github-infrastructure

command module
v0.0.0-...-ba77dc4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 8, 2026 License: GPL-3.0 Imports: 13 Imported by: 0

README

GitHub Infrastructure

Build status License

This repository contains the automation for GitHub Repositories with optional Cloud Access using Pulumi.

Requirements

Creating the Infrastructure

To create the services, a Pulumi Stack with the correct configuration needs to exists.

The stack can be deployed via:

pulumi up

Destroying the Infrastructure

The entire infrastructure can be destroyed via:

pulumi destroy

Attention: you must set ALLOW_REPOSITORY_DELETION="true" as an environment variable to be able to delete repositories!

Environment Variables

To successfully run, and configure the Pulumi plugins, you need to set a list of environment variables. Alternatively, refer to the used Pulumi provider's configuration documentation.

  • AWS_REGION: the AWS region to use
  • AWS_ACCESS_KEY_ID: the AWS secret key
  • AWS_SECRET_ACCESS_KEY: the AWS secret access key
  • CLOUDSDK_COMPUTE_REGION the Google Cloud (GCP) region
  • GOOGLE_APPLICATION_CREDENTIALS: reference to a file containing the Google Cloud (GCP) service account credentials
  • GITHUB_TOKEN: the GitHub token with permissions to manage repositories

Configuration

The following section describes the configuration which must be set in the Pulumi Stack.

Attention: do use Secrets Encryption provided by Pulumi for secret values!

AWS

AWS configuration is based on each allowed account.

aws:
  defaultRegion: the default region for every account
  account: a map of AWS accounts to IAM role configuration
    <ACCOUNT_ID>:
      roleArn: the IAM role ARN to assume with correct permissions
      externalId: the the ExternalID property to assume the role
Google Cloud

Google Cloud configuration is based on each allowed project.

google:
  allowHmacKeys: allows creating HMAC Google Cloud Storage keys
  defaultRegion: the default region for every project
  projects: a list containing all allowed project identifiers
Repositories

Repositories configuration sets default values and GitHub account information.

repositories:
  owner: the owner/organization of all repositories
  subscription: the subscription type of the user/organization (e.g. "none")
Vault

Vault connection configuration. The token will be retrieved from the corresponding stack's output.

Attention: Vault will only be used if a connection configuration can be created.

vault:
  address: the URL to the Vault instance
Repository YAML

Repositories are defined in YAML format. For each repository to create a YAML file must be created in assets/repositories/.

The format is described in the template.

Continuous Integration and Automations

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
pkg
lib/aws
lib/config
lib/github/repositories
lib/google
lib/tailscale
lib/vault
model/aws
model/config/aws
model/config/google
model/config/repositories
model/config/repository
model/config/vault
model/google
model/vault
util
util/github

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.