diff --git a/docs/resources/site_build_settings.md b/docs/resources/site_build_settings.md index f02dc91..2bd431c 100644 --- a/docs/resources/site_build_settings.md +++ b/docs/resources/site_build_settings.md @@ -14,11 +14,12 @@ description: |- ```terraform resource "netlify_site_build_settings" "blog" { - site_id = data.netlify_site.blog.id - build_command = "npm run build" - publish_directory = "dist" - production_branch = "main" - branch_deploy_branches = ["preview", "staging"] + site_id = data.netlify_site.blog.id + build_command = "npm run build" + publish_directory = "dist" + production_branch = "main" + branch_deploy_branches = ["preview", "staging"] + prevent_non_git_prod_deploys = true } ``` @@ -43,6 +44,7 @@ resource "netlify_site_build_settings" "blog" { - `functions_region` (String) - `package_directory` (String) - `pretty_urls` (Boolean) +- `prevent_non_git_prod_deploys` (Boolean) When enabled, prevents production deploys from sources other than the linked git repository. - `stop_builds` (Boolean) - `waf_policy_id` (String) See more details in the netlify_waf_policy resource. diff --git a/examples/resources/netlify_site_build_settings/resource.tf b/examples/resources/netlify_site_build_settings/resource.tf index 0edcb36..9e8b643 100644 --- a/examples/resources/netlify_site_build_settings/resource.tf +++ b/examples/resources/netlify_site_build_settings/resource.tf @@ -1,7 +1,8 @@ resource "netlify_site_build_settings" "blog" { - site_id = data.netlify_site.blog.id - build_command = "npm run build" - publish_directory = "dist" - production_branch = "main" - branch_deploy_branches = ["preview", "staging"] + site_id = data.netlify_site.blog.id + build_command = "npm run build" + publish_directory = "dist" + production_branch = "main" + branch_deploy_branches = ["preview", "staging"] + prevent_non_git_prod_deploys = true } diff --git a/internal/provider/site_build_settings_resource.go b/internal/provider/site_build_settings_resource.go index a05da55..c150117 100644 --- a/internal/provider/site_build_settings_resource.go +++ b/internal/provider/site_build_settings_resource.go @@ -46,10 +46,11 @@ type siteBuildSettingsResourceModel struct { StopBuilds types.Bool `tfsdk:"stop_builds"` // Runtime types.String `tfsdk:"runtime"` // ?!?! is this plugins.package? - ProductionBranch types.String `tfsdk:"production_branch"` - BranchDeployAllBranches types.Bool `tfsdk:"branch_deploy_all_branches"` - BranchDeployBranches []types.String `tfsdk:"branch_deploy_branches"` - DeployPreviews types.Bool `tfsdk:"deploy_previews"` + ProductionBranch types.String `tfsdk:"production_branch"` + BranchDeployAllBranches types.Bool `tfsdk:"branch_deploy_all_branches"` + BranchDeployBranches []types.String `tfsdk:"branch_deploy_branches"` + DeployPreviews types.Bool `tfsdk:"deploy_previews"` + PreventNonGitProdDeploys types.Bool `tfsdk:"prevent_non_git_prod_deploys"` BuildImage types.String `tfsdk:"build_image"` // NodeJSVersion types.String `tfsdk:"node_js_version"` // versions.node.active / default: versions.node.active or versions.node.default @@ -152,6 +153,12 @@ func (r *siteBuildSettingsResource) Schema(_ context.Context, _ resource.SchemaR Computed: true, Default: booldefault.StaticBool(true), }, + "prevent_non_git_prod_deploys": schema.BoolAttribute{ + Optional: true, + Computed: true, + Default: booldefault.StaticBool(false), + Description: "When enabled, prevents production deploys from sources other than the linked git repository.", + }, "build_image": schema.StringAttribute{ Optional: true, Computed: true, @@ -288,6 +295,7 @@ func (r *siteBuildSettingsResource) read(ctx context.Context, state *siteBuildSe } else { state.DeployPreviews = types.BoolValue(!*site.BuildSettings.SkipPrs) } + state.PreventNonGitProdDeploys = types.BoolPointerValue(site.PreventNonGitProdDeploys) state.BuildImage = types.StringValue(site.BuildImage) state.FunctionsRegion = types.StringPointerValue(site.FunctionsRegion) state.PrettyURLs = types.BoolPointerValue(site.ProcessingSettings.Html.PrettyUrls) @@ -340,6 +348,7 @@ func (r *siteBuildSettingsResource) write(ctx context.Context, plan *siteBuildSe PrettyUrls: plan.PrettyURLs.ValueBoolPointer(), }, }, + PreventNonGitProdDeploys: plan.PreventNonGitProdDeploys.ValueBoolPointer(), } if plan.BuildImage.IsUnknown() { diff --git a/internal/provider/site_build_settings_resource_test.go b/internal/provider/site_build_settings_resource_test.go index 74a594d..bae78fb 100644 --- a/internal/provider/site_build_settings_resource_test.go +++ b/internal/provider/site_build_settings_resource_test.go @@ -24,6 +24,7 @@ func TestAccSiteBuildSettings(t *testing.T) { resource.TestCheckResourceAttr("netlify_site_build_settings.example", "production_branch", "preview"), resource.TestCheckResourceAttr("netlify_site_build_settings.example", "branch_deploy_branches.#", "1"), resource.TestCheckResourceAttr("netlify_site_build_settings.example", "branch_deploy_branches.0", "staging"), + resource.TestCheckResourceAttr("netlify_site_build_settings.example", "prevent_non_git_prod_deploys", "false"), ), }, { @@ -69,3 +70,55 @@ resource "netlify_waf_policy" "example" { }, }, func(s *terraform.State) error { return nil }) } + +func TestAccSiteBuildSettingsNonGitDeploys(t *testing.T) { + accTest(t, []resource.TestStep{ + { + Config: `resource "netlify_site_build_settings" "example" { + site_id = "49137d35-1470-4db1-810f-c185b8381cd3" + build_command = "npm run build && true" + publish_directory = "dist/dist" + production_branch = "preview" + branch_deploy_branches = ["staging"] + prevent_non_git_prod_deploys = true +}`, + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("netlify_site_build_settings.example", "site_id", "49137d35-1470-4db1-810f-c185b8381cd3"), + resource.TestCheckResourceAttr("netlify_site_build_settings.example", "build_command", "npm run build && true"), + resource.TestCheckResourceAttr("netlify_site_build_settings.example", "publish_directory", "dist/dist"), + resource.TestCheckResourceAttr("netlify_site_build_settings.example", "production_branch", "preview"), + resource.TestCheckResourceAttr("netlify_site_build_settings.example", "branch_deploy_branches.#", "1"), + resource.TestCheckResourceAttr("netlify_site_build_settings.example", "branch_deploy_branches.0", "staging"), + resource.TestCheckResourceAttr("netlify_site_build_settings.example", "prevent_non_git_prod_deploys", "true"), + ), + }, + { + Config: `resource "netlify_site_build_settings" "example" { + site_id = "49137d35-1470-4db1-810f-c185b8381cd3" + build_command = "npm run build" + publish_directory = "dist" + production_branch = "main" + branch_deploy_branches = ["preview", "staging"] + prevent_non_git_prod_deploys = false +}`, + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("netlify_site_build_settings.example", "site_id", "49137d35-1470-4db1-810f-c185b8381cd3"), + resource.TestCheckResourceAttr("netlify_site_build_settings.example", "build_command", "npm run build"), + resource.TestCheckResourceAttr("netlify_site_build_settings.example", "publish_directory", "dist"), + resource.TestCheckResourceAttr("netlify_site_build_settings.example", "production_branch", "main"), + resource.TestCheckResourceAttr("netlify_site_build_settings.example", "branch_deploy_branches.#", "2"), + resource.TestCheckResourceAttr("netlify_site_build_settings.example", "branch_deploy_branches.0", "preview"), + resource.TestCheckResourceAttr("netlify_site_build_settings.example", "branch_deploy_branches.1", "staging"), + resource.TestCheckResourceAttr("netlify_site_build_settings.example", "prevent_non_git_prod_deploys", "false"), + ), + }, + { + ResourceName: "netlify_site_build_settings.example", + ImportState: true, + ImportStateId: "49137d35-1470-4db1-810f-c185b8381cd3", + ImportStateVerifyIdentifierAttribute: "site_id", + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"last_updated"}, + }, + }, func(s *terraform.State) error { return nil }) +}