diff --git a/.envrc b/.envrc deleted file mode 100644 index 3550a30f..00000000 --- a/.envrc +++ /dev/null @@ -1 +0,0 @@ -use flake diff --git a/.github/workflows/AWSMegatests.yml b/.github/workflows/AWSMegatests.yml index 31c3fdbf..1c49cd42 100644 --- a/.github/workflows/AWSMegatests.yml +++ b/.github/workflows/AWSMegatests.yml @@ -4,12 +4,12 @@ on: branches: - master paths: - - 'pulumi/test_datasets/**/*' + - "pulumi/test_datasets/**/*" pull_request: branches: - master paths: - - 'pulumi/test_datasets/**/*' + - "pulumi/test_datasets/**/*" # These are the environment variables that jobs in the workflow have access to. # By defining them here, all jobs/steps will have access to these variables. @@ -29,7 +29,6 @@ jobs: name: Pulumi runs-on: ubuntu-latest steps: - # Turnstyle is used to prevent multiple push jobs from running at the same time. We # limit it to push jobs to allow PR jobs to run concurrently. - name: Turnstyle @@ -64,7 +63,6 @@ jobs: stack-name: ${{ env.PULUMI_STACK_NAME }} work-dir: ${{ env.PULUMI_WORKING_DIRECTORY }} - # If you'd like to run your Pulumi application outside of the official GitHub Action #- name: Install Pulumi CLI diff --git a/.github/workflows/repos.yml b/.github/workflows/repos.yml new file mode 100644 index 00000000..6138bbfb --- /dev/null +++ b/.github/workflows/repos.yml @@ -0,0 +1,63 @@ +name: Preview or update Pulumi app nf-core/github-repos/prod +on: + push: + branches: + - main + paths: + - "pulumi/github/repos/**/*" + workflow_dispatch: + pull_request: + branches: + - main + paths: + - "pulumi/github/repos/**/*" + +# These are the environment variables that jobs in the workflow have access to. +# By defining them here, all jobs/steps will have access to these variables. +env: + # IMPORTANT! You must map the env vars for your cloud provider here even though you add them as secrets + # to this repository. + # See the setup page for cloud providers here: https://www.pulumi.com/docs/intro/cloud-providers/. + # For example, if you are using AWS, then you should add the following: + # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} + PULUMI_STACK_NAME: nf-core/github-repos/prod + PULUMI_WORKING_DIRECTORY: pulumi/github/repos/ + +jobs: + pulumi: + name: Pulumi + runs-on: ubuntu-latest + steps: + # Turnstyle is used to prevent multiple push jobs from running at the same time. We + # limit it to push jobs to allow PR jobs to run concurrently. + - name: Turnstyle + if: ${{ github.event_name == 'push' }} + uses: softprops/turnstyle@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - uses: actions/checkout@v2 + + - name: Install Python + uses: actions/setup-python@v5 + cache: "pip" + + - run: pip install -r requirements.txt + working-directory: ${{ env.PULUMI_WORKING_DIRECTORY }} + + - name: PR previews + uses: pulumi/actions@v6 + with: + command: preview + stack-name: ${{ env.PULUMI_STACK_NAME }} + work-dir: ${{ env.PULUMI_WORKING_DIRECTORY }} + + - name: Apply infrastructure update + if: ${{ github.event_name == 'push' }} + uses: pulumi/actions@v6 + with: + command: up + stack-name: ${{ env.PULUMI_STACK_NAME }} + work-dir: ${{ env.PULUMI_WORKING_DIRECTORY }} diff --git a/docs/1password.md b/docs/1password.md new file mode 100644 index 00000000..ce1e571e --- /dev/null +++ b/docs/1password.md @@ -0,0 +1,29 @@ +# Pulumi + +[Pulumi Shell Plugin](https://developer.1password.com/docs/cli/shell-plugins/pulumi/) + +[How to use 1Password with different accounts automatically](https://developer.1password.com/docs/cli/shell-plugins/multiple-accounts/) + +```console +cd ~/src/nf-core + +op signin + +# Select nf-core + +op plugin init pulumi +``` + +This should result in: + +``` + +Pulumi CLI +Authenticate with Pulumi Personal Access Token. + +? Locate your Pulumi Personal Access Token: Search in 1Password... + +? Locate your Pulumi Personal Access Token: Pulumi Personal Access Token (Private) + +? Configure when the chosen credential(s) will be used to authenticate: Use automatically when in this directory or subdirectories +``` diff --git a/docs/pulumi.md b/docs/pulumi.md new file mode 100644 index 00000000..ad430fbe --- /dev/null +++ b/docs/pulumi.md @@ -0,0 +1,72 @@ +# Pulumi + +nf-core specific docs, links and guides. + +## Quick Start + +### Repo structure + +This repo is a "Monorepo", basically a bunch of smaller projects inside of one bigger project. + +```console +tree -L 1 pulumi +pulumi +├── AWSMegatests +├── github +├── repo-backups +├── sentieon-license-server +└── test-datasets +``` + +Each of these are their own projects. + +### Install Pulumi + +[Here's the official guide](https://www.pulumi.com/docs/clouds/aws/get-started/) + +### Working with this repo + + + +1. Open up the project you want to make a change to +2. Make the change (Probably in `__main.py__`) +3. If you have a Pulumi cloud account in the nf-core org `pulumi preview` and `pulumi up` should work locally +4. Create a branch in the repo and make a PR, and a preview of the deployment should get ran. + +## Terminology + +Pulumi is pretty heavy on the terms and it was kinda confusing. A hierarchy kinda helps + +``` +Projects +├── Stacks +├──── Deployments +├──── Resources +Environments +``` + +### Projects + +Each directory in `pulumi` is a project. + +#### Stacks + +Each project can have multiple stacks. For example, `dev`, `prod`, `test`. + +Official quote: + +> What are projects and stacks? Pulumi projects and stacks let you organize Pulumi code. Consider a Pulumi project to be analogous to a GitHub repo—a single place for code—and a stack to be an instance of that code with a separate configuration. For instance, project foo may have multiple stacks for different deployment environments (dev, test, or prod), or perhaps for different cloud configurations (geographic region for example). See Organizing Projects and Stacks for some best practices on organizing your Pulumi projects and stacks. + +https://www.pulumi.com/docs/using-pulumi/organizing-projects-stacks/ + +##### Deployments + +Everytime you push to main in this repo a new deployment of the stack goes out. + +##### Resources + +These are individual pieces of infrastructure. An EC2 instance, a VPC, a GitHub repo, a GitHub team are some examples. + +### Environments + +This is Pulumi's hosted Secrete management. I'm thinking of these like, well "Environments". The nf-core AWS, the nf-core Azure, nf-core GCP, nf-core GitHub org, the nf-core-tf GitHub org. diff --git a/flake.lock b/flake.lock deleted file mode 100644 index 27f4b424..00000000 --- a/flake.lock +++ /dev/null @@ -1,25 +0,0 @@ -{ - "nodes": { - "nixpkgs": { - "locked": { - "lastModified": 1718714799, - "narHash": "sha256-FUZpz9rg3gL8NVPKbqU8ei1VkPLsTIfAJ2fdAf5qjak=", - "rev": "c00d587b1a1afbf200b1d8f0b0e4ba9deb1c7f0e", - "revCount": 640871, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.640871%2Brev-c00d587b1a1afbf200b1d8f0b0e4ba9deb1c7f0e/019036b8-c3f4-7c68-89d1-10b6f237eccb/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz" - } - }, - "root": { - "inputs": { - "nixpkgs": "nixpkgs" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/flake.nix b/flake.nix deleted file mode 100644 index f9ed069f..00000000 --- a/flake.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ - description = "A Nix-flake-based Pulumi development environment"; - - inputs.nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1.*.tar.gz"; - - outputs = { - self, - nixpkgs, - }: let - supportedSystems = ["x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin"]; - forEachSupportedSystem = f: - nixpkgs.lib.genAttrs supportedSystems (system: - f { - pkgs = import nixpkgs {inherit system;}; - }); - in { - devShells = forEachSupportedSystem ({pkgs}: { - default = pkgs.mkShell { - packages = with pkgs; [ - # Pulumi plus: - # pulumi-watch - # pulumi-analyzer-* utilities - # pulumi-language-* utilities - # pulumi-resource-* utilities - pulumi-bin - pulumi-esc - - # Python SDK - python311 - - # Go SDK - # go_1_22 - - # Node.js SDK - # nodejs - - # .NET SDK - # dotnet-sdk_6 - - # Java SDK - # jdk - # maven - - # Kubernetes - kubectl - - # Miscellaneous utilities - jq - ]; - }; - }); - }; -} diff --git a/pulumi/github/repos/.gitignore b/pulumi/github/repos/.gitignore new file mode 100644 index 00000000..18fa2a3e --- /dev/null +++ b/pulumi/github/repos/.gitignore @@ -0,0 +1,3 @@ +*.pyc +venv/ +__pycache__/ diff --git a/pulumi/github/repos/.python-version b/pulumi/github/repos/.python-version new file mode 100644 index 00000000..e4fba218 --- /dev/null +++ b/pulumi/github/repos/.python-version @@ -0,0 +1 @@ +3.12 diff --git a/pulumi/github/repos/Pulumi.dev.yaml b/pulumi/github/repos/Pulumi.dev.yaml new file mode 100644 index 00000000..b8de71dd --- /dev/null +++ b/pulumi/github/repos/Pulumi.dev.yaml @@ -0,0 +1,7 @@ +config: + github:owner: nf-core-tf + # GitHub token stored in 1Password: https://start.1password.com/open/i?a=O5GICFDKPNABLLVGMKBL5JWDWA&v=rdfcz6oy6qxxrc4clu467a7dmm&i=4ajrv44kc5lcbboa37fr5oydla&h=nf-core.1password.eu + # 1Password provider configuration + pulumi-onepassword:account: nf-core.1password.eu +environment: + - github-nf-core-tf diff --git a/pulumi/github/repos/Pulumi.prod.yaml b/pulumi/github/repos/Pulumi.prod.yaml new file mode 100644 index 00000000..a50569b2 --- /dev/null +++ b/pulumi/github/repos/Pulumi.prod.yaml @@ -0,0 +1,4 @@ +config: + github:owner: nf-core + pulumi-onepassword:service_account_token: + secure: AAABAOVuHjkvr7WBtuxqrIv2W0MkvP9DkIoAqXc2YKGgbjDWCQWGKrXV0wZbmA+064gFec1V6fPVSphDWm9CPx1yq1WkVSnfX4gpNvQKDtJUFq8dqf5Z0XrNljAEr3Tegp3J6L08wj0zvN8R/HfveoOysKzmn6iUuwCEoizq4Yeaz8z20lWpWorE0ICHo6AXBTTH/qGC1HSW9qFfnGtUPvmnNHt2mLhFjnrOGP6My9m3x3tF9no+ptFdWN54lhCyARcBhn6JP2MhEJ09UPXw+uxwFfj8euwgU/pRsqdu22pJLMLA5mOn5gShYcRFT4eaWoRiu9eYaElItfgB8HSKiWrk26+eDz1VvdjdqfcUeLp7X2BGxD50q3s5Y6IRvHKhYZhJzNGq57qhk4M8sYXcl3sDDLZcKuidv4/NfFlLcop5i4KJ8lVBz1jP0v6QQHWjGXT6U1CvX5EwhqemEO862V/5RRYfy/qX85aVv/Xf01lIosGF2v5C5888F0mh8kelKwZGoqm6K+5o1Cy8V/nfCdmRXCEo7DY0iBYa0LfLmv++587rMs0kS84ocBIm/CjdgLoG+zlJRZGXcA0BlJwcWGYPaJ5J/FNDagMNikjwnHmHcTU0nflbzaArC4GJKMboKhl0OFxU3Z8KmhPIv0tUQBEwceDCi3fbEFdgvgnP0kjbFOgT5LMht44M+0B/r7KWZWwYDmZI5t7Bh5FC+qWg+GUiK5MtpOOy9MNi0gC7WrvTH3vhXpGzfx41EOdu3LF6SycigF0IMznl784PimFX1fMxH+9pX29dUP5LxXkS2INs6QQQOcOmlRKZqEsgZOPA34fzyNQliIj1thmS6GrC80UZcAPQ9HZtvKHX2/EZnzjTKcNvQrwsbRlD2de05xRjKCstAwQJVusN0+t8zMzeqgYUe1+Y9+fQ+5nZ3+uQvj9OvLjHFGuzYUwYAbSnAWgWZgUQ4gXNac7MCR4uc5ENJOByE72yL0SuJrGbhPACOE0rZTx35L88+XD7wGbM0iJ8D/2QU5XOgvXaXHQZk4xxsmDg9hY7klQ1atf05eRD+nO9htMgbuvlWeA478vZo2+BbOjn5ziHlDvs9+/NNi3VmP+10WtEkecL71luvmnMyoxI2oouQfcT9xEWW7Xj830BddVO3lr+C5Sdkp27ZENGEhZruZtpzH4x diff --git a/pulumi/github/repos/Pulumi.yaml b/pulumi/github/repos/Pulumi.yaml new file mode 100644 index 00000000..49efdf4c --- /dev/null +++ b/pulumi/github/repos/Pulumi.yaml @@ -0,0 +1,7 @@ +name: github-repos +runtime: + name: python + options: + toolchain: uv + virtualenv: .venv +description: Managing nf-core GitHub repos diff --git a/pulumi/github/repos/README.md b/pulumi/github/repos/README.md new file mode 100644 index 00000000..b005a8c8 --- /dev/null +++ b/pulumi/github/repos/README.md @@ -0,0 +1,18 @@ +# Repos + +Replaces the automatic rule enforcement from the [old Pipeline Health PHP code](https://github.com/nf-core/website/blob/old-site/public_html/pipeline_health.php), + +[Main GitHub Issue](https://github.com/nf-core/ops/issues/5) +[Tracking Milestone](https://github.com/nf-core/ops/milestone/1) + +## Useful Docs + +- https://www.pulumi.com/registry/packages/github/api-docs/repository/ +- [Old Pipeline Health PHP code](https://github.com/nf-core/website/blob/old-site/public_html/pipeline_health.php) +- [New Pipeline Health page](https://github.com/nf-core/website/blob/main/sites/pipelines/src/pages/pipeline_health.astro) + +### Importing Repos + +```sh +pulumi env run nf-core/github-prod -i pulumi import github:index/repository:Repository testpipeline testpipeline +``` diff --git a/pulumi/github/repos/__main__.py b/pulumi/github/repos/__main__.py new file mode 100644 index 00000000..cf529d79 --- /dev/null +++ b/pulumi/github/repos/__main__.py @@ -0,0 +1,2 @@ +#!/usr/bin/env python + diff --git a/pulumi/github/repos/core/modules.py b/pulumi/github/repos/core/modules.py new file mode 100644 index 00000000..6af91751 --- /dev/null +++ b/pulumi/github/repos/core/modules.py @@ -0,0 +1,40 @@ +import pulumi +import pulumi_github as github + + +nf_core_tf = github.Repository( + "nf-core-tf", + allow_merge_commit=False, + allow_rebase_merge=False, + allow_squash_merge=False, + default_branch="main", + description="Repository to host tool-specific module files for the Nextflow DSL2 community!", + has_downloads=True, + has_issues=True, + has_projects=False, + homepage_url="https://nf-co.re", + merge_commit_message="", + merge_commit_title="", + name="modules", + security_and_analysis=github.RepositorySecurityAndAnalysisArgs( + secret_scanning=github.RepositorySecurityAndAnalysisSecretScanningArgs( + status="disabled", + ), + secret_scanning_push_protection=github.RepositorySecurityAndAnalysisSecretScanningPushProtectionArgs( + status="disabled", + ), + ), + squash_merge_commit_message="", + squash_merge_commit_title="", + topics=[ + "nextflow", + "pipelines", + "nf-test", + "modules", + "nf-core", + "dsl2", + "workflows", + ], + visibility="public", + opts=pulumi.ResourceOptions(protect=True), +) diff --git a/pulumi/github/repos/core_repos.yml b/pulumi/github/repos/core_repos.yml new file mode 100644 index 00000000..14ebcf5f --- /dev/null +++ b/pulumi/github/repos/core_repos.yml @@ -0,0 +1,16 @@ +- .github +- basic_training +- configs +- logos +- modules +- ops +- prettier-plugin-nextflow +- references +- setup-nextflow +- setup-nf-test +- sublime +- test-datasets +- tools +- vale +- vscode-extensionpack +- website diff --git a/pulumi/github/repos/import_by_hand.py b/pulumi/github/repos/import_by_hand.py new file mode 100644 index 00000000..07e5cb8a --- /dev/null +++ b/pulumi/github/repos/import_by_hand.py @@ -0,0 +1,7 @@ +#!/usr/bin/env python + + +# ... + + +# ... diff --git a/pulumi/github/repos/pipelines.yml b/pulumi/github/repos/pipelines.yml new file mode 100644 index 00000000..f73ac115 --- /dev/null +++ b/pulumi/github/repos/pipelines.yml @@ -0,0 +1,99 @@ +- airrflow +- ampliseq +- atacseq +- bacass +- bactmap +- bamtofastq +- cageseq +- callingcards +- chipseq +- circdna +- circrna +- clipseq +- coproid +- createpanelrefs +- createtaxdb +- crisprseq +- cutandrun +- datasync +- demo +- demultiplex +- denovotranscript +- detaxizer +- diaproteomics +- differentialabundance +- dualrnaseq +- eager +- epitopeprediction +- fastquorum +- fetchngs +- funcscan +- genomeannotator +- genomeassembler +- genomeskim +- gwas +- hgtseq +- hic +- hicar +- hlatyping +- imcyto +- isoseq +- lncpipe +- mag +- magmap +- marsseq +- mcmicro +- meerpipe +- metaboigniter +- metapep +- metatdenovo +- methylseq +- mhcquant +- mnaseseq +- molkart +- multiplesequencealign +- nanoseq +- nanostring +- nascent +- omicsgenetraitassociation +- oncoanalyser +- pairgenomealign +- pangenome +- pathogensurveillance +- pgdb +- phageannotator +- phaseimpute +- phyloplace +- pixelator +- proteinfold +- proteomicslfq +- radseq +- rangeland +- raredisease +- readsimulator +- reportho +- riboseq +- rnadnavar +- rnafusion +- rnaseq +- rnasplice +- rnavar +- sammyseq +- sarek +- scdownstream +- scnanoseq +- scrnaseq +- seqinspector +- setup-nf-test +- slamseq +- smrnaseq +- spatialvi +- spinningjenny +- taxprofiler +- tbanalyzer +- tfactivity +- vale +- variantbenchmarking +- variantcatalogue +- viralintegration +- viralrecon diff --git a/pulumi/github/repos/pipelines/__init__.py b/pulumi/github/repos/pipelines/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/pulumi/github/repos/pipelines/testpipeline.py b/pulumi/github/repos/pipelines/testpipeline.py new file mode 100644 index 00000000..15f8d5cb --- /dev/null +++ b/pulumi/github/repos/pipelines/testpipeline.py @@ -0,0 +1,239 @@ +# NOTE => are tests from PHP +# TODO Convert => to actual tests https://www.pulumi.com/docs/using-pulumi/testing/ +# https://github.com/pulumi/examples/blob/74db62a03d013c2854d2cf933c074ea0a3bbf69d/testing-unit-py/test_ec2.py +import pulumi +import pulumi_github as github +import pulumi_onepassword as onepassword + +# Configure 1Password provider with account details +onepassword_provider = onepassword.Provider( + "onepassword-provider", account="nf-core.1password.eu" +) + +# Fetch GitHub token from 1Password +# Item ID from the 1Password URL: 4ajrv44kc5lcbboa37fr5oydla +# Vault ID from the 1Password URL: rdfcz6oy6qxxrc4clu467a7dmm +github_token_item = onepassword.get_item( + vault="rdfcz6oy6qxxrc4clu467a7dmm", # Vault ID from the 1Password URL + uuid="4ajrv44kc5lcbboa37fr5oydla", # Item ID from the 1Password URL + opts=pulumi.InvokeOptions(provider=onepassword_provider), +) + +# Configure GitHub provider with token from 1Password +github_provider = github.Provider( + "github-provider", + token=github_token_item.password, # The token is stored in the password field + owner="nf-core-tf", +) + +NAME = "testpipeline" + +TOPICS = [ + "nextflow", + "pipelines", + "nf-test", + "modules", + "nf-core", + "dsl2", + "workflows", +] + +# Names of required CI checks. These are added to whatever already exists. +# public $required_status_check_contexts = [ +# 'pre-commit', +# 'nf-core', +REQUIRED_CI_CHECKS = [ + github.RepositoryRulesetRulesRequiredStatusChecksRequiredCheckArgs( + context="pre-commit", + integration_id=0, + ), + github.RepositoryRulesetRulesRequiredStatusChecksRequiredCheckArgs( + context="nf-core", + integration_id=0, + ), +] + +CORE_TEAM_ID = 2649377 +MAINTAINERS_TEAM_ID = 4462882 + +nfcore_testpipeline = github.Repository( + NAME, + description="A small example pipeline used to test new nf-core infrastructure and common code.", # 'repo_description' => 'Description must be set', + has_downloads=True, + has_issues=True, # 'repo_issues' => 'Enable issues', + has_projects=False, + has_wiki=False, # 'repo_wikis' => 'Disable wikis', + allow_merge_commit=True, # 'repo_merge_commits' => 'Allow merge commits', + allow_rebase_merge=True, # 'repo_merge_rebase' => 'Allow rebase merging', + allow_squash_merge=False, # 'repo_merge_squash' => 'Do not allow squash merges', + delete_branch_on_merge=True, + homepage_url=f"https://nf-co.re/{NAME}", # 'repo_url' => 'URL should be set to https://nf-co.re', + name=NAME, + security_and_analysis=github.RepositorySecurityAndAnalysisArgs( + secret_scanning=github.RepositorySecurityAndAnalysisSecretScanningArgs( + status="disabled", + ), + secret_scanning_push_protection=github.RepositorySecurityAndAnalysisSecretScanningPushProtectionArgs( + status="disabled", + ), + ), + visibility="public", + topics=TOPICS, # 'repo_keywords' => 'Minimum keywords set', + # NOTE: @mirpedrol asked if we could add missing topics without deleting existing ones + opts=pulumi.ResourceOptions(provider=github_provider), +) + + +# Make branches foreach (['main', 'dev', 'TEMPLATE'] as $branch) { +# 'repo_default_branch' => 'default branch main (released) or dev (no releases)', +# TODO Toggle this on dev as default if there's not release? +# 'branch_main_exists' => 'main branch: branch must exist', +branch_default_testpipeline = github.BranchDefault( + f"branch_default_{NAME}", + branch="main", + repository=NAME, + opts=pulumi.ResourceOptions(protect=True, provider=github_provider), +) +# 'branch_dev_exists' => 'dev branch: branch must exist', +branch_dev_testpipeline = github.Branch( + f"branch_dev_{NAME}", + branch="dev", + repository=NAME, + opts=pulumi.ResourceOptions(protect=True, provider=github_provider), +) +# 'branch_template_exists' => 'TEMPLATE branch: branch must exist', +branch_template_testpipeline = github.Branch( + f"branch_template_{NAME}", + branch="TEMPLATE", + repository=NAME, + opts=pulumi.ResourceOptions(protect=True, provider=github_provider), +) +# Add branch protections https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L296 +# NOTE This uses the new Rulesets instead of classic branch protection rule +# TODO 'branch_main_strict_updates' => 'main branch: do not require branch to be up to date before merging', +ruleset_branch_default_testpipeline = github.RepositoryRuleset( + f"ruleset_branch_default_{NAME}", + bypass_actors=[ + # 'branch_main_enforce_admins' => 'main branch: do not enforce rules for admins', + github.RepositoryRulesetBypassActorArgs( + actor_id=CORE_TEAM_ID, + actor_type="Team", + bypass_mode="always", + ) + ], + conditions=github.RepositoryRulesetConditionsArgs( + ref_name=github.RepositoryRulesetConditionsRefNameArgs( + excludes=[], + includes=["~DEFAULT_BRANCH"], + ), + ), + enforcement="active", + name="main", + repository=NAME, + rules=github.RepositoryRulesetRulesArgs( + deletion=True, + non_fast_forward=True, + pull_request=github.RepositoryRulesetRulesPullRequestArgs( + required_approving_review_count=2, # 'branch_main_required_num_reviews' => 'main branch: 2 reviews required', + dismiss_stale_reviews_on_push=False, # 'branch_main_stale_reviews' => 'main branch: reviews not marked stale after new commits' + require_code_owner_review=False, # 'branch_main_code_owner_reviews' => 'main branch: code owner reviews not required', + ), + # 'branch_main_required_ci' => 'main branch: minimum set of CI tests must pass', + required_status_checks=github.RepositoryRulesetRulesRequiredStatusChecksArgs( + required_checks=REQUIRED_CI_CHECKS, + strict_required_status_checks_policy=True, + ), + ), + target="branch", + opts=pulumi.ResourceOptions(protect=True, provider=github_provider), +) +# TODO 'branch_dev_strict_updates' => 'dev branch: do not require branch to be up to date before merging', +ruleset_branch_dev_testpipeline = github.RepositoryRuleset( + f"ruleset_branch_dev_{NAME}", + # 'branch_dev_enforce_admins' => 'dev branch: do not enforce rules for admins', + bypass_actors=[ + github.RepositoryRulesetBypassActorArgs( + actor_id=CORE_TEAM_ID, + actor_type="Team", + bypass_mode="always", + ), + github.RepositoryRulesetBypassActorArgs( + actor_id=MAINTAINERS_TEAM_ID, + actor_type="Team", + bypass_mode="always", + ), + ], + conditions=github.RepositoryRulesetConditionsArgs( + ref_name=github.RepositoryRulesetConditionsRefNameArgs( + excludes=[], + includes=["refs/heads/dev"], + ), + ), + enforcement="active", + name="dev", + repository=NAME, + rules=github.RepositoryRulesetRulesArgs( + deletion=True, + non_fast_forward=True, + pull_request=github.RepositoryRulesetRulesPullRequestArgs( + dismiss_stale_reviews_on_push=False, # 'branch_dev_stale_reviews' => 'dev branch: reviews not marked stale after new commits', + require_code_owner_review=False, # 'branch_dev_code_owner_reviews' => 'dev branch: code owner reviews not required', + # TODO require_last_push_approval=True, + required_approving_review_count=1, # 'branch_dev_required_num_reviews' => 'dev branch: 1 review required', + # TODO required_review_thread_resolution=True, + ), + # 'branch_dev_required_ci' => 'dev branch: minimum set of CI tests must pass', + required_status_checks=github.RepositoryRulesetRulesRequiredStatusChecksArgs( + required_checks=REQUIRED_CI_CHECKS, + strict_required_status_checks_policy=True, + ), + ), + target="branch", + opts=pulumi.ResourceOptions(protect=True, provider=github_provider), +) +# TODO Double check +# Template branch protection https://github.com/nf-core/website/blob/33acd6a2fab2bf9251e14212ce731ef3232b5969/public_html/pipeline_health.php#L509 +ruleset_branch_template_testpipeline = github.RepositoryRuleset( + f"ruleset_branch_TEMPLATE_{NAME}", + bypass_actors=[ + github.RepositoryRulesetBypassActorArgs( + actor_id=CORE_TEAM_ID, + actor_type="Team", + bypass_mode="always", + ) + # TODO 'branch_template_restrict_push' => 'Restrict push to TEMPLATE to @nf-core-bot', + # NOTE: @mirpedrol suggested this may not be needed since everyone can run `nf-core sync` manually + ], + conditions=github.RepositoryRulesetConditionsArgs( + ref_name=github.RepositoryRulesetConditionsRefNameArgs( + excludes=[], + includes=["refs/heads/TEMPLATE"], + ), + ), + enforcement="active", + name="template", + repository=NAME, + rules=github.RepositoryRulesetRulesArgs( + deletion=True, + non_fast_forward=True, + update=True, + ), + target="branch", + opts=pulumi.ResourceOptions(protect=True, provider=github_provider), +) +# 'team_contributors' => 'Write access for nf-core/contributors', +contributors_team_repo_testpipeline = github.TeamRepository( + f"contributors_team_repo_{NAME}", + team_id="contributors", + repository=NAME, + permission="push", + opts=pulumi.ResourceOptions(provider=github_provider), +) +# 'team_core' => 'Admin access for nf-core/core', +core_team_repo_testpipeline = github.TeamRepository( + f"core_team_repo_{NAME}", + team_id="core", + repository=NAME, + permission="admin", + opts=pulumi.ResourceOptions(provider=github_provider), +) diff --git a/pulumi/github/repos/pyproject.toml b/pulumi/github/repos/pyproject.toml new file mode 100644 index 00000000..91edaa02 --- /dev/null +++ b/pulumi/github/repos/pyproject.toml @@ -0,0 +1,11 @@ +[project] +name = "repos" +version = "0.1.0" +description = "Add your description here" +readme = "README.md" +requires-python = ">=3.12" +dependencies = [ + "pulumi>=3", + "pulumi-github>=6.7.2", + "pulumi-onepassword>=1.1.3", +] diff --git a/pulumi/github/repos/requirements.txt b/pulumi/github/repos/requirements.txt new file mode 100644 index 00000000..e69de29b diff --git a/pulumi/github/repos/uv.lock b/pulumi/github/repos/uv.lock new file mode 100644 index 00000000..312ebeff --- /dev/null +++ b/pulumi/github/repos/uv.lock @@ -0,0 +1,203 @@ +version = 1 +revision = 2 +requires-python = ">=3.12" + +[[package]] +name = "arpeggio" +version = "2.0.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/12/c4/516bb54456f85ad1947702ea4cef543a59de66d31a9887dbc3d9df36e3e1/Arpeggio-2.0.2.tar.gz", hash = "sha256:c790b2b06e226d2dd468e4fbfb5b7f506cec66416031fde1441cf1de2a0ba700", size = 766643, upload-time = "2023-07-09T12:30:04.737Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/f7/4f/d28bf30a19d4649b40b501d531b44e73afada99044df100380fd9567e92f/Arpeggio-2.0.2-py2.py3-none-any.whl", hash = "sha256:f7c8ae4f4056a89e020c24c7202ac8df3e2bc84e416746f20b0da35bb1de0250", size = 55287, upload-time = "2023-07-09T12:30:01.87Z" }, +] + +[[package]] +name = "attrs" +version = "25.3.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/5a/b0/1367933a8532ee6ff8d63537de4f1177af4bff9f3e829baf7331f595bb24/attrs-25.3.0.tar.gz", hash = "sha256:75d7cefc7fb576747b2c81b4442d4d4a1ce0900973527c011d1030fd3bf4af1b", size = 812032, upload-time = "2025-03-13T11:10:22.779Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/77/06/bb80f5f86020c4551da315d78b3ab75e8228f89f0162f2c3a819e407941a/attrs-25.3.0-py3-none-any.whl", hash = "sha256:427318ce031701fea540783410126f03899a97ffc6f61596ad581ac2e40e3bc3", size = 63815, upload-time = "2025-03-13T11:10:21.14Z" }, +] + +[[package]] +name = "debugpy" +version = "1.8.14" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/bd/75/087fe07d40f490a78782ff3b0a30e3968936854105487decdb33446d4b0e/debugpy-1.8.14.tar.gz", hash = "sha256:7cd287184318416850aa8b60ac90105837bb1e59531898c07569d197d2ed5322", size = 1641444, upload-time = "2025-04-10T19:46:10.981Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d9/2a/ac2df0eda4898f29c46eb6713a5148e6f8b2b389c8ec9e425a4a1d67bf07/debugpy-1.8.14-cp312-cp312-macosx_14_0_universal2.whl", hash = "sha256:8899c17920d089cfa23e6005ad9f22582fd86f144b23acb9feeda59e84405b84", size = 2501268, upload-time = "2025-04-10T19:46:26.044Z" }, + { url = "https://files.pythonhosted.org/packages/10/53/0a0cb5d79dd9f7039169f8bf94a144ad3efa52cc519940b3b7dde23bcb89/debugpy-1.8.14-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f6bb5c0dcf80ad5dbc7b7d6eac484e2af34bdacdf81df09b6a3e62792b722826", size = 4221077, upload-time = "2025-04-10T19:46:27.464Z" }, + { url = "https://files.pythonhosted.org/packages/f8/d5/84e01821f362327bf4828728aa31e907a2eca7c78cd7c6ec062780d249f8/debugpy-1.8.14-cp312-cp312-win32.whl", hash = "sha256:281d44d248a0e1791ad0eafdbbd2912ff0de9eec48022a5bfbc332957487ed3f", size = 5255127, upload-time = "2025-04-10T19:46:29.467Z" }, + { url = "https://files.pythonhosted.org/packages/33/16/1ed929d812c758295cac7f9cf3dab5c73439c83d9091f2d91871e648093e/debugpy-1.8.14-cp312-cp312-win_amd64.whl", hash = "sha256:5aa56ef8538893e4502a7d79047fe39b1dae08d9ae257074c6464a7b290b806f", size = 5297249, upload-time = "2025-04-10T19:46:31.538Z" }, + { url = "https://files.pythonhosted.org/packages/4d/e4/395c792b243f2367d84202dc33689aa3d910fb9826a7491ba20fc9e261f5/debugpy-1.8.14-cp313-cp313-macosx_14_0_universal2.whl", hash = "sha256:329a15d0660ee09fec6786acdb6e0443d595f64f5d096fc3e3ccf09a4259033f", size = 2485676, upload-time = "2025-04-10T19:46:32.96Z" }, + { url = "https://files.pythonhosted.org/packages/ba/f1/6f2ee3f991327ad9e4c2f8b82611a467052a0fb0e247390192580e89f7ff/debugpy-1.8.14-cp313-cp313-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0f920c7f9af409d90f5fd26e313e119d908b0dd2952c2393cd3247a462331f15", size = 4217514, upload-time = "2025-04-10T19:46:34.336Z" }, + { url = "https://files.pythonhosted.org/packages/79/28/b9d146f8f2dc535c236ee09ad3e5ac899adb39d7a19b49f03ac95d216beb/debugpy-1.8.14-cp313-cp313-win32.whl", hash = "sha256:3784ec6e8600c66cbdd4ca2726c72d8ca781e94bce2f396cc606d458146f8f4e", size = 5254756, upload-time = "2025-04-10T19:46:36.199Z" }, + { url = "https://files.pythonhosted.org/packages/e0/62/a7b4a57013eac4ccaef6977966e6bec5c63906dd25a86e35f155952e29a1/debugpy-1.8.14-cp313-cp313-win_amd64.whl", hash = "sha256:684eaf43c95a3ec39a96f1f5195a7ff3d4144e4a18d69bb66beeb1a6de605d6e", size = 5297119, upload-time = "2025-04-10T19:46:38.141Z" }, + { url = "https://files.pythonhosted.org/packages/97/1a/481f33c37ee3ac8040d3d51fc4c4e4e7e61cb08b8bc8971d6032acc2279f/debugpy-1.8.14-py2.py3-none-any.whl", hash = "sha256:5cd9a579d553b6cb9759a7908a41988ee6280b961f24f63336835d9418216a20", size = 5256230, upload-time = "2025-04-10T19:46:54.077Z" }, +] + +[[package]] +name = "dill" +version = "0.4.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/12/80/630b4b88364e9a8c8c5797f4602d0f76ef820909ee32f0bacb9f90654042/dill-0.4.0.tar.gz", hash = "sha256:0633f1d2df477324f53a895b02c901fb961bdbf65a17122586ea7019292cbcf0", size = 186976, upload-time = "2025-04-16T00:41:48.867Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/50/3d/9373ad9c56321fdab5b41197068e1d8c25883b3fea29dd361f9b55116869/dill-0.4.0-py3-none-any.whl", hash = "sha256:44f54bf6412c2c8464c14e8243eb163690a9800dbe2c367330883b19c7561049", size = 119668, upload-time = "2025-04-16T00:41:47.671Z" }, +] + +[[package]] +name = "grpcio" +version = "1.66.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/71/d1/49a96df4eb1d805cf546247df40636515416d2d5c66665e5129c8b4162a8/grpcio-1.66.2.tar.gz", hash = "sha256:563588c587b75c34b928bc428548e5b00ea38c46972181a4d8b75ba7e3f24231", size = 12489713, upload-time = "2024-09-28T12:44:01.429Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/6b/5c/c4da36b7a77dbb15c4bc72228dff7161874752b2c6bddf7bb046d9da1b90/grpcio-1.66.2-cp312-cp312-linux_armv7l.whl", hash = "sha256:802d84fd3d50614170649853d121baaaa305de7b65b3e01759247e768d691ddf", size = 5002933, upload-time = "2024-09-28T12:38:24.109Z" }, + { url = "https://files.pythonhosted.org/packages/a0/d5/b631445dff250a5301f51ff56c5fc917c7f955cd02fa55379f158a89abeb/grpcio-1.66.2-cp312-cp312-macosx_10_9_universal2.whl", hash = "sha256:80fd702ba7e432994df208f27514280b4b5c6843e12a48759c9255679ad38db8", size = 10793953, upload-time = "2024-09-28T12:38:27.02Z" }, + { url = "https://files.pythonhosted.org/packages/c8/1c/2179ac112152e92c02990f98183edf645df14aa3c38b39f1a3a60358b6c6/grpcio-1.66.2-cp312-cp312-manylinux_2_17_aarch64.whl", hash = "sha256:12fda97ffae55e6526825daf25ad0fa37483685952b5d0f910d6405c87e3adb6", size = 5499791, upload-time = "2024-09-28T12:38:30.065Z" }, + { url = "https://files.pythonhosted.org/packages/0b/53/8d7ab865fbd983309c8242930f00b28a01047f70c2b2e4c79a5c92a46a08/grpcio-1.66.2-cp312-cp312-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:950da58d7d80abd0ea68757769c9db0a95b31163e53e5bb60438d263f4bed7b7", size = 6109606, upload-time = "2024-09-28T12:38:33.566Z" }, + { url = "https://files.pythonhosted.org/packages/86/e9/3dfb5a3ff540636d46b8b723345e923e8c553d9b3f6a8d1b09b0d915eb46/grpcio-1.66.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e636ce23273683b00410f1971d209bf3689238cf5538d960adc3cdfe80dd0dbd", size = 5762866, upload-time = "2024-09-28T12:38:36.023Z" }, + { url = "https://files.pythonhosted.org/packages/f1/cb/c07493ad5dd73d51e4e15b0d483ff212dfec136ee1e4f3b49d115bdc7a13/grpcio-1.66.2-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:a917d26e0fe980b0ac7bfcc1a3c4ad6a9a4612c911d33efb55ed7833c749b0ee", size = 6446819, upload-time = "2024-09-28T12:38:38.69Z" }, + { url = "https://files.pythonhosted.org/packages/ff/5f/142e19db367a34ea0ee8a8451e43215d0a1a5dbffcfdcae8801f22903301/grpcio-1.66.2-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:49f0ca7ae850f59f828a723a9064cadbed90f1ece179d375966546499b8a2c9c", size = 6040273, upload-time = "2024-09-28T12:38:41.348Z" }, + { url = "https://files.pythonhosted.org/packages/5c/3b/12fcd752c55002e4b0e0a7bd5faec101bc0a4e3890be3f95a43353142481/grpcio-1.66.2-cp312-cp312-win32.whl", hash = "sha256:31fd163105464797a72d901a06472860845ac157389e10f12631025b3e4d0453", size = 3537988, upload-time = "2024-09-28T12:38:44.544Z" }, + { url = "https://files.pythonhosted.org/packages/f1/70/76bfea3faa862bfceccba255792e780691ff25b8227180759c9d38769379/grpcio-1.66.2-cp312-cp312-win_amd64.whl", hash = "sha256:ff1f7882e56c40b0d33c4922c15dfa30612f05fb785074a012f7cda74d1c3679", size = 4275553, upload-time = "2024-09-28T12:38:47.734Z" }, + { url = "https://files.pythonhosted.org/packages/72/31/8708a8dfb3f1ac89926c27c5dd17412764157a2959dbc5a606eaf8ac71f6/grpcio-1.66.2-cp313-cp313-linux_armv7l.whl", hash = "sha256:3b00efc473b20d8bf83e0e1ae661b98951ca56111feb9b9611df8efc4fe5d55d", size = 5004245, upload-time = "2024-09-28T12:38:50.596Z" }, + { url = "https://files.pythonhosted.org/packages/8b/37/0b57c3769efb3cc9ec97fcaa9f7243046660e7ed58c0faebc4ef315df92c/grpcio-1.66.2-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:1caa38fb22a8578ab8393da99d4b8641e3a80abc8fd52646f1ecc92bcb8dee34", size = 10756749, upload-time = "2024-09-28T12:38:54.131Z" }, + { url = "https://files.pythonhosted.org/packages/bf/5a/425e995724a19a1b110340ed653bc7c5de8019d9fc84b3798a0f79c3eb31/grpcio-1.66.2-cp313-cp313-manylinux_2_17_aarch64.whl", hash = "sha256:c408f5ef75cfffa113cacd8b0c0e3611cbfd47701ca3cdc090594109b9fcbaed", size = 5499666, upload-time = "2024-09-28T12:38:57.145Z" }, + { url = "https://files.pythonhosted.org/packages/2e/e4/86a5c5ec40a6b683671a1d044ebca433812d99da8fcfc2889e9c43cecbd4/grpcio-1.66.2-cp313-cp313-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c806852deaedee9ce8280fe98955c9103f62912a5b2d5ee7e3eaa284a6d8d8e7", size = 6109578, upload-time = "2024-09-28T12:38:59.835Z" }, + { url = "https://files.pythonhosted.org/packages/2f/86/a86742f3deaa22385c3bff984c5947fc62d47d3fab26c508730037d027e5/grpcio-1.66.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f145cc21836c332c67baa6fc81099d1d27e266401565bf481948010d6ea32d46", size = 5763274, upload-time = "2024-09-28T12:39:02.287Z" }, + { url = "https://files.pythonhosted.org/packages/c3/61/b9a2a4345dea0a354c4ed8ac7aacbdd0ff986acbc8f92680213cf3d2faa3/grpcio-1.66.2-cp313-cp313-musllinux_1_1_i686.whl", hash = "sha256:73e3b425c1e155730273f73e419de3074aa5c5e936771ee0e4af0814631fb30a", size = 6450416, upload-time = "2024-09-28T12:39:05.06Z" }, + { url = "https://files.pythonhosted.org/packages/50/b9/ad303ce75d8cd71d855a661519aa160ce42f27498f589f1ae6d9f8c5e8ac/grpcio-1.66.2-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:9c509a4f78114cbc5f0740eb3d7a74985fd2eff022971bc9bc31f8bc93e66a3b", size = 6040045, upload-time = "2024-09-28T12:39:08.214Z" }, + { url = "https://files.pythonhosted.org/packages/ac/b3/8db1873e3240ef1672ba87b89e949ece367089e29e4d221377bfdd288bd3/grpcio-1.66.2-cp313-cp313-win32.whl", hash = "sha256:20657d6b8cfed7db5e11b62ff7dfe2e12064ea78e93f1434d61888834bc86d75", size = 3537126, upload-time = "2024-09-28T12:39:10.655Z" }, + { url = "https://files.pythonhosted.org/packages/a2/df/133216989fe7e17caeafd7ff5b17cc82c4e722025d0b8d5d2290c11fe2e6/grpcio-1.66.2-cp313-cp313-win_amd64.whl", hash = "sha256:fb70487c95786e345af5e854ffec8cb8cc781bcc5df7930c4fbb7feaa72e1cdf", size = 4278018, upload-time = "2024-09-28T12:39:13.196Z" }, +] + +[[package]] +name = "parver" +version = "0.5" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "arpeggio" }, + { name = "attrs" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/cc/e5/1c774688a90f0b76e872e30f6f1ba3f5e14056cd0d96a684047d4a986226/parver-0.5.tar.gz", hash = "sha256:b9fde1e6bb9ce9f07e08e9c4bea8d8825c5e78e18a0052d02e02bf9517eb4777", size = 26908, upload-time = "2023-10-03T21:06:54.506Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/0f/4c/f98024021bef4d44dce3613feebd702c7ad8883f777ff8488384c59e9774/parver-0.5-py3-none-any.whl", hash = "sha256:2281b187276c8e8e3c15634f62287b2fb6fe0efe3010f739a6bd1e45fa2bf2b2", size = 15172, upload-time = "2023-10-03T21:06:52.796Z" }, +] + +[[package]] +name = "pip" +version = "25.1.1" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/59/de/241caa0ca606f2ec5fe0c1f4261b0465df78d786a38da693864a116c37f4/pip-25.1.1.tar.gz", hash = "sha256:3de45d411d308d5054c2168185d8da7f9a2cd753dbac8acbfa88a8909ecd9077", size = 1940155, upload-time = "2025-05-02T15:14:02.057Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/29/a2/d40fb2460e883eca5199c62cfc2463fd261f760556ae6290f88488c362c0/pip-25.1.1-py3-none-any.whl", hash = "sha256:2913a38a2abf4ea6b64ab507bd9e967f3b53dc1ede74b01b0931e1ce548751af", size = 1825227, upload-time = "2025-05-02T15:13:59.102Z" }, +] + +[[package]] +name = "protobuf" +version = "4.25.8" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/df/01/34c8d2b6354906d728703cb9d546a0e534de479e25f1b581e4094c4a85cc/protobuf-4.25.8.tar.gz", hash = "sha256:6135cf8affe1fc6f76cced2641e4ea8d3e59518d1f24ae41ba97bcad82d397cd", size = 380920, upload-time = "2025-05-28T14:22:25.153Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/45/ff/05f34305fe6b85bbfbecbc559d423a5985605cad5eda4f47eae9e9c9c5c5/protobuf-4.25.8-cp310-abi3-win32.whl", hash = "sha256:504435d831565f7cfac9f0714440028907f1975e4bed228e58e72ecfff58a1e0", size = 392745, upload-time = "2025-05-28T14:22:10.524Z" }, + { url = "https://files.pythonhosted.org/packages/08/35/8b8a8405c564caf4ba835b1fdf554da869954712b26d8f2a98c0e434469b/protobuf-4.25.8-cp310-abi3-win_amd64.whl", hash = "sha256:bd551eb1fe1d7e92c1af1d75bdfa572eff1ab0e5bf1736716814cdccdb2360f9", size = 413736, upload-time = "2025-05-28T14:22:13.156Z" }, + { url = "https://files.pythonhosted.org/packages/28/d7/ab27049a035b258dab43445eb6ec84a26277b16105b277cbe0a7698bdc6c/protobuf-4.25.8-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:ca809b42f4444f144f2115c4c1a747b9a404d590f18f37e9402422033e464e0f", size = 394537, upload-time = "2025-05-28T14:22:14.768Z" }, + { url = "https://files.pythonhosted.org/packages/bd/6d/a4a198b61808dd3d1ee187082ccc21499bc949d639feb948961b48be9a7e/protobuf-4.25.8-cp37-abi3-manylinux2014_aarch64.whl", hash = "sha256:9ad7ef62d92baf5a8654fbb88dac7fa5594cfa70fd3440488a5ca3bfc6d795a7", size = 294005, upload-time = "2025-05-28T14:22:16.052Z" }, + { url = "https://files.pythonhosted.org/packages/d6/c6/c9deaa6e789b6fc41b88ccbdfe7a42d2b82663248b715f55aa77fbc00724/protobuf-4.25.8-cp37-abi3-manylinux2014_x86_64.whl", hash = "sha256:83e6e54e93d2b696a92cad6e6efc924f3850f82b52e1563778dfab8b355101b0", size = 294924, upload-time = "2025-05-28T14:22:17.105Z" }, + { url = "https://files.pythonhosted.org/packages/0c/c1/6aece0ab5209981a70cd186f164c133fdba2f51e124ff92b73de7fd24d78/protobuf-4.25.8-py3-none-any.whl", hash = "sha256:15a0af558aa3b13efef102ae6e4f3efac06f1eea11afb3a57db2901447d9fb59", size = 156757, upload-time = "2025-05-28T14:22:24.135Z" }, +] + +[[package]] +name = "pulumi" +version = "3.173.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "debugpy" }, + { name = "dill" }, + { name = "grpcio" }, + { name = "pip" }, + { name = "protobuf" }, + { name = "pyyaml" }, + { name = "semver" }, +] +wheels = [ + { url = "https://files.pythonhosted.org/packages/a2/80/b3b58366d599ab335efac166e420725c510f3f36aa383ca2ef68e473e216/pulumi-3.173.0-py3-none-any.whl", hash = "sha256:ef72fbfd602973132a2f68faaa6a713fa6447e3fe7bb1e071ed3d25de5b5983b", size = 353760, upload-time = "2025-05-30T00:21:35.86Z" }, +] + +[[package]] +name = "pulumi-github" +version = "6.7.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "parver" }, + { name = "pulumi" }, + { name = "semver" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/53/35/20c2a03d80a3b8ed39f93232f99eec48d676a9bb20897bdc7afa1a07f3ed/pulumi_github-6.7.2.tar.gz", hash = "sha256:2c48be297b551319fc5ce93564ae7ede6a46e60a95a8b4ce3a8944b284a57be7", size = 200992, upload-time = "2025-04-30T17:20:25.55Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d9/ea/55777086f498ee2c067231a424abe5e26a3b032e81c9107777a4b78b8a8f/pulumi_github-6.7.2-py3-none-any.whl", hash = "sha256:7d14574a2cf9579cc60670f26b898d38b303349c1b15b4ededba479506e84432", size = 370137, upload-time = "2025-04-30T17:20:23.449Z" }, +] + +[[package]] +name = "pulumi-onepassword" +version = "1.1.3" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "parver" }, + { name = "pulumi" }, + { name = "semver" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/2d/e3/15ba07147bf1ad602cd6234bb5ff09c29f9206d5ee0bf6845657c593264a/pulumi_onepassword-1.1.3.tar.gz", hash = "sha256:2ebbefa9463d8a9c6faf65491cad418c186d3a604360e78eaa319ef09c2478ba", size = 17968, upload-time = "2024-09-02T09:03:57.353Z" } + +[[package]] +name = "pyyaml" +version = "6.0.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/54/ed/79a089b6be93607fa5cdaedf301d7dfb23af5f25c398d5ead2525b063e17/pyyaml-6.0.2.tar.gz", hash = "sha256:d584d9ec91ad65861cc08d42e834324ef890a082e591037abe114850ff7bbc3e", size = 130631, upload-time = "2024-08-06T20:33:50.674Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/86/0c/c581167fc46d6d6d7ddcfb8c843a4de25bdd27e4466938109ca68492292c/PyYAML-6.0.2-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:c70c95198c015b85feafc136515252a261a84561b7b1d51e3384e0655ddf25ab", size = 183873, upload-time = "2024-08-06T20:32:25.131Z" }, + { url = "https://files.pythonhosted.org/packages/a8/0c/38374f5bb272c051e2a69281d71cba6fdb983413e6758b84482905e29a5d/PyYAML-6.0.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:ce826d6ef20b1bc864f0a68340c8b3287705cae2f8b4b1d932177dcc76721725", size = 173302, upload-time = "2024-08-06T20:32:26.511Z" }, + { url = "https://files.pythonhosted.org/packages/c3/93/9916574aa8c00aa06bbac729972eb1071d002b8e158bd0e83a3b9a20a1f7/PyYAML-6.0.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1f71ea527786de97d1a0cc0eacd1defc0985dcf6b3f17bb77dcfc8c34bec4dc5", size = 739154, upload-time = "2024-08-06T20:32:28.363Z" }, + { url = "https://files.pythonhosted.org/packages/95/0f/b8938f1cbd09739c6da569d172531567dbcc9789e0029aa070856f123984/PyYAML-6.0.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9b22676e8097e9e22e36d6b7bda33190d0d400f345f23d4065d48f4ca7ae0425", size = 766223, upload-time = "2024-08-06T20:32:30.058Z" }, + { url = "https://files.pythonhosted.org/packages/b9/2b/614b4752f2e127db5cc206abc23a8c19678e92b23c3db30fc86ab731d3bd/PyYAML-6.0.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:80bab7bfc629882493af4aa31a4cfa43a4c57c83813253626916b8c7ada83476", size = 767542, upload-time = "2024-08-06T20:32:31.881Z" }, + { url = "https://files.pythonhosted.org/packages/d4/00/dd137d5bcc7efea1836d6264f049359861cf548469d18da90cd8216cf05f/PyYAML-6.0.2-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:0833f8694549e586547b576dcfaba4a6b55b9e96098b36cdc7ebefe667dfed48", size = 731164, upload-time = "2024-08-06T20:32:37.083Z" }, + { url = "https://files.pythonhosted.org/packages/c9/1f/4f998c900485e5c0ef43838363ba4a9723ac0ad73a9dc42068b12aaba4e4/PyYAML-6.0.2-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:8b9c7197f7cb2738065c481a0461e50ad02f18c78cd75775628afb4d7137fb3b", size = 756611, upload-time = "2024-08-06T20:32:38.898Z" }, + { url = "https://files.pythonhosted.org/packages/df/d1/f5a275fdb252768b7a11ec63585bc38d0e87c9e05668a139fea92b80634c/PyYAML-6.0.2-cp312-cp312-win32.whl", hash = "sha256:ef6107725bd54b262d6dedcc2af448a266975032bc85ef0172c5f059da6325b4", size = 140591, upload-time = "2024-08-06T20:32:40.241Z" }, + { url = "https://files.pythonhosted.org/packages/0c/e8/4f648c598b17c3d06e8753d7d13d57542b30d56e6c2dedf9c331ae56312e/PyYAML-6.0.2-cp312-cp312-win_amd64.whl", hash = "sha256:7e7401d0de89a9a855c839bc697c079a4af81cf878373abd7dc625847d25cbd8", size = 156338, upload-time = "2024-08-06T20:32:41.93Z" }, + { url = "https://files.pythonhosted.org/packages/ef/e3/3af305b830494fa85d95f6d95ef7fa73f2ee1cc8ef5b495c7c3269fb835f/PyYAML-6.0.2-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:efdca5630322a10774e8e98e1af481aad470dd62c3170801852d752aa7a783ba", size = 181309, upload-time = "2024-08-06T20:32:43.4Z" }, + { url = "https://files.pythonhosted.org/packages/45/9f/3b1c20a0b7a3200524eb0076cc027a970d320bd3a6592873c85c92a08731/PyYAML-6.0.2-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:50187695423ffe49e2deacb8cd10510bc361faac997de9efef88badc3bb9e2d1", size = 171679, upload-time = "2024-08-06T20:32:44.801Z" }, + { url = "https://files.pythonhosted.org/packages/7c/9a/337322f27005c33bcb656c655fa78325b730324c78620e8328ae28b64d0c/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0ffe8360bab4910ef1b9e87fb812d8bc0a308b0d0eef8c8f44e0254ab3b07133", size = 733428, upload-time = "2024-08-06T20:32:46.432Z" }, + { url = "https://files.pythonhosted.org/packages/a3/69/864fbe19e6c18ea3cc196cbe5d392175b4cf3d5d0ac1403ec3f2d237ebb5/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:17e311b6c678207928d649faa7cb0d7b4c26a0ba73d41e99c4fff6b6c3276484", size = 763361, upload-time = "2024-08-06T20:32:51.188Z" }, + { url = "https://files.pythonhosted.org/packages/04/24/b7721e4845c2f162d26f50521b825fb061bc0a5afcf9a386840f23ea19fa/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:70b189594dbe54f75ab3a1acec5f1e3faa7e8cf2f1e08d9b561cb41b845f69d5", size = 759523, upload-time = "2024-08-06T20:32:53.019Z" }, + { url = "https://files.pythonhosted.org/packages/2b/b2/e3234f59ba06559c6ff63c4e10baea10e5e7df868092bf9ab40e5b9c56b6/PyYAML-6.0.2-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:41e4e3953a79407c794916fa277a82531dd93aad34e29c2a514c2c0c5fe971cc", size = 726660, upload-time = "2024-08-06T20:32:54.708Z" }, + { url = "https://files.pythonhosted.org/packages/fe/0f/25911a9f080464c59fab9027482f822b86bf0608957a5fcc6eaac85aa515/PyYAML-6.0.2-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:68ccc6023a3400877818152ad9a1033e3db8625d899c72eacb5a668902e4d652", size = 751597, upload-time = "2024-08-06T20:32:56.985Z" }, + { url = "https://files.pythonhosted.org/packages/14/0d/e2c3b43bbce3cf6bd97c840b46088a3031085179e596d4929729d8d68270/PyYAML-6.0.2-cp313-cp313-win32.whl", hash = "sha256:bc2fa7c6b47d6bc618dd7fb02ef6fdedb1090ec036abab80d4681424b84c1183", size = 140527, upload-time = "2024-08-06T20:33:03.001Z" }, + { url = "https://files.pythonhosted.org/packages/fa/de/02b54f42487e3d3c6efb3f89428677074ca7bf43aae402517bc7cca949f3/PyYAML-6.0.2-cp313-cp313-win_amd64.whl", hash = "sha256:8388ee1976c416731879ac16da0aff3f63b286ffdd57cdeb95f3f2e085687563", size = 156446, upload-time = "2024-08-06T20:33:04.33Z" }, +] + +[[package]] +name = "repos" +version = "0.1.0" +source = { virtual = "." } +dependencies = [ + { name = "pulumi" }, + { name = "pulumi-github" }, + { name = "pulumi-onepassword" }, +] + +[package.metadata] +requires-dist = [ + { name = "pulumi", specifier = ">=3" }, + { name = "pulumi-github", specifier = ">=6.7.2" }, + { name = "pulumi-onepassword", specifier = ">=1.1.3" }, +] + +[[package]] +name = "semver" +version = "3.0.4" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/72/d1/d3159231aec234a59dd7d601e9dd9fe96f3afff15efd33c1070019b26132/semver-3.0.4.tar.gz", hash = "sha256:afc7d8c584a5ed0a11033af086e8af226a9c0b206f313e0301f8dd7b6b589602", size = 269730, upload-time = "2025-01-24T13:19:27.617Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/a6/24/4d91e05817e92e3a61c8a21e08fd0f390f5301f1c448b137c57c4bc6e543/semver-3.0.4-py3-none-any.whl", hash = "sha256:9c824d87ba7f7ab4a1890799cec8596f15c1241cb473404ea1cb0c55e4b04746", size = 17912, upload-time = "2025-01-24T13:19:24.949Z" }, +] diff --git a/pulumi/github/teams/.gitignore b/pulumi/github/teams/.gitignore index 75384ec2..18fa2a3e 100644 --- a/pulumi/github/teams/.gitignore +++ b/pulumi/github/teams/.gitignore @@ -1,8 +1,3 @@ *.pyc venv/ __pycache__/ - -# sensitive data -Pulumi*yaml -*.txt -!requirements.txt