Add support for multiple repositories

.github/workflows/ci.yaml

@@ -28,7 +28,7 @@ jobs:
     - name: Setup Terraform
       uses: hashicorp/setup-terraform@v1
       with:
-        terraform_version: 1.0.9
+        terraform_version: 1.1.2
     - name: Initialise with no backend
       run: terraform init -backend=false
     - name: Check formatting

README.md

@@ -1,7 +1,7 @@
 # AWS federation for GitHub Actions
 
-Terraform module to configure GitHub Actions as an IAM OIDC identity provider
-in AWS. This enables GitHub Actions to access resources within an AWS account
+Terraform module to configure GitHub Actions as an IAM OIDC identity provider in
+AWS. This enables GitHub Actions to access resources within an AWS account
 without requiring long-lived credentials to be stored as GitHub secrets.
 
 ## 🔨 Getting started
@@ -24,7 +24,7 @@ provider "aws" {
 module "aws_oidc_github" {
   source  = "unfunco/oidc-github/aws"
   version = "0.1.2"
-  
+
   github_organisation = "your-org"
   github_repository   = "your-repo"
 }
@@ -58,10 +58,10 @@ jobs:
 
 #### Required
 
-| Name                  | Type     | Description               |
-|-----------------------|----------|---------------------------|
-| `github_organisation` | `string` | GitHub organisation name. |
-| `github_repository`   | `string` | GitHub repository name.   |
+| Name                  | Type     | Description                      |
+|-----------------------|----------|----------------------------------|
+| `github_organisation` | `string` | GitHub organisation name.        |
+| `github_repositories` | `string` | List of GitHub repository names. |
 
 #### Optional
 

data.tf

@@ -21,7 +21,7 @@ data "aws_iam_policy_document" "assume_role" {
 
     condition {
       test     = "StringLike"
-      values   = ["repo:${var.github_organisation}/${var.github_repository}:*"]
+      values   = [for repo in var.github_repositories : "repo:${var.github_organisation}/${repo}:*"]
       variable = "token.actions.githubusercontent.com:sub"
     }
 

examples/complete/main.tf

@@ -16,7 +16,7 @@ module "aws_oidc_github" {
   iam_role_permissions_boundary = var.iam_role_permissions_boundary
   iam_role_policy_arns          = var.iam_role_policy_arns
   github_organisation           = var.github_organisation
-  github_repository             = var.github_repository
+  github_repositories           = var.github_repositories
   max_session_duration          = var.max_session_duration
   tags                          = var.tags
 }

examples/complete/variables.tf

@@ -21,9 +21,9 @@ variable "github_organisation" {
   type        = string
 }
 
-variable "github_repository" {
-  description = "GitHub repository name."
-  type        = string
+variable "github_repositories" {
+  description = "List of GitHub repository names."
+  type        = list(string)
 }
 
 variable "iam_policy_name" {

examples/complete/versions.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.65"
+      version = "~> 3.70"
     }
   }
 

main.tf

@@ -21,7 +21,7 @@ resource "aws_iam_role" "github" {
   count = var.enabled ? 1 : 0
 
   assume_role_policy    = data.aws_iam_policy_document.assume_role[0].json
-  description           = "Role used by the ${var.github_organisation}/${var.github_repository} GitHub repository."
+  description           = "Role used by the ${var.github_organisation} GitHub organisation."
   force_detach_policies = var.force_detach_policies
   max_session_duration  = var.max_session_duration
   name                  = var.iam_role_name

variables.tf

@@ -35,9 +35,9 @@ variable "github_organisation" {
   type        = string
 }
 
-variable "github_repository" {
-  description = "GitHub repository name."
-  type        = string
+variable "github_repositories" {
+  description = "List of GitHub repository names."
+  type        = list(string)
 }
 
 variable "iam_policy_name" {

versions.tf

@@ -16,7 +16,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 3.65"
+      version = "~> 3.70"
     }
   }