform: environments moved to root module (vendored module untouched)

  • ca56e57 refactor: remove environments from vendored module main.tf
  • 5f86390 refactor: remove environments variable from vendored module
  • af949db refactor: remove environment outputs from vendored module
  • a866f08 refactor: remove environments from module call, update import block target
  • 9b9454f feat: add environments resources to root module
  • 56797aa refactor: extract deployment policy for_each into named locals
  • 766d689 fix: build all_environments_flattened from generated/new repos independently

Importer error handling (reviewer feedback)

  • 10f0b8f fix: fail import on environment fetch errors (r2549550574, r2549551202)
  • 3c29553 fix: resolveEnvironments returns ([]Environment, error) (r2549571099)
  • 37d50d4 fix: fail import on unknown reviewer type (r2549696050)
  • e9acb36 fix: validate max 6 total reviewers per environment (r2549698626)

Code quality (reviewer feedback)

  • 9a225ab fix: remove unnecessary feature flag logging (r2549462227)
  • 900c68f refactor: extract isEnvEnabled helper (r2549533810)
  • 0825d7e fix: remove redundant comments in ProtectionRules block (r2549680498)
  • 3a0a97f fix: remove top-level reviewer fallback — dead code (r2549689325, r2549594557)

Docs cleanup (reviewer feedback)

  • 1517184 docs: remove FEATURE_GITHUB_ENVIRONMENT.md (r2549335677)
  • 08ba705 docs: remove ADDING_FEATURES.md from this PR (r2549361465)

Known limitations

  • Deployment policies are not imported — provider requires a numeric policy ID not available from YAML. Managed as regular resources.
  • Provider bug: github_repository_environment_deployment_policy — "inconsistent result after apply" on v6.9.0-gr.3. Under investigation.

ljubon added 4 commits March 19, 2026 19:20
@ljubon
docs: remove importer-specific text from DEVELOPERS_GUIDE.md
7394dae 
DEVELOPERS_GUIDE.md should only document YAML config fields.
Removed import control references from the environments entry
as requested in PR review.
@ljubon
refactor: replace dynamic feature flag map with explicit Features struct
5ae421f 
Replace Config.Features map[string]bool (yaml inline) with a typed
*Features struct so import-config.yaml is strictly deserialised.
Remove IsFeatureEnabled() method and FeatureGithubEnvironment constant.
Call sites in github.go use direct field access with nil guard.
YAML format changes from root-level key to features.github_environments.
@ljubon
docs: rewrite ADDING_FEATURES.md for explicit Features struct pattern
23ac18c
@ljubon
2026_03_19__21h
29e9d38
@ljuboops257 ljuboops257 changed the title refactor: replace dynamic feature flag map with explicit Features struct feat: add GitHub environments support with deployment policies Mar 19, 2026
ljubon added 10 commits March 20, 2026 01:01
@ljubon
fix: fail import on environment fetch errors (r2549550574, r2549551202)
10f0b8f 
ListEnvironments non-404 errors and GetEnvironment errors now propagate
as import failures instead of being silently swallowed. 404 (no environments)
is still treated as a normal no-op and does not fail the import.
@ljubon
fix: resolveEnvironments returns ([]Environment, error) (r2549571099)
3c29553 
Change signature from []Environment to ([]Environment, error) so errors
from org info lookup and other internal calls propagate to the caller
instead of being silently dropped. Call site extracts the result before
the Repository struct literal and fails the import on error.
@ljubon
fix: fail import on unknown reviewer type in environments (r2549696050)
37d50d4 
Add default case to the reviewer type switch in resolveEnvironments.
Unknown types (e.g. GitHub added a new type, or JSON was tampered with)
now fail the import with an explicit error instead of being silently ignored.
@ljubon
fix: validate max 6 total reviewers per environment (r2549698626)
e9acb36 
GitHub enforces a maximum of 6 reviewers per environment across users and
teams combined. Add an explicit check after collecting reviewers from
ProtectionRules and fail the import with a clear error if the limit is exceeded.
@ljubon
fix: remove unnecessary feature flag logging (r2549462227)
9a225ab
@ljubon
refactor: extract isEnvEnabled helper, simplify feature flag checks (…
900c68f 
…r2549533810)

Replace repeated 'cfg != nil && cfg.Features != nil && cfg.Features.GithubEnvironments'
expressions with a single nil-safe isEnvEnabled(cfg) helper function.
@ljubon
fix: remove redundant comments in ProtectionRules block (r2549680498)
0825d7e
@ljubon
fix: remove top-level reviewer fallback in resolveEnvironments (r2549…
3a0a97f 
…689325, r2549594557)

Reviewers are always in env.ProtectionRules in the GitHub API response.
The env.Reviewers top-level field was never observed to be set, so the
fallback path that resolved reviewer IDs to names via separate API calls
was dead code. Removing it also eliminates the now-unnecessary org info
lookup that only existed to support team ID resolution in that block.
@ljubon
docs: remove FEATURE_GITHUB_ENVIRONMENT.md and its reference (r254933…
1517184 
…5677)

Reviewer: content should live in the config template repo's
repository.yaml.example, not in a standalone doc here.
Remove the file and the link to it from DEVELOPERS_GUIDE.md.
@ljubon
docs: remove ADDING_FEATURES.md from this PR (r2549361465)
08ba705 
Reviewer: this file shouldn't be part of the environments PR.
Will be revisited in a separate docs-focused PR after discussion
on purpose and scope.
@ljubon
fix: fail import on unrecognised deployment policy type (r2549696050,…
56be9cc 
… r2549698626)

Add else clause to the ProtectedBranches/CustomBranchPolicies check in
resolveEnvironments. If neither field is set the API response is unexpected
(GitHub API change or tampered JSON) — fail the import with an explicit error
rather than silently producing an environment with no deployment policy.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ljuboops257 @ljubon