Set up repository and permissions for Quarkus SPDX SBOM

[gastaldi]

• Add CODEOWNERS for Quarkus SPDX SBOM related scripts under @quarkiverse/quarkiverse-spdx team
• Configure repository creation and team management for Quarkus SPDX SBOM with proper access permissions and branch protections
• Enable bypass of branch protections for a specific GitHub App
• Closes [Extension Proposal] SPDX SBOM generator quarkusio/quarkus#52850

[github-actions]

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Validation Output

Success! The configuration is valid.

Terraform Plan 📖success

Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

The remote workspace is configured to work with configuration at
terraform-scripts relative to the target repository.

Terraform will upload the contents of the following directory,
excluding files or directories as defined by a .terraformignore file
at /home/runner/work/quarkiverse-devops/quarkiverse-devops/.terraformignore (if it is present),
in order to capture the filesystem context the remote workspace expects:
    /home/runner/work/quarkiverse-devops/quarkiverse-devops

To view this run in a browser, visit:
https://app.terraform.io/app/quarkiverse/quarkiverse-devops/runs/run-8VMUmnSo1L6hcozf

Waiting for the plan to start...

Terraform v1.14.6
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place

Terraform will perform the following actions:

  # github_repository.quarkus_spdx will be created
  + resource "github_repository" "quarkus_spdx" {
      + allow_auto_merge                        = false
      + allow_forking                           = (known after apply)
      + allow_merge_commit                      = true
      + allow_rebase_merge                      = true
      + allow_squash_merge                      = true
      + allow_update_branch                     = true
      + archive_on_destroy                      = true
      + archived                                = false
      + default_branch                          = (known after apply)
      + delete_branch_on_merge                  = true
      + description                             = "Quarkus SPDX SBOM generator"
      + etag                                    = (known after apply)
      + fork                                    = (known after apply)
      + full_name                               = (known after apply)
      + git_clone_url                           = (known after apply)
      + has_issues                              = true
      + homepage_url                            = "https://docs.quarkiverse.io/quarkus-spdx/dev"
      + html_url                                = (known after apply)
      + http_clone_url                          = (known after apply)
      + id                                      = (known after apply)
      + ignore_vulnerability_alerts_during_read = false
      + merge_commit_message                    = "PR_TITLE"
      + merge_commit_title                      = "MERGE_MESSAGE"
      + name                                    = "quarkus-spdx"
      + node_id                                 = (known after apply)
      + primary_language                        = (known after apply)
      + private                                 = (known after apply)
      + repo_id                                 = (known after apply)
      + source_owner                            = (known after apply)
      + source_repo                             = (known after apply)
      + squash_merge_commit_message             = "COMMIT_MESSAGES"
      + squash_merge_commit_title               = "COMMIT_OR_PR_TITLE"
      + ssh_clone_url                           = (known after apply)
      + svn_url                                 = (known after apply)
      + topics                                  = [
          + "quarkus-extension",
        ]
      + visibility                              = (known after apply)
      + vulnerability_alerts                    = true
      + web_commit_signoff_required             = false

      + security_and_analysis (known after apply)
    }

  # github_repository.quarkus_statiq will be updated in-place
  ~ resource "github_repository" "quarkus_statiq" {
        id                                      = "quarkus-roq"
        name                                    = "quarkus-roq"
        # (41 unchanged attributes hidden)

      ~ pages {
            # (6 unchanged attributes hidden)

          + source {
              + branch = "main"
              + path   = "/"
            }
        }

        # (1 unchanged block hidden)
    }

  # github_repository_ruleset.quarkus_spdx will be created
  + resource "github_repository_ruleset" "quarkus_spdx" {
      + enforcement = "active"
      + etag        = (known after apply)
      + id          = (known after apply)
      + name        = "main"
      + node_id     = (known after apply)
      + repository  = "quarkus-spdx"
      + ruleset_id  = (known after apply)
      + target      = "branch"

      + bypass_actors {
          + actor_id    = 995364
          + actor_type  = "Integration"
          + bypass_mode = "always"
        }

      + conditions {
          + ref_name {
              + exclude = []
              + include = [
                  + "~DEFAULT_BRANCH",
                ]
            }
        }

      + rules {
          + non_fast_forward              = true
          + update_allows_fetch_and_merge = false

          + pull_request {
              + allowed_merge_methods             = (known after apply)
              + dismiss_stale_reviews_on_push     = false
              + require_code_owner_review         = false
              + require_last_push_approval        = false
              + required_approving_review_count   = 0
              + required_review_thread_resolution = false
            }
        }
    }

  # github_team.quarkus_spdx will be created
  + resource "github_team" "quarkus_spdx" {
      + create_default_maintainer = false
      + description               = "spdx team"
      + etag                      = (known after apply)
      + id                        = (known after apply)
      + members_count             = (known after apply)
      + name                      = "quarkiverse-spdx"
      + node_id                   = (known after apply)
      + notification_setting      = "notifications_enabled"
      + parent_team_id            = "5344029"
      + parent_team_read_id       = (known after apply)
      + parent_team_read_slug     = (known after apply)
      + privacy                   = "closed"
      + slug                      = (known after apply)
    }

  # github_team_membership.quarkus_spdx["aloubyansky"] will be created
  + resource "github_team_membership" "quarkus_spdx" {
      + etag     = (known after apply)
      + id       = (known after apply)
      + role     = "maintainer"
      + team_id  = (known after apply)
      + username = "aloubyansky"
    }

  # github_team_repository.quarkus_spdx will be created
  + resource "github_team_repository" "quarkus_spdx" {
      + etag       = (known after apply)
      + id         = (known after apply)
      + permission = "maintain"
      + repository = "quarkus-spdx"
      + team_id    = (known after apply)
    }

Plan: 5 to add, 1 to change, 0 to destroy.

Pusher: @gastaldi, Action: pull_request, Workflow: Terraform