gitlab-project/main.tf

resource "gitlab_project" "project" {
  name                                             = var.name
  description                                      = var.description
  namespace_id                                     = data.gitlab_group.parent.id
  initialize_with_readme                           = var.forked_from_project_id == 0 ? true : null
  default_branch                                   = var.default_branch
  tags                                             = toset(concat(local.allowed_project_types[var.project_type].tags, var.tags))
  ci_config_path                                   = var.ci_config_path == null ? local.allowed_project_types[var.project_type].ci_config_path : var.ci_config_path
  build_git_strategy                               = var.build_git_strategy
  avatar                                           = local.avatar == null ? null : "${local.avatar}"
  avatar_hash                                      = local.avatar == null ? null : filesha256("${local.avatar}")
  archive_on_destroy                               = true
  archived                                         = var.archived
  only_allow_merge_if_all_discussions_are_resolved = true
  only_allow_merge_if_pipeline_succeeds            = var.only_allow_merge_if_pipeline_succeeds
  merge_pipelines_enabled                          = true
  allow_merge_on_skipped_pipeline                  = var.allow_merge_on_skipped_pipeline
  group_runners_enabled                            = var.group_runners_enabled
  build_timeout                                    = var.build_timeout
  auto_cancel_pending_pipelines                    = var.auto_cancel_pending_pipelines
  shared_runners_enabled                           = var.shared_runners_enabled
  forked_from_project_id                           = var.forked_from_project_id == 0 ? null : var.forked_from_project_id

  lifecycle {
    prevent_destroy = true
  }
}

resource "gitlab_project_push_rules" "push_rule" {
  project              = gitlab_project.project.id
  commit_message_regex = var.is_enable_conventional_commits_push_rule == true ? "^((build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test)(\\([-a-zA-Z0-9_]+\\))?(!)?(: (.*\\s*)*))|(Merge (.*\\s*)*)|(Initial commit$)" : ""
}

resource "gitlab_branch_protection" "protected_branches" {
  for_each = var.protected_branches

  project            = gitlab_project.project.id
  branch             = each.key
  push_access_level  = each.value.push_access_level
  merge_access_level = each.value.merge_access_level
  allow_force_push   = true
}

resource "gitlab_tag_protection" "protected_tags" {
  for_each = var.protected_tags

  project             = gitlab_project.project.id
  tag                 = each.key
  create_access_level = each.value.create_access_level
}

resource "gitlab_project_variable" "variable" {
  for_each = local.merged_project_variables

  project           = gitlab_project.project.id
  key               = each.key
  value             = each.value.value
  description       = each.value.description
  protected         = lookup(each.value, "protected", false)
  masked            = lookup(each.value, "masked", false)
  environment_scope = lookup(each.value, "environment_scope", "*")
}

resource "gitlab_project_variable" "scoped_variables" {
  for_each = local.scoped_variable_map

  project           = gitlab_project.project.id
  key               = each.value.key
  value             = each.value.value
  environment_scope = each.value.environment_scope
  protected         = each.value.protected
  masked            = each.value.masked
  description       = each.value.description
}

resource "gitlab_project_environment" "environments" {
  for_each = local.merged_environments

  project             = gitlab_project.project.id
  name                = each.key
  external_url        = each.value
  stop_before_destroy = true
}

resource "gitlab_project_custom_attribute" "custom_attributes" {
  for_each = var.attributes

  project = gitlab_project.project.id
  key     = each.key
  value   = each.value
}

resource "gitlab_project_job_token_scopes" "ci_token_scope" {
  project            = gitlab_project.project.id
  enabled            = true
  target_group_ids   = local.token_scope_group_ids
  target_project_ids = local.token_scope_project_ids
}

# Reguły approvals per projekt
resource "gitlab_project_approval_rule" "this" {
  for_each = var.approvals

  project = gitlab_project.project.id
  name    = each.key

  approvals_required = each.value.approvals_required
  user_ids           = try(each.value.users, [])
  group_ids          = try(each.value.groups, [])

  applies_to_all_protected_branches = try(each.value.applies_to_all_protected_branches, true)
  protected_branch_ids              = try(each.value.protected_branch_ids, null)

  rule_type   = try(each.value.rule_type, "regular")
  report_type = try(each.value.report_type, null)

  disable_importing_default_any_approver_rule_on_create = try(each.value.disable_importing_default_any_approver_rule_on_create, false)
}

# Globalne ustawienia approvals dla MR-ów w projekcie
resource "gitlab_project_level_mr_approvals" "settings" {
  project = gitlab_project.project.id

  disable_overriding_approvers_per_merge_request = try(var.approval_settings.disable_overriding_approvers_per_merge_request, true)
  merge_requests_author_approval                 = try(var.approval_settings.merge_requests_author_approval, false)
  merge_requests_disable_committers_approval     = try(var.approval_settings.merge_requests_disable_committers_approval, true)
  reset_approvals_on_push                        = try(var.approval_settings.reset_approvals_on_push, true)
  selective_code_owner_removals                  = try(var.approval_settings.selective_code_owner_removals, false)
}