Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Understanding the GitHub Provider for Terraform

Understanding the GitHub Provider for Terraform

In this talk, I look at how HashiCorp Terraform can be used to manage GitHub Organizations, including Users, Teams, and Memberships. I also discuss how Terraform makes it easy to manage Repositories and Branch Protections.

This version of the presentation was given at HashiTalks in February 2020.

---

Companion Code: git.io/Jv3YE

Kerim Satirli

February 20, 2020
Tweet

More Decks by Kerim Satirli

Other Decks in Technology

Transcript

  1. Provider Setup CODE EDITOR provider "github" { version = "~>

    2.3" organization = "operatehappy" token = "abc...890" }
  2. TERMINAL > terraform init Initializing the backend... Initializing provider plugins...

    - Checking for available provider plugins... - Downloading plugin for provider "github" (hashicorp/github) 2.3.0... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure.
  3. Creating Teams CODE EDITOR resource "github_team" "reviewers" { name =

    "reviewers" description = "Reviewer Team" privacy = "closed" }
  4. Updating Teams CODE EDITOR resource "github_team_membership" "reviewers" { count =

    length(var.reviewers_team) team_id = github_team.reviewers.id username = element(var.reviewers_team, count.index) role = "maintainer" }
  5. Managing Repositories CODE EDITOR resource "github_repository" "monitoring-app" { name =

    "monitoring-app" description = "Operate Happy’s monitoring app" homepage_url = "https://operatehappy.com/monitoring" private = false }
  6. Managing Repositories CODE EDITOR resource "github_repository" "monitoring-app" { name =

    "monitoring-app" has_downloads = false has_issues = true has_projects = false has_wiki = false }
  7. Managing Repositories CODE EDITOR resource "github_repository" "monitoring-app" { name =

    "monitoring-app" allow_merge_commit = false allow_rebase_merge = false allow_squash_merge = true }
  8. Managing Repositories CODE EDITOR resource "github_repository" "monitoring-app" { name =

    "monitoring-app" auto_init = false template { owner = "operatehappy" repo = "terraform-module-template" } }
  9. Managing Repositories CODE EDITOR resource "github_repository" "monitoring-app" { name =

    "monitoring-app" topics [ "application", "monitoring", } }
  10. Renaming Repositories TERMINAL Terraform will perform the following actions: #

    github_repository.monitoring-app must be replaced -/+ resource "github_repository" "monitoring-app" { ~ id = "monitoring-app" -> (known after apply) ~ name = "monitoring-app" -> "monitoring-application" ... Plan: 1 to add, 0 to change, 1 to destroy.
  11. Managing Team Repositories CODE EDITOR resource "github_team_repository" "monitoring-app" { team_id

    = github_team.reviewers.id repository = github_repository.monitoring_app.name permission = "push" }
  12. Managing Team Repositories CODE EDITOR resource "github_team_repository" "monitoring-app" { team_id

    = github_team.reviewers.id repository = github_repository.monitoring_app.name permission = "push" }
  13. Managing Team Repositories CODE EDITOR resource "github_team_repository" "monitoring-app" { team_id

    = github_team.reviewers.id repository = github_repository.monitoring_app.name permission = "push" }
  14. Protecting Repository Branches CODE EDITOR resource "github_branch_protection" "monitoring-app" { repository

    = github_repository.monitoring_app.name branch = "master" enforce_admins = true require_signed_commits = true }
  15. Protecting Repository Branches CODE EDITOR resource "github_branch_protection" "monitoring-app" { repository

    = github_repository.monitoring_app.name branch = "master" enforce_admins = true require_signed_commits = true }
  16. Protecting Repository Branches CODE EDITOR resource "github_branch_protection" "monitoring-app" { repository

    = github_repository.monitoring_app.name branch = "master" required_status_checks { strict = true contexts = ["ci/enforcer"] } }
  17. Protecting Repository Branches CODE EDITOR resource "github_branch_protection" "monitoring-app" { repository

    = github_repository.monitoring_app.name branch = "master" required_pull_request_reviews { dismiss_stale_reviews = true dismissal_teams = [github_team.internal.slug] } }
  18. Protecting Repository Branches CODE EDITOR resource "github_branch_protection" "monitoring-app" { repository

    = github_repository.monitoring_app.name branch = "master" required_pull_request_reviews { dismiss_stale_reviews = true dismissal_teams = [github_team.internal.slug] } }