prepare next release

.drone.yml

@@ -30,6 +30,7 @@ steps:
   - name: build
     image: goreleaser/goreleaser
     commands:
+      - curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin v0.64.0
       - goreleaser build --snapshot
     when:
       event:
@@ -59,6 +60,7 @@ steps:
       GPG_PRIVATE_KEY_BASE64:
         from_secret: GPG_PRIVATE_KEY_BASE64
     commands:
+      - curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin v0.64.0
       - apk add gpg-agent
       - gpg-agent --daemon --default-cache-ttl 7200
       - echo $GPG_PRIVATE_KEY_BASE64 | base64 -d | gpg --import --batch --no-tty

.github/workflows/release.yml

@@ -18,26 +18,25 @@ jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Checkout
+      - name: Checkout
         uses: actions/checkout@v3
-      -
-        name: Unshallow
+      - name: Unshallow
         run: git fetch --prune --unshallow
-      -
-        name: Set up Go
+      - name: Set up Go
         uses: actions/setup-go@v3
         with:
           go-version: 1.18
-      -
-        name: Import GPG key
+      - name: Import GPG key
         id: import_gpg
         uses: crazy-max/ghaction-import-gpg@v5.2.0
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.PASSPHRASE }}
-      -
-        name: Run GoReleaser
+      - name: setup-syft
+        run: |
+          curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | \
+          sh -s -- -b /usr/local/bin v0.64.0
+      - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v4.1.0
         with:
           version: latest

.goreleaser.yml

@@ -41,6 +41,8 @@ checksum:
       name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
   name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
   algorithm: sha256
+sboms:
+  - artifacts: archive
 signs:
   - artifacts: checksum
     args:

Makefile

@@ -3,7 +3,7 @@ GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor)
 
 GOFMT ?= gofmt -s
 
-VERSION = 0.11.2
+VERSION = 0.12.0
 
 test: fmt-check
 	go test -i $(TEST) || exit 1

README.md

@@ -17,7 +17,7 @@ terraform {
   required_providers {
     gitea = {
       source = "Lerentis/gitea"
-      version = "0.11.2"
+      version = "0.12.0"
     }
   }
 }

docs/resources/repository_key.md

@@ -0,0 +1,63 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitea_repository_key Resource - terraform-provider-gitea"
+subcategory: ""
+description: |-
+  gitea_repository_key manages a deploy key for a single gitea_repository.
+  Every key needs a unique name and unique key, i.e. no key can be added twice to the same repo
+---
+
+# gitea_repository_key (Resource)
+
+`gitea_repository_key` manages a deploy key for a single gitea_repository.
+
+Every key needs a unique name and unique key, i.e. no key can be added twice to the same repo
+
+## Example Usage
+
+```terraform
+terraform {
+  required_providers {
+    tls = {
+      source = "hashicorp/tls"
+      version = "4.0.4"
+    }
+  }
+}
+
+resource "tls_private_key" "example" {
+  type = "RSA"
+  rsa_bits = 4096
+}
+
+resource "gitea_repository" "example" {
+  name = "example"
+  private = true
+}
+
+resource "gitea_repository_key" "example" {
+  repository = gitea_repository.example.id
+  title = "Example Deploy Key"
+  read_only = true
+  key = tls_private_key.example.public_key_openssh
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `key` (String) Armored SSH key to add
+- `repository` (Number) The ID of the repository where the deploy key belongs to
+- `title` (String) Name of the deploy key
+
+### Optional
+
+- `read_only` (Boolean) Whether this key has read or read/write access
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+

examples/provider.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     gitea = {
       source = "terraform.local/lerentis/gitea"
-      version = "0.11.2"
+      version = "0.12.0"
     }
   }
 }

examples/resources/gitea_repository_key/resource.tf

@@ -0,0 +1,25 @@
+terraform {
+  required_providers {
+    tls = {
+      source = "hashicorp/tls"
+      version = "4.0.4"
+    }
+  }
+}
+
+resource "tls_private_key" "example" {
+  type = "RSA"
+  rsa_bits = 4096
+}
+
+resource "gitea_repository" "example" {
+  name = "example"
+  private = true
+}
+
+resource "gitea_repository_key" "example" {
+  repository = gitea_repository.example.id
+  title = "Example Deploy Key"
+  read_only = true
+  key = tls_private_key.example.public_key_openssh
+}

gitea/provider.go

@@ -83,6 +83,7 @@ func Provider() *schema.Provider {
 			"gitea_team":           resourceGiteaTeam(),
 			"gitea_git_hook":       resourceGiteaGitHook(),
 			"gitea_token":          resourceGiteaToken(),
+			"gitea_repository_key": resourceGiteaRepositoryKey(),
 		},
 
 		ConfigureFunc: providerConfigure,

gitea/resource_gitea_repository_key.go

@@ -0,0 +1,169 @@
+package gitea
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	"code.gitea.io/sdk/gitea"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+const (
+	deployKeyRepoId   string = "repository"
+	deployKeyName     string = "title"
+	deployKeyKey      string = "key"
+	deployKeyReadOnly string = "read_only"
+)
+
+func resourceRepoKeyIdParts(d *schema.ResourceData) (bool, int64, int64, error) {
+	parts := strings.Split(d.Id(), "/")
+	if len(parts) != 2 {
+		return false, 0, 0, nil
+	}
+
+	repoId, err := strconv.ParseInt(parts[0], 10, 64)
+	if err != nil {
+		return false, 0, 0, err
+	}
+	keyId, err := strconv.ParseInt(parts[1], 10, 64)
+	if err != nil {
+		return false, 0, 0, err
+	}
+	return true, repoId, keyId, err
+}
+
+func resourceRepoKeyRead(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	hasId, repoId, keyId, err := resourceRepoKeyIdParts(d)
+	if err != nil {
+		return err
+	}
+	if !hasId {
+		d.SetId("")
+		return nil
+	}
+
+	repo, resp, err := client.GetRepoByID(repoId)
+	if err != nil {
+		if resp.StatusCode == 404 {
+			d.SetId("")
+			return nil
+		} else {
+			return err
+		}
+	}
+
+	key, resp, err := client.GetDeployKey(repo.Owner.UserName, repo.Name, keyId)
+	if err != nil {
+		if resp.StatusCode == 404 {
+			d.SetId("")
+			return nil
+		} else {
+			return err
+		}
+	}
+
+	err = setRepoKeyResourceData(key, repoId, d)
+
+	return
+}
+
+func resourceRepoKeyCreate(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	repo, _, err := client.GetRepoByID(int64(d.Get(deployKeyRepoId).(int)))
+
+	if err != nil {
+		return err
+	}
+
+	dk, _, err := client.CreateDeployKey(repo.Owner.UserName, repo.Name, gitea.CreateKeyOption{
+		Title:    d.Get(deployKeyName).(string),
+		ReadOnly: d.Get(deployKeyReadOnly).(bool),
+		Key:      d.Get(deployKeyKey).(string),
+	})
+
+	if err != nil {
+		return err
+	}
+
+	setRepoKeyResourceData(dk, repo.ID, d)
+	return nil
+}
+
+func respurceRepoKeyDelete(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	hasId, repoId, keyId, err := resourceRepoKeyIdParts(d)
+	if err != nil {
+		return err
+	}
+	if !hasId {
+		d.SetId("")
+		return nil
+	}
+
+	repo, resp, err := client.GetRepoByID(repoId)
+	if err != nil {
+		if resp.StatusCode == 404 {
+			d.SetId("")
+			return nil
+		}
+		return err
+	}
+
+	client.DeleteDeployKey(repo.Owner.UserName, repo.Name, keyId)
+	return nil
+}
+
+func setRepoKeyResourceData(dk *gitea.DeployKey, repoId int64, d *schema.ResourceData) (err error) {
+	d.SetId(fmt.Sprintf("%d/%d", repoId, dk.ID))
+	d.Set(deployKeyRepoId, repoId)
+	d.Set(deployKeyReadOnly, dk.ReadOnly)
+	d.Set(deployKeyKey, dk.Key)
+	d.Set(deployKeyName, dk.Title)
+	return
+}
+
+func resourceGiteaRepositoryKey() *schema.Resource {
+	return &schema.Resource{
+		Read:   resourceRepoKeyRead,
+		Create: resourceRepoKeyCreate,
+		Delete: respurceRepoKeyDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+		Schema: map[string]*schema.Schema{
+			deployKeyRepoId: {
+				Type:        schema.TypeInt,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The ID of the repository where the deploy key belongs to",
+			},
+			deployKeyKey: {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "Armored SSH key to add",
+			},
+			deployKeyReadOnly: {
+				Type:        schema.TypeBool,
+				Required:    false,
+				Optional:    true,
+				Default:     true,
+				ForceNew:    true,
+				Description: "Whether this key has read or read/write access",
+			},
+			deployKeyName: {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "Name of the deploy key",
+			},
+		},
+		Description: "`gitea_repository_key` manages a deploy key for a single gitea_repository.\n\n" +
+			"Every key needs a unique name and unique key, i.e. no key can be added twice to the same repo",
+	}
+}