feat: create envs for managed repos using terraform (#44)

Author: cunla

README.md

@@ -101,14 +101,10 @@ Django Commons packages.
    with repo owner to transfer repo
 7. Wait for repository transferred in
 8. [Make Terraform changes to add new project](#terraform-changes-to-add-a-new-project)
-9. [Configure environments](https://docs.github.com/en/actions/administering-github-actions/managing-environments-for-deployment#creating-an-environment)
-   pypi and testpypi in the repository to
-   enable [publishing packages via GitHub Actions](https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#)
-10. For pypi environment, add Deployment protection rule with reviewers as [repo]-admins and enable "Allow
-    administrators to bypass configured protection rules"
-11. Under Actions > General > "Fork pull request workflows from outside collaborators", set "Require approval for
+9. Under Actions > General > "Fork pull request workflows from outside collaborators", set "Require approval for
     first-time contributors"
-12. Set a calendar event or reminder for 30 days in the future to remove previous repository owner from team
+10. Have the maintainer push a new tag and walk them through the release process
+11. Set a calendar event or reminder for 30 days in the future to remove previous repository owner from team
 
 ### Terraform changes to add a new project
 
@@ -190,4 +186,4 @@ The expected changes:
 The expected changes:
 
 - The repository will be removed from the organization.
-- The repository's teams will be removed from the organization.
+- The repository's teams will be removed from the organization.

terraform/production/repositories.tfvars

@@ -56,6 +56,7 @@ repositories = {
     description        = "Schedule async tasks using redis pub/sub."
     homepage_url       = "https://django-tasks-scheduler.readthedocs.io/"
     allow_merge_commit = true
+
     admins = [
       "cunla",
     ]

terraform/resources-environments.tf

@@ -0,0 +1,18 @@
+resource "github_repository_environment" "pypi" {
+  for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false }
+
+  environment         = "pypi"
+  repository          = each.key
+  prevent_self_review = false
+  reviewers {
+    teams = [github_team.repo_admin_team[each.key].id]
+  }
+}
+
+resource "github_repository_environment" "testpypi" {
+  for_each = { for k, v in var.repositories : k => v if v.is_django_commons_repo == false }
+
+  environment         = "testpypi"
+  repository          = each.key
+  prevent_self_review = false
+}

terraform/tfstate.json

@@ -1,7 +1,7 @@
 {
   "version": 4,
   "terraform_version": "1.9.5",
-  "serial": 188,
+  "serial": 192,
   "lineage": "425397de-8394-a003-8a6c-bce854d9cc53",
   "outputs": {},
   "resources": [
@@ -688,6 +688,100 @@
         }
       ]
     },
+    {
+      "mode": "managed",
+      "type": "github_repository_environment",
+      "name": "pypi",
+      "provider": "provider[\"registry.terraform.io/integrations/github\"]",
+      "instances": [
+        {
+          "index_key": "django-commons-playground",
+          "schema_version": 0,
+          "attributes": {
+            "can_admins_bypass": true,
+            "deployment_branch_policy": [],
+            "environment": "pypi",
+            "id": "django-commons-playground:pypi",
+            "prevent_self_review": false,
+            "repository": "django-commons-playground",
+            "reviewers": [
+              {
+                "teams": [
+                  9757650
+                ],
+                "users": []
+              }
+            ],
+            "wait_timer": 0
+          },
+          "sensitive_attributes": [],
+          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
+        },
+        {
+          "index_key": "django-fsm-2",
+          "schema_version": 0,
+          "attributes": {
+            "can_admins_bypass": true,
+            "deployment_branch_policy": [],
+            "environment": "pypi",
+            "id": "django-fsm-2:pypi",
+            "prevent_self_review": false,
+            "repository": "django-fsm-2",
+            "reviewers": [
+              {
+                "teams": [
+                  10870432
+                ],
+                "users": []
+              }
+            ],
+            "wait_timer": 0
+          },
+          "sensitive_attributes": [],
+          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
+        }
+      ]
+    },
+    {
+      "mode": "managed",
+      "type": "github_repository_environment",
+      "name": "testpypi",
+      "provider": "provider[\"registry.terraform.io/integrations/github\"]",
+      "instances": [
+        {
+          "index_key": "django-commons-playground",
+          "schema_version": 0,
+          "attributes": {
+            "can_admins_bypass": true,
+            "deployment_branch_policy": [],
+            "environment": "testpypi",
+            "id": "django-commons-playground:testpypi",
+            "prevent_self_review": null,
+            "repository": "django-commons-playground",
+            "reviewers": [],
+            "wait_timer": 0
+          },
+          "sensitive_attributes": [],
+          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
+        },
+        {
+          "index_key": "django-fsm-2",
+          "schema_version": 0,
+          "attributes": {
+            "can_admins_bypass": true,
+            "deployment_branch_policy": [],
+            "environment": "testpypi",
+            "id": "django-fsm-2:testpypi",
+            "prevent_self_review": null,
+            "repository": "django-fsm-2",
+            "reviewers": [],
+            "wait_timer": 0
+          },
+          "sensitive_attributes": [],
+          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
+        }
+      ]
+    },
     {
       "mode": "managed",
       "type": "github_team",