Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Understanding the GitHub Provider for Terraform

Understanding the GitHub Provider for Terraform

In this talk, I look at how HashiCorp Terraform can be used to manage GitHub Organizations, including Users, Teams, and Memberships. I also discuss how Terraform makes it easy to manage Repositories and Branch Protections.

This version of the presentation was given at HashiTalks in February 2020.

---

Companion Code: git.io/Jv3YE

8c73ec710b03be8909e71ad500866934?s=128

Kerim Satirli
PRO

February 20, 2020
Tweet

Transcript

  1. Understanding the GitHub Provider for Terraform

  2. @ksatirli on GitHub and Twitter

  3. None
  4. Terraform 125+ Official Providers AWS, GCP, Datadog, etc. 160+ Community

    Providers 1Password, Jira, Unifi, etc.
  5. Terraform 0.12 and newer only

  6. Provider Setup

  7. Personal Access Token github.com/settings/token/new

  8. Personal Access Token github.com/settings/token

  9. Provider Setup CODE EDITOR provider "github" { version = "~>

    2.3" organization = "operatehappy" token = "abc...890" }
  10. TERMINAL > terraform init Initializing the backend... Initializing provider plugins...

    - Checking for available provider plugins... - Downloading plugin for provider "github" (hashicorp/github) 2.3.0... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure.
  11. TERMINAL > terraform version Terraform v0.12.20 + provider.github v2.3.1

  12. Team Management

  13. Adding Members CODE EDITOR resource "github_membership" "kibertoad" { username =

    "kibertoad" role = "member" }
  14. Adding Members TERMINAL > terraform fmt providers.tf members.tf

  15. Creating Teams CODE EDITOR resource "github_team" "reviewers" { name =

    "reviewers" description = "Reviewer Team" privacy = "closed" }
  16. Updating Teams CODE EDITOR resource "github_team_membership" "reviewers" { count =

    length(var.reviewers_team) team_id = github_team.reviewers.id username = element(var.reviewers_team, count.index) role = "maintainer" }
  17. Repository Management

  18. Managing Repositories CODE EDITOR resource "github_repository" "monitoring-app" { name =

    "monitoring-app" description = "Operate Happy’s monitoring app" homepage_url = "https://operatehappy.com/monitoring" private = false }
  19. Managing Repositories CODE EDITOR resource "github_repository" "monitoring-app" { name =

    "monitoring-app" has_downloads = false has_issues = true has_projects = false has_wiki = false }
  20. Managing Repositories CODE EDITOR resource "github_repository" "monitoring-app" { name =

    "monitoring-app" allow_merge_commit = false allow_rebase_merge = false allow_squash_merge = true }
  21. Managing Repositories CODE EDITOR resource "github_repository" "monitoring-app" { name =

    "monitoring-app" auto_init = true }
  22. Managing Repositories CODE EDITOR resource "github_repository" "monitoring-app" { name =

    "monitoring-app" auto_init = false template { owner = "operatehappy" repo = "terraform-module-template" } }
  23. Managing Repositories CODE EDITOR resource "github_repository" "monitoring-app" { name =

    "monitoring-app" topics [ "application", "monitoring", } }
  24. Renaming Repositories TERMINAL Terraform will perform the following actions: #

    github_repository.monitoring-app must be replaced -/+ resource "github_repository" "monitoring-app" { ~ id = "monitoring-app" -> (known after apply) ~ name = "monitoring-app" -> "monitoring-application" ... Plan: 1 to add, 0 to change, 1 to destroy.
  25. Renaming Repositories github.com/operatehappy/monitoring-application/

  26. Renaming Repositories TERMINAL > terraform state rm github_repository.monitoring-app > terraform

    import \ github_repository.monitoring-app \ monitoring-app
  27. Managing Team Repositories CODE EDITOR resource "github_team_repository" "monitoring-app" { team_id

    = github_team.reviewers.id repository = github_repository.monitoring_app.name permission = "push" }
  28. Managing Team Repositories CODE EDITOR resource "github_team_repository" "monitoring-app" { team_id

    = github_team.reviewers.id repository = github_repository.monitoring_app.name permission = "push" }
  29. Managing Team Repositories CODE EDITOR resource "github_team_repository" "monitoring-app" { team_id

    = github_team.reviewers.id repository = github_repository.monitoring_app.name permission = "push" }
  30. Protecting Repository Branches CODE EDITOR resource "github_branch_protection" "monitoring-app" { repository

    = github_repository.monitoring_app.name branch = "release-*" }
  31. Protecting Repository Branches CODE EDITOR resource "github_branch_protection" "monitoring-app" { repository

    = github_repository.monitoring_app.name branch = "master" }
  32. Protecting Repository Branches CODE EDITOR resource "github_branch_protection" "monitoring-app" { repository

    = github_repository.monitoring_app.name branch = "master" enforce_admins = true require_signed_commits = true }
  33. Protecting Repository Branches CODE EDITOR resource "github_branch_protection" "monitoring-app" { repository

    = github_repository.monitoring_app.name branch = "master" enforce_admins = true require_signed_commits = true }
  34. Protecting Repository Branches CODE EDITOR resource "github_branch_protection" "monitoring-app" { repository

    = github_repository.monitoring_app.name branch = "master" required_status_checks { strict = true contexts = ["ci/enforcer"] } }
  35. Protecting Repository Branches CODE EDITOR resource "github_branch_protection" "monitoring-app" { repository

    = github_repository.monitoring_app.name branch = "master" required_pull_request_reviews { dismiss_stale_reviews = true dismissal_teams = [github_team.internal.slug] } }
  36. Protecting Repository Branches CODE EDITOR resource "github_branch_protection" "monitoring-app" { repository

    = github_repository.monitoring_app.name branch = "master" required_pull_request_reviews { dismiss_stale_reviews = true dismissal_teams = [github_team.internal.slug] } }
  37. Review ▪ Provider Setup ▪ Team Management ▪ Repository Management

    ▪ Branch Protection
  38. Materials ▪ slides: speakerdeck.com/ksatirli ▪ code: git.io/Jv3YE

  39. Thank You kerim@hashicorp.com