Skip to content

muhlba91/github-infrastructure

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

256 Commits

.github

.github

 
 

assets

assets

 
 

src

src

 
 

.conform.yaml

.conform.yaml

 
 

.gitignore

.gitignore

 
 

.pre-commit-config.yaml

.pre-commit-config.yaml

 
 

.prettierignore

.prettierignore

 
 

.versionrc.json

.versionrc.json

 
 

.yamllint.yml

.yamllint.yml

 
 

LICENSE.md

LICENSE.md

 
 

Pulumi.prod.yaml

Pulumi.prod.yaml

 
 

Pulumi.yaml

Pulumi.yaml

 
 

README.md

README.md

 
 

eslint.config.js

eslint.config.js

 
 

package.json

package.json

 
 

renovate.json

renovate.json

 
 

tsconfig.json

tsconfig.json

 
 

yarn.lock

yarn.lock

 
 

Repository files navigation

GitHub Infrastructure

Build status License

This repository contains the automation for GitHub Repositories with optional Cloud Access using Pulumi.

Requirements

Creating the Infrastructure

To create the repositories, a Pulumi Stack with the correct configuration needs to exists.

The stack can be deployed via:

yarn install
yarn build; pulumi up

Destroying the Infrastructure

The entire infrastructure can be destroyed via:

yarn install
yarn build; pulumi destroy

Attention: you must set ALLOW_REPOSITORY_DELETION="true" as an environment variable to be able to delete repositories!

Environment Variables

To successfully run, and configure the Pulumi plugins, you need to set a list of environment variables. Alternatively, refer to the used Pulumi provider's configuration documentation.

  • AWS_REGION: the AWS region to use
  • AWS_ACCESS_KEY_ID: the AWS secret key
  • AWS_SECRET_ACCESS_KEY: the AWS secret access key
  • CLOUDSDK_COMPUTE_REGION the Google Cloud (GCP) region
  • GOOGLE_APPLICATION_CREDENTIALS: reference to a file containing the Google Cloud (GCP) service account credentials
  • DOPPLER_TOKEN: the Doppler token with permissions to manage projects
  • GITHUB_TOKEN: the GitHub token with permissions to manage repositories

Configuration

The following section describes the configuration which must be set in the Pulumi Stack.

Attention: do use Secrets Encryption provided by Pulumi for secret values!

AWS

AWS configuration is based on each allowed account.

aws:
  defaultRegion: the default region for every account
  account: a map of AWS accounts to IAM role configuration
    <ACCOUNT_ID>:
      roleArn: the IAM role ARN to assume with correct permissions
      externalId: the the ExternalID property to assume the role

Google Cloud

Google Cloud configuration is based on each allowed project.

google:
  allowHmacKeys: allows creating HMAC Google Cloud Storage keys
  defaultRegion: the default region for every project
  projects: a list containing all allowed project identifiers

Repositories

Repositories configuration sets default values and GitHub account information.

repositories:
  owner: the owner/organization of all repositories
  subscription: the subscription type of the user/organization (e.g. "none")

Vault

Vault connection configuration. The token will be retrieved from the corresponding stack's output.

Attention: Vault will only be used if a connection configuration can be created.

vault:
  address: the URL to the Vault instance

Repository YAML

Repositories are defined in YAML format. For each repository to create a YAML file must be created in assets/repositories/.

The format is described in the template.

Continuous Integration and Automations

About

Automated creation of GitHub Repositories with optional Cloud Access.

Topics

github infrastructure aws automation vault google-cloud doppler pulumi

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Contributors 2

  •  
  •  

Languages