First attempt at managing the nfcore org with pulumi

nf-core · Mar 22, 2024 · 1b888aa · 1b888aa
1 parent 1cb656b
commit 1b888aa
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 21 deletions.
diff --git a/pulumi/github/teams/.gitignore b/pulumi/github/teams/.gitignore
@@ -1,4 +1,7 @@
-
 *.pyc
 venv/
 __pycache__/
+
+# sensitive data
+Pulumi*yaml
+*.txt
diff --git a/pulumi/github/teams/__main__.py b/pulumi/github/teams/__main__.py
@@ -1,26 +1,38 @@
+#!/usr/bin/env python
+
+import yaml
+
 import pulumi
 import pulumi_github as github
 
-# Create a new GitHub team within the nf-core organization
-my_team = github.Team("myTeam",
-    name="my-team",
-    description="My Team Description",
-    privacy="closed",  # Can be 'secret' or 'closed'
-)
+with open('org.yaml') as org_fd:
+    org = yaml.safe_load(org_fd)
+
+for repo in org["repositories"]:
+    repo = github.Repository(repo["name"],
+        name=repo["name"],
+        description=repo.get("description", ""),
+        visibility=repo.get("visibility", "private"))
 
-# Add a user to the newly created team
-team_membership = github.TeamMembership("teamMembership",
-    team_id=my_team.id,
-    username="example-user",  # Replace with the actual GitHub username
-    role="member",  # Can be 'member' or 'maintainer'
-)
+for team in org["teams"]:
+    ops = github.Team(team["slug"],
+        name=team["name"],
+        description=team["description"],
+        privacy="closed",
+        opts=pulumi.ResourceOptions(protect=True))
 
-# Associate a repository with the team
-team_repository = github.TeamRepository("teamRepository",
-    team_id=my_team.id,
-    repository="example-repo",  # Replace with the actual repository name
-    permission="push",  # Can be 'pull', 'push', or 'admin'
-)
+    for user in team["members"]:
+        # Add a user to the newly created team
+        team_membership = github.TeamMembership(f"{team['name']}-{user['name']}",
+            team_id=team["name"],
+            username=user["name"],
+            role=user["role"],
+        )
 
-# Export the team slug to access the team on GitHub
-pulumi.export("team_slug", my_team.slug)
+    for permission in team["permissions"]:
+        # Associate a repository with the team
+        team_repository = github.TeamRepository(f"{team['name']}-{permission['repository']}",
+            team_id=team["name"],
+            repository=permission["repository"],
+            permission=permission["role"],
+        )
diff --git a/pulumi/github/teams/org.yaml b/pulumi/github/teams/org.yaml
@@ -0,0 +1,32 @@
+---
+org: "test-nfcore"
+repositories:
+  - name: whatever
+    description: "random repo description"
+    # visibility: private  # private by default
+  - name: whatever2
+    visibility: public
+
+teams:
+  - name: "ops"
+    slug: "ops"
+    description: "A team in charge of ops"
+    members:
+      - name: bebosudo
+        role: admin
+      - name: edmundmiller
+        role: maintainer
+    permissions:
+      - repository: whatever
+        role: admin  # Can be 'pull', 'push', or 'admin'
+
+  - name: "docs"
+    slug: "docs"
+    description: "docs team"
+    members:
+      - name: bebosudo
+        role: member
+    permissions:
+      - repository: whatever2
+        role: push
+...