Skip to content

feat(github): archive ansible repositories#6

Merged
xnoto merged 5 commits intomainfrom
feat/archive-ansible-repos
Apr 30, 2026
Merged

feat(github): archive ansible repositories#6
xnoto merged 5 commits intomainfrom
feat/archive-ansible-repos

Conversation

@xnoto
Copy link
Copy Markdown
Contributor

@xnoto xnoto commented Apr 30, 2026
edited
Loading

Summary

  • archive the listed ansible repositories in Terraform
  • stop managing branch protections and Actions secrets for archived repositories
  • keep the archived repository set explicit in locals

Validation

  • make test

@xnoto xnoto self-assigned this Apr 30, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 30, 2026

OpenTofu Plan

OpenTofu will perform the following actions:

  # github_actions_secret.secrets["ansible-project-libvirt_SOPS_AGE_KEY"] will be destroyed
  # (because key ["ansible-project-libvirt_SOPS_AGE_KEY"] is not in for_each map)
  - resource "github_actions_secret" "secrets" {
      - created_at        = "2025-12-20 20:50:25 +0000 UTC" -> null
      - destroy_on_drift  = false -> null
      - id                = "ansible-project-libvirt:SOPS_AGE_KEY" -> null
      - key_id            = "3380204578043523366" -> null
      - plaintext_value   = (sensitive value) -> null
      - remote_updated_at = "2026-02-19 17:31:54 +0000 UTC" -> null
      - repository        = "ansible-project-libvirt" -> null
      - repository_id     = 1120266268 -> null
      - secret_name       = "SOPS_AGE_KEY" -> null
      - updated_at        = "2026-02-19 17:31:54 +0000 UTC" -> null
    }

  # github_actions_secret.secrets["ansible-site-cluster_CLOUDFLARE_AUTH_CLIENT_ID"] will be destroyed
  # (because key ["ansible-site-cluster_CLOUDFLARE_AUTH_CLIENT_ID"] is not in for_each map)
  - resource "github_actions_secret" "secrets" {
      - created_at        = "2025-12-20 20:49:22 +0000 UTC" -> null
      - destroy_on_drift  = false -> null
      - id                = "ansible-site-cluster:CLOUDFLARE_AUTH_CLIENT_ID" -> null
      - key_id            = "3380204578043523366" -> null
      - plaintext_value   = (sensitive value) -> null
      - remote_updated_at = "2026-02-19 17:32:13 +0000 UTC" -> null
      - repository        = "ansible-site-cluster" -> null
      - repository_id     = 1063544154 -> null
      - secret_name       = "CLOUDFLARE_AUTH_CLIENT_ID" -> null
      - updated_at        = "2026-02-19 17:32:13 +0000 UTC" -> null
    }

  # github_actions_secret.secrets["ansible-site-cluster_CLOUDFLARE_AUTH_CLIENT_SECRET"] will be destroyed
  # (because key ["ansible-site-cluster_CLOUDFLARE_AUTH_CLIENT_SECRET"] is not in for_each map)
  - resource "github_actions_secret" "secrets" {
      - created_at        = "2025-12-20 20:48:18 +0000 UTC" -> null
      - destroy_on_drift  = false -> null
      - id                = "ansible-site-cluster:CLOUDFLARE_AUTH_CLIENT_SECRET" -> null
      - key_id            = "3380204578043523366" -> null
      - plaintext_value   = (sensitive value) -> null
      - remote_updated_at = "2026-02-19 17:32:08 +0000 UTC" -> null
      - repository        = "ansible-site-cluster" -> null
      - repository_id     = 1063544154 -> null
      - secret_name       = "CLOUDFLARE_AUTH_CLIENT_SECRET" -> null
      - updated_at        = "2026-02-19 17:32:08 +0000 UTC" -> null
    }

  # github_actions_secret.secrets["ansible-site-cluster_SOPS_AGE_KEY"] will be destroyed
  # (because key ["ansible-site-cluster_SOPS_AGE_KEY"] is not in for_each map)
  - resource "github_actions_secret" "secrets" {
      - created_at        = "2025-12-20 20:49:25 +0000 UTC" -> null
      - destroy_on_drift  = false -> null
      - id                = "ansible-site-cluster:SOPS_AGE_KEY" -> null
      - key_id            = "3380204578043523366" -> null
      - plaintext_value   = (sensitive value) -> null
      - remote_updated_at = "2026-02-19 17:32:17 +0000 UTC" -> null
      - repository        = "ansible-site-cluster" -> null
      - repository_id     = 1063544154 -> null
      - secret_name       = "SOPS_AGE_KEY" -> null
      - updated_at        = "2026-02-19 17:32:17 +0000 UTC" -> null
    }

  # github_actions_secret.secrets["ansible-site-cluster_SSH_HOST"] will be destroyed
  # (because key ["ansible-site-cluster_SSH_HOST"] is not in for_each map)
  - resource "github_actions_secret" "secrets" {
      - created_at        = "2025-12-20 20:49:50 +0000 UTC" -> null
      - destroy_on_drift  = false -> null
      - id                = "ansible-site-cluster:SSH_HOST" -> null
      - key_id            = "3380204578043523366" -> null
      - plaintext_value   = (sensitive value) -> null
      - remote_updated_at = "2026-02-19 17:32:07 +0000 UTC" -> null
      - repository        = "ansible-site-cluster" -> null
      - repository_id     = 1063544154 -> null
      - secret_name       = "SSH_HOST" -> null
      - updated_at        = "2026-02-19 17:32:07 +0000 UTC" -> null
    }

  # github_actions_secret.secrets["ansible-site-cluster_SSH_KNOWN_HOSTS"] will be destroyed
  # (because key ["ansible-site-cluster_SSH_KNOWN_HOSTS"] is not in for_each map)
  - resource "github_actions_secret" "secrets" {
      - created_at        = "2025-12-20 20:50:28 +0000 UTC" -> null
      - destroy_on_drift  = false -> null
      - id                = "ansible-site-cluster:SSH_KNOWN_HOSTS" -> null
      - key_id            = "3380204578043523366" -> null
      - plaintext_value   = (sensitive value) -> null
      - remote_updated_at = "2026-02-19 17:31:42 +0000 UTC" -> null
      - repository        = "ansible-site-cluster" -> null
      - repository_id     = 1063544154 -> null
      - secret_name       = "SSH_KNOWN_HOSTS" -> null
      - updated_at        = "2026-02-19 17:31:42 +0000 UTC" -> null
    }

  # github_actions_secret.secrets["ansible-site-cluster_SSH_PRIVATE_KEY"] will be destroyed
  # (because key ["ansible-site-cluster_SSH_PRIVATE_KEY"] is not in for_each map)
  - resource "github_actions_secret" "secrets" {
      - created_at        = "2025-12-20 20:49:58 +0000 UTC" -> null
      - destroy_on_drift  = false -> null
      - id                = "ansible-site-cluster:SSH_PRIVATE_KEY" -> null
      - key_id            = "3380204578043523366" -> null
      - plaintext_value   = (sensitive value) -> null
      - remote_updated_at = "2026-02-19 17:31:47 +0000 UTC" -> null
      - repository        = "ansible-site-cluster" -> null
      - repository_id     = 1063544154 -> null
      - secret_name       = "SSH_PRIVATE_KEY" -> null
      - updated_at        = "2026-02-19 17:31:47 +0000 UTC" -> null
    }

  # github_actions_secret.secrets["ansible-site-cluster_SSH_USER"] will be destroyed
  # (because key ["ansible-site-cluster_SSH_USER"] is not in for_each map)
  - resource "github_actions_secret" "secrets" {
      - created_at        = "2025-12-20 20:49:21 +0000 UTC" -> null
      - destroy_on_drift  = false -> null
      - id                = "ansible-site-cluster:SSH_USER" -> null
      - key_id            = "3380204578043523366" -> null
      - plaintext_value   = (sensitive value) -> null
      - remote_updated_at = "2026-02-19 17:32:16 +0000 UTC" -> null
      - repository        = "ansible-site-cluster" -> null
      - repository_id     = 1063544154 -> null
      - secret_name       = "SSH_USER" -> null
      - updated_at        = "2026-02-19 17:32:16 +0000 UTC" -> null
    }

  # github_branch_protection.protections[".github"] will be updated in-place
  ~ resource "github_branch_protection" "protections" {
        id                              = "BPR_kwDOPDNmL84EC8t_"
        # (10 unchanged attributes hidden)

      ~ required_pull_request_reviews {
          ~ dismissal_restrictions          = [
              + "/admins",
            ]
          ~ pull_request_bypassers          = [
              + "/admins",
            ]
            # (5 unchanged attributes hidden)
        }

      ~ restrict_pushes {
          ~ push_allowances  = [
              + "/admins",
            ]
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

  # github_branch_protection.protections["ansible-project-libvirt"] will be destroyed
  # (because key ["ansible-project-libvirt"] is not in for_each map)
  - resource "github_branch_protection" "protections" {
      - allows_deletions                = false -> null
      - allows_force_pushes             = false -> null
      - enforce_admins                  = false -> null
      - force_push_bypassers            = [] -> null
      - id                              = "BPR_kwDOQsXoHM4EPi_b" -> null
      - lock_branch                     = false -> null
      - pattern                         = "main" -> null
      - repository_id                   = "R_kgDOQsXoHA" -> null
      - require_conversation_resolution = true -> null
      - require_signed_commits          = false -> null
      - required_linear_history         = true -> null

      - required_pull_request_reviews {
          - dismiss_stale_reviews           = true -> null
          - dismissal_restrictions          = [] -> null
          - pull_request_bypassers          = [] -> null
          - require_code_owner_reviews      = true -> null
          - require_last_push_approval      = true -> null
          - required_approving_review_count = 0 -> null
          - restrict_dismissals             = true -> null
        }

      - required_status_checks {
          - contexts = [] -> null
          - strict   = true -> null
        }

      - restrict_pushes {
          - blocks_creations = true -> null
          - push_allowances  = [] -> null
        }
    }

  # github_branch_protection.protections["ansible-role-crc"] will be destroyed
  # (because key ["ansible-role-crc"] is not in for_each map)
  - resource "github_branch_protection" "protections" {
      - allows_deletions                = false -> null
      - allows_force_pushes             = false -> null
      - enforce_admins                  = false -> null
      - force_push_bypassers            = [] -> null
      - id                              = "BPR_kwDOP2QhNc4EPi_c" -> null
      - lock_branch                     = false -> null
      - pattern                         = "main" -> null
      - repository_id                   = "R_kgDOP2QhNQ" -> null
      - require_conversation_resolution = true -> null
      - require_signed_commits          = false -> null
      - required_linear_history         = true -> null

      - required_pull_request_reviews {
          - dismiss_stale_reviews           = true -> null
          - dismissal_restrictions          = [] -> null
          - pull_request_bypassers          = [] -> null
          - require_code_owner_reviews      = true -> null
          - require_last_push_approval      = true -> null
          - required_approving_review_count = 0 -> null
          - restrict_dismissals             = true -> null
        }

      - required_status_checks {
          - contexts = [] -> null
          - strict   = true -> null
        }

      - restrict_pushes {
          - blocks_creations = true -> null
          - push_allowances  = [] -> null
        }
    }

  # github_branch_protection.protections["ansible-site-cluster"] will be destroyed
  # (because key ["ansible-site-cluster"] is not in for_each map)
  - resource "github_branch_protection" "protections" {
      - allows_deletions                = false -> null
      - allows_force_pushes             = false -> null
      - enforce_admins                  = false -> null
      - force_push_bypassers            = [] -> null
      - id                              = "BPR_kwDOP2RlWs4EPi_d" -> null
      - lock_branch                     = false -> null
      - pattern                         = "main" -> null
      - repository_id                   = "R_kgDOP2RlWg" -> null
      - require_conversation_resolution = true -> null
      - require_signed_commits          = false -> null
      - required_linear_history         = true -> null

      - required_pull_request_reviews {
          - dismiss_stale_reviews           = true -> null
          - dismissal_restrictions          = [] -> null
          - pull_request_bypassers          = [] -> null
          - require_code_owner_reviews      = true -> null
          - require_last_push_approval      = true -> null
          - required_approving_review_count = 0 -> null
          - restrict_dismissals             = true -> null
        }

      - required_status_checks {
          - contexts = [] -> null
          - strict   = true -> null
        }

      - restrict_pushes {
          - blocks_creations = true -> null
          - push_allowances  = [] -> null
        }
    }

  # github_branch_protection.protections["cflan"] will be updated in-place
  ~ resource "github_branch_protection" "protections" {
        id                              = "BPR_kwDOOulWjM4EPi_e"
        # (10 unchanged attributes hidden)

      ~ required_pull_request_reviews {
          ~ dismissal_restrictions          = [
              + "/admins",
            ]
          ~ pull_request_bypassers          = [
              + "/admins",
            ]
            # (5 unchanged attributes hidden)
        }

      ~ restrict_pushes {
          ~ push_allowances  = [
              + "/admins",
            ]
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

  # github_branch_protection.protections["images"] will be updated in-place
  ~ resource "github_branch_protection" "protections" {
        id                              = "BPR_kwDOQsexys4EPi_f"
        # (10 unchanged attributes hidden)

      ~ required_pull_request_reviews {
          ~ dismissal_restrictions          = [
              + "/admins",
            ]
          ~ pull_request_bypassers          = [
              + "/admins",
            ]
            # (5 unchanged attributes hidden)
        }

      ~ restrict_pushes {
          ~ push_allowances  = [
              + "/admins",
            ]
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

  # github_branch_protection.protections["kustomize-cluster"] will be updated in-place
  ~ resource "github_branch_protection" "protections" {
        id                              = "BPR_kwDOQsxTyc4EPi_g"
        # (10 unchanged attributes hidden)

      ~ required_pull_request_reviews {
          ~ dismissal_restrictions          = [
              + "/admins",
            ]
          ~ pull_request_bypassers          = [
              + "/admins",
            ]
            # (5 unchanged attributes hidden)
        }

      ~ restrict_pushes {
          ~ push_allowances  = [
              + "/admins",
            ]
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

  # github_branch_protection.protections["shared-workflows"] will be updated in-place
  ~ resource "github_branch_protection" "protections" {
        id                              = "BPR_kwDOQsfaHs4EPi_h"
        # (10 unchanged attributes hidden)

      ~ required_pull_request_reviews {
          ~ dismissal_restrictions          = [
              + "/admins",
            ]
          ~ pull_request_bypassers          = [
              + "/admins",
            ]
            # (5 unchanged attributes hidden)
        }

      ~ restrict_pushes {
          ~ push_allowances  = [
              + "/admins",
            ]
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

  # github_branch_protection.protections["terraform-libvirt-domain"] will be updated in-place
  ~ resource "github_branch_protection" "protections" {
        id                              = "BPR_kwDOQsXn984EPi_i"
        # (10 unchanged attributes hidden)

      ~ required_pull_request_reviews {
          ~ dismissal_restrictions          = [
              + "/admins",
            ]
          ~ pull_request_bypassers          = [
              + "/admins",
            ]
            # (5 unchanged attributes hidden)
        }

      ~ restrict_pushes {
          ~ push_allowances  = [
              + "/admins",
            ]
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

  # github_branch_protection.protections["tfroot-aws"] will be updated in-place
  ~ resource "github_branch_protection" "protections" {
        id                              = "BPR_kwDOQsXn6c4EPi_j"
        # (10 unchanged attributes hidden)

      ~ required_pull_request_reviews {
          ~ dismissal_restrictions          = [
              + "/admins",
            ]
          ~ pull_request_bypassers          = [
              + "/admins",
            ]
            # (5 unchanged attributes hidden)
        }

      ~ restrict_pushes {
          ~ push_allowances  = [
              + "/admins",
            ]
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

  # github_branch_protection.protections["tfroot-cloudflare"] will be updated in-place
  ~ resource "github_branch_protection" "protections" {
        id                              = "BPR_kwDOQsXoEM4EPi_k"
        # (10 unchanged attributes hidden)

      ~ required_pull_request_reviews {
          ~ dismissal_restrictions          = [
              + "/admins",
            ]
          ~ pull_request_bypassers          = [
              + "/admins",
            ]
            # (5 unchanged attributes hidden)
        }

      ~ restrict_pushes {
          ~ push_allowances  = [
              + "/admins",
            ]
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

  # github_branch_protection.protections["tfroot-github"] will be updated in-place
  ~ resource "github_branch_protection" "protections" {
        id                              = "BPR_kwDOQsXoMs4EPi_l"
        # (10 unchanged attributes hidden)

      ~ required_pull_request_reviews {
          ~ dismissal_restrictions          = [
              + "/admins",
            ]
          ~ pull_request_bypassers          = [
              + "/admins",
            ]
            # (5 unchanged attributes hidden)
        }

      ~ restrict_pushes {
          ~ push_allowances  = [
              + "/admins",
            ]
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

  # github_branch_protection.protections["tfroot-libvirt"] will be updated in-place
  ~ resource "github_branch_protection" "protections" {
        id                              = "BPR_kwDOQsXoKM4EPi_n"
        # (10 unchanged attributes hidden)

      ~ required_pull_request_reviews {
          ~ dismissal_restrictions          = [
              + "/admins",
            ]
          ~ pull_request_bypassers          = [
              + "/admins",
            ]
            # (5 unchanged attributes hidden)
        }

      ~ restrict_pushes {
          ~ push_allowances  = [
              + "/admins",
            ]
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

  # github_branch_protection.protections["www"] will be updated in-place
  ~ resource "github_branch_protection" "protections" {
        id                              = "BPR_kwDOOuKZAc4EPi_o"
        # (10 unchanged attributes hidden)

      ~ required_pull_request_reviews {
          ~ dismissal_restrictions          = [
              + "/admins",
            ]
          ~ pull_request_bypassers          = [
              + "/admins",
            ]
            # (5 unchanged attributes hidden)
        }

      ~ restrict_pushes {
          ~ push_allowances  = [
              + "/admins",
            ]
            # (1 unchanged attribute hidden)
        }

        # (1 unchanged block hidden)
    }

  # github_repository.repositories["ansible-project-libvirt"] will be updated in-place
  ~ resource "github_repository" "repositories" {
      ~ archived                                = false -> true
        id                                      = "ansible-project-libvirt"
        name                                    = "ansible-project-libvirt"
        # (36 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # github_repository.repositories["ansible-role-crc"] will be updated in-place
  ~ resource "github_repository" "repositories" {
      ~ archived                                = false -> true
        id                                      = "ansible-role-crc"
        name                                    = "ansible-role-crc"
        # (37 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # github_repository.repositories["ansible-site-cluster"] will be updated in-place
  ~ resource "github_repository" "repositories" {
      ~ archived                                = false -> true
        id                                      = "ansible-site-cluster"
        name                                    = "ansible-site-cluster"
        # (36 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 14 to change, 11 to destroy.

@xnoto xnoto merged commit fd61d10 into main Apr 30, 2026
3 checks passed
@xnoto xnoto deleted the feat/archive-ansible-repos branch April 30, 2026 04:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@xnoto xnoto

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xnoto