feat(github): archive ansible repositories (#6)

## Summary
- archive the listed ansible repositories in Terraform
- stop managing branch protections and Actions secrets for archived
repositories
- keep the archived repository set explicit in locals

## Validation
- make test

Author: xnoto

gh-protections.tf

@@ -7,7 +7,7 @@ import {
 */
 
 resource "github_branch_protection" "protections" {
-  for_each                        = local.github_repositories
+  for_each                        = toset([for repo in local.github_repositories : repo if !contains(local.archived_github_repositories, repo)])
   repository_id                   = github_repository.repositories[each.key].node_id
   pattern                         = "main"
   enforce_admins                  = false

gh-repositories.tf

@@ -9,6 +9,7 @@ import {
 resource "github_repository" "repositories" {
   for_each                    = local.github_repositories
   name                        = each.key
+  archived                    = contains(local.archived_github_repositories, each.key)
   visibility                  = var.github_visibility
   allow_squash_merge          = true
   allow_merge_commit          = true

main.tf

@@ -19,6 +19,11 @@ locals {
     "tfroot-libvirt",
     "www"
   ])
+  archived_github_repositories = toset([
+    "ansible-project-libvirt",
+    "ansible-site-cluster",
+    "ansible-role-crc"
+  ])
   secrets = {
     "onion_s3_bucket" = {
       name         = "ONION_AWS_S3_BUCKET"
@@ -74,7 +79,6 @@ locals {
       name  = "CLOUDFLARE_AUTH_CLIENT_ID"
       value = data.sops_file.secret_vars.data["cloudflare_auth_client_id"]
       repositories = [
-        "ansible-site-cluster",
         "images",
         "kustomize-cluster",
         "tfroot-github"
@@ -84,7 +88,6 @@ locals {
       name  = "CLOUDFLARE_AUTH_CLIENT_SECRET"
       value = data.sops_file.secret_vars.data["cloudflare_auth_client_secret"]
       repositories = [
-        "ansible-site-cluster",
         "images",
         "kustomize-cluster",
         "tfroot-github"
@@ -113,8 +116,6 @@ locals {
       name  = "SOPS_AGE_KEY"
       value = data.sops_file.secret_vars.data["sops_age_key"]
       repositories = [
-        "ansible-project-libvirt",
-        "ansible-site-cluster",
         "tfroot-aws",
         "tfroot-cloudflare",
         "tfroot-github",
@@ -125,31 +126,15 @@ locals {
       name  = "SSH_PRIVATE_KEY"
       value = data.sops_file.secret_vars.data["ssh_private_key"]
       repositories = [
-        "ansible-site-cluster",
         "tfroot-libvirt"
       ]
     }
     "ssh_known_hosts" = {
       name  = "SSH_KNOWN_HOSTS"
       value = data.sops_file.secret_vars.data["ssh_known_hosts"]
       repositories = [
-        "ansible-site-cluster",
         "tfroot-libvirt"
       ]
     }
-    "ssh_user" = {
-      name  = "SSH_USER"
-      value = data.sops_file.secret_vars.data["ssh_user"]
-      repositories = [
-        "ansible-site-cluster"
-      ]
-    }
-    "ssh_host" = {
-      name  = "SSH_HOST"
-      value = data.sops_file.secret_vars.data["ssh_host"]
-      repositories = [
-        "ansible-site-cluster"
-      ]
-    }
   }
 }