resource "gitlab_project" "project" { name = var.name description = var.description namespace_id = data.gitlab_group.parent.id initialize_with_readme = var.forked_from_project_id == 0 ? true : null default_branch = var.default_branch tags = toset(concat(local.allowed_project_types[var.project_type].tags, var.tags)) ci_config_path = var.ci_config_path == null ? local.allowed_project_types[var.project_type].ci_config_path : var.ci_config_path build_git_strategy = var.build_git_strategy avatar = local.avatar == null ? null : "${local.avatar}" avatar_hash = local.avatar == null ? null : filesha256("${local.avatar}") archive_on_destroy = true archived = var.archived only_allow_merge_if_all_discussions_are_resolved = true only_allow_merge_if_pipeline_succeeds = var.only_allow_merge_if_pipeline_succeeds merge_pipelines_enabled = true allow_merge_on_skipped_pipeline = var.allow_merge_on_skipped_pipeline group_runners_enabled = var.group_runners_enabled build_timeout = var.build_timeout auto_cancel_pending_pipelines = var.auto_cancel_pending_pipelines shared_runners_enabled = var.shared_runners_enabled forked_from_project_id = var.forked_from_project_id == 0 ? null : var.forked_from_project_id lifecycle { prevent_destroy = true } } resource "gitlab_project_push_rules" "push_rule" { project = gitlab_project.project.id commit_message_regex = var.is_enable_conventional_commits_push_rule == true ? "^((build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test)(\\([-a-zA-Z0-9_]+\\))?(!)?(: (.*\\s*)*))|(Merge (.*\\s*)*)|(Initial commit$)" : "" } resource "gitlab_branch_protection" "protected_branches" { for_each = var.protected_branches project = gitlab_project.project.id branch = each.key push_access_level = each.value.push_access_level merge_access_level = each.value.merge_access_level allow_force_push = true } resource "gitlab_tag_protection" "protected_tags" { for_each = var.protected_tags project = gitlab_project.project.id tag = each.key create_access_level = each.value.create_access_level } resource "gitlab_project_variable" "variable" { for_each = local.merged_project_variables project = gitlab_project.project.id key = each.key value = each.value.value description = each.value.description protected = lookup(each.value, "protected", false) masked = lookup(each.value, "masked", false) environment_scope = lookup(each.value, "environment_scope", "*") } resource "gitlab_project_variable" "scoped_variables" { for_each = local.scoped_variable_map project = gitlab_project.project.id key = each.value.key value = each.value.value environment_scope = each.value.environment_scope protected = each.value.protected masked = each.value.masked description = each.value.description } resource "gitlab_project_environment" "environments" { for_each = local.merged_environments project = gitlab_project.project.id name = each.key external_url = each.value stop_before_destroy = true } resource "gitlab_project_custom_attribute" "custom_attributes" { for_each = var.attributes project = gitlab_project.project.id key = each.key value = each.value } resource "gitlab_project_job_token_scopes" "ci_token_scope" { project = gitlab_project.project.id enabled = true target_group_ids = local.token_scope_group_ids target_project_ids = local.token_scope_project_ids }