From a6a6d6485d2e088a8ec7d4c982e26c998e6dae06 Mon Sep 17 00:00:00 2001
From: Aga Dufrat <aga.dufrat@digital.cabinet-office.gov.uk>
Date: Thu, 13 Feb 2025 18:11:50 +0000
Subject: [PATCH] Give CO Platform Engineering team read-only access to dns
 repos

CO Platform Engineering wants to use it in the process of finding owners of
subdomains.

This will reduce burden on the GOV.UK Platform Engineering team as the CO team
will be able to obtain the information by themselves.
---
 terraform/deployments/github/main.tf | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/terraform/deployments/github/main.tf b/terraform/deployments/github/main.tf
index de8fd5efa..0ac734e7c 100644
--- a/terraform/deployments/github/main.tf
+++ b/terraform/deployments/github/main.tf
@@ -86,6 +86,10 @@ resource "github_team" "govuk" {
   privacy = "closed"
 }
 
+data "github_team" "co_platform_engineering" {
+  slug = "co-platform-engineering"
+}
+
 resource "github_team_repository" "govuk_production_admin_repos" {
   for_each   = local.repositories
   repository = each.key
@@ -107,6 +111,13 @@ resource "github_team_repository" "govuk_repos" {
   permission = try(each.value.teams["govuk"], "push")
 }
 
+resource "github_team_repository" "co_platform_engineering_repos" {
+  for_each   = toset(["govuk-dns-tf", "govuk-dns", "govuk-dns-config"])
+  repository = each.key
+  team_id    = data.github_team.co_platform_engineering.id
+  permission = "pull"
+}
+
 resource "github_repository" "govuk_repos" {
   for_each = local.repositories