Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Standardise GitHub repo settings #1798

Open
mattwynne opened this issue Oct 15, 2021 · 10 comments
Open

Standardise GitHub repo settings #1798

mattwynne opened this issue Oct 15, 2021 · 10 comments
Labels
🏦 debt Tech debt 🔧 build Related to build / release process

Comments

@mattwynne
Copy link
Member

As we break apart the monorepo (#1724) and implement release automation (#1688), it becomes increasingly difficult to manage the various branch protection rule and environment settings in each repo.

@mpkorstanje has suggested using Terraform to manage this config. Here's a blog post with some examples: https://www.mineiros.io/blog/how-to-manage-your-github-organization-with-terraform

@mattwynne mattwynne changed the title Use Terraform to standardise GitHub repo settings Use IaC templates to standardise GitHub repo settings Oct 19, 2021
@mattwynne
Copy link
Member Author

We could also use Pulumi, which has the advantage of using a regular programming language for the declarations instead of HCL. https://www.pulumi.com/registry/packages/github/

I'll have a tinker with both.

@mattwynne
Copy link
Member Author

I've played with Pulumi today, and managed to get it to configure team access to a couple of repos. Proof of concept code is here: https://github.com/cucumber/github-settings

@aslakhellesoy aslakhellesoy added 🔧 build Related to build / release process 🏦 debt Tech debt labels Jan 6, 2022
@mattwynne
Copy link
Member Author

mattwynne commented Jan 19, 2022

The first task I tried to take on with this was to give us declarative management of team-repo permissions. It seems that this just isn't possible at the moment.

However, it should still be possible to use either Pulumi or Terraform to set up and manage the branch protection rules we need established for repos where we have release automation. I'll try that next.

@mattwynne
Copy link
Member Author

Perhaps this could be a better solution than Terraform:

https://github.com/probot/settings

@mattwynne
Copy link
Member Author

Sigh. Doesn't seem to support branch protection rules properly: repository-settings/app#227

@mattwynne mattwynne changed the title Use IaC templates to standardise GitHub repo settings Standardise GitHub repo settings May 25, 2022
@luke-hill
Copy link
Contributor

@mattwynne any updates here?

@mattwynne
Copy link
Member Author

I haven't found any technology that can do it. I found https://github.com/repository-settings/app but last time I looked it had a bunch of usability problems (e.g. https://github.com/repository-settings/app#security-implications) and wasn't under active development. It looks like things may have picked up again, so it could still be an option.

@mattwynne
Copy link
Member Author

@vitalets
Copy link

vitalets commented Dec 8, 2024

Hi @mattwynne

Did you consider Terraform CDK? It allows to describe resources in any programming language as well, and has rich support of GitHub, e.g. branch protection.

@mattwynne
Copy link
Member Author

It looks like they've fixed access management since I last looked at it so yeah that could be worth another look.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🏦 debt Tech debt 🔧 build Related to build / release process
Projects
None yet
Development

No branches or pull requests

4 participants