feat: Add support for org-level runners

README.md

@@ -330,7 +330,8 @@ module "github_runner_with_packer" {
 | <a name="input_security_group_ids"></a> [security\_group\_ids](#input\_security\_group\_ids) | The list of Security Group IDs for AWS CodeBuild to launch ephemeral EC2 instances in. | `list(string)` | `[]` | no |
 | <a name="input_security_group_name"></a> [security\_group\_name](#input\_security\_group\_name) | Name to use on created Security Group. Defaults to `name` | `string` | `null` | no |
 | <a name="input_source_auth"></a> [source\_auth](#input\_source\_auth) | Override the default CodeBuild source credential for this project. This allows using project-specific authentication instead of the account/region baseline credential. See docs/GITHUB-AUTH-SETUP.md for usage details. | <pre>object({<br/>    type     = string<br/>    resource = string<br/>  })</pre> | `null` | no |
-| <a name="input_source_location"></a> [source\_location](#input\_source\_location) | Your source code repo location, for example https://github.com/my/repo.git | `string` | n/a | yes |
+| <a name="input_source_location"></a> [source\_location](#input\_source\_location) | Your source code repo location, for example https://github.com/my/repo.git, or `CODEBUILD_DEFAULT_WEBHOOK_SOURCE_LOCATION` for org-level webhooks. | `string` | n/a | yes |
+| <a name="input_source_organization"></a> [source\_organization](#input\_source\_organization) | Your GitHub organization name for organization-level webhook creation. | `string` | `null` | no |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | The list of Subnet IDs for AWS CodeBuild to launch ephemeral EC2 instances in. | `list(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the resources created by this module. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. | `map(string)` | `{}` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The VPC ID for AWS CodeBuild to launch ephemeral instances in. | `string` | `null` | no |

docs/org_level_runners.md

@@ -0,0 +1,12 @@
+# Organization Level Runners
+
+To set up the codebuild runners at the GitHub organization level, use the `source_location` and `source_organization` module inputs like the following:
+
+```hcl
+module "github_runner" {
+  ...
+  source_location = "CODEBUILD_DEFAULT_WEBHOOK_SOURCE_LOCATION"
+  source_organization = "your-org-name"
+  ...
+}
+```

examples/basic-org/README.md

@@ -0,0 +1,69 @@
+<!-- BEGIN_TF_DOCS -->
+----
+## main.tf
+```hcl
+module "github_runner" {
+  source = "../../"
+
+  # Required parameters
+  ############################
+  # Naming for all created resources
+  name                = "github-runner-codebuild-test"
+  source_location     = "CODEBUILD_DEFAULT_WEBHOOK_SOURCE_LOCATION"
+  source_organization = "cloudandthings"
+
+  # Environment image is not specified so it will default to:
+  # "aws/codebuild/amazonlinux2-x86_64-standard:5.0"
+
+  # Optional parameters
+  ############################
+  description = "Created by my-org/my-runner-repo.git"
+
+  github_personal_access_token = "example"
+
+  vpc_id     = "vpc-0ffaabbcc1122"
+  subnet_ids = ["subnet-0123", "subnet-0456"]
+}
+```
+----
+
+## Documentation
+
+----
+### Inputs
+
+No inputs.
+
+----
+### Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_github_runner"></a> [github\_runner](#module\_github\_runner) | ../../ | n/a |
+
+----
+### Outputs
+
+No outputs.
+
+----
+### Providers
+
+No providers.
+
+----
+### Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.14.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.9 |
+| <a name="requirement_http"></a> [http](#requirement\_http) | 3.0.1 |
+
+----
+### Resources
+
+No resources.
+
+----
+<!-- END_TF_DOCS -->

examples/basic-org/main.tf

@@ -0,0 +1,22 @@
+module "github_runner" {
+  source = "../../"
+
+  # Required parameters
+  ############################
+  # Naming for all created resources
+  name                = "github-runner-codebuild-test"
+  source_location     = "CODEBUILD_DEFAULT_WEBHOOK_SOURCE_LOCATION"
+  source_organization = "cloudandthings"
+
+  # Environment image is not specified so it will default to:
+  # "aws/codebuild/amazonlinux2-x86_64-standard:5.0"
+
+  # Optional parameters
+  ############################
+  description = "Created by my-org/my-runner-repo.git"
+
+  github_personal_access_token = "example"
+
+  vpc_id     = "vpc-0ffaabbcc1122"
+  subnet_ids = ["subnet-0123", "subnet-0456"]
+}

examples/basic-org/providers.tf

@@ -0,0 +1,3 @@
+provider "aws" {
+  region = "eu-west-1"
+}

examples/basic-org/terraform.tf

@@ -0,0 +1,13 @@
+terraform {
+  required_version = ">= 0.14.0"
+  required_providers {
+    http = {
+      source  = "hashicorp/http"
+      version = "3.0.1"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.9"
+    }
+  }
+}

main.tf

@@ -140,6 +140,13 @@ resource "aws_codebuild_webhook" "this" {
       pattern = "WORKFLOW_JOB_QUEUED"
     }
   }
+  dynamic "scope_configuration" {
+    for_each = var.source_location == "CODEBUILD_DEFAULT_WEBHOOK_SOURCE_LOCATION" && var.source_organization != null ? toset([1]) : toset([])
+    content {
+      name  = var.source_organization
+      scope = "GITHUB_ORGANIZATION"
+    }
+  }
 }
 
 ################################################################################

variables.tf

@@ -12,10 +12,10 @@ variable "name" {
 
 variable "source_location" {
   type        = string
-  description = "Your source code repo location, for example https://github.com/my/repo.git"
+  description = "Your source code repo location, for example https://github.com/my/repo.git, or `CODEBUILD_DEFAULT_WEBHOOK_SOURCE_LOCATION` for org-level webhooks."
   validation {
-    condition     = can(regex("^https://github\\.com/[^/]+/[^/]+\\.git$", var.source_location))
-    error_message = "The source_location must be a valid GitHub repository URL in the format: https://github.com/owner/repo.git."
+    condition     = can(regex("^(?:https://github\\.com/[^/]+/[^/]+\\.git|CODEBUILD_DEFAULT_WEBHOOK_SOURCE_LOCATION)$", var.source_location))
+    error_message = "The source_location must be a valid GitHub repository URL in the format: https://github.com/owner/repo.git, or the string `CODEBUILD_DEFAULT_WEBHOOK_SOURCE_LOCATION`."
   }
 }
 
@@ -24,6 +24,12 @@ variable "source_location" {
 # -----------------------------------------------------
 
 # General
+variable "source_organization" {
+  type        = string
+  default     = null
+  description = "Your GitHub organization name for organization-level webhook creation."
+}
+
 variable "build_timeout" {
   type        = number
   default     = 5