This repository is an example of IaC for managing a GitHub organization using Terraform, concepts from Team Topologies, and sensible default practices learned from software development.
- Documentation: docs.osinfra.io
- Service Interfaces: github.com
We focus on the core fundamental practice of cloud engineering, Infrastructure as Code.
Open Source Infrastructure (as Code) is a development model for infrastructure that focuses on open collaboration and applying relative lessons learned from software development practices that organizations can use internally at scale. - Open Source Infrastructure (as Code)
To avoid slowing down stream-aligned teams, we want to open up the possibility for contributions. The Open Source Infrastructure (as Code) model allows team members external to the platform team to contribute with only a slight increase in cognitive load. This section is for developers who want to contribute to this repository, describing the tools used, the skills, and the knowledge required, along with Terraform documentation.
See the documentation for setting up a local development environment here.
Links to documentation and other resources required to develop and iterate in this repository successfully.
- branch protection rules
- encrypted secrets for an organization
- organization membership
- repositories
- teams
| Name | Version |
|---|---|
| github | 6.2.3 |
| random | 3.6.2 |
| template | 2.2.0 |
| time | 0.11.2 |
| Name | Type |
|---|---|
| github_actions_organization_permissions.this | resource |
| github_actions_organization_secret.this | resource |
| github_branch_protection.this | resource |
| github_issue_labels.this | resource |
| github_membership.this | resource |
| github_organization_security_manager.this | resource |
| github_organization_settings.this | resource |
| github_repository.this | resource |
| github_repository_file.security_policy | resource |
| github_repository_webhook.datadog | resource |
| github_repository_webhook.discord | resource |
| github_team.children | resource |
| github_team.parents | resource |
| github_team_members.children | resource |
| github_team_members.parents | resource |
| github_team_repository.children | resource |
| github_team_repository.parents | resource |
| github_team_settings.this | resource |
| random_password.this | resource |
| time_rotating.this | resource |
| template_file.security_policy | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| admins | A set of admins to add to the organization | set(string) |
n/a | yes |
| datadog_webhook_api_key | The Datadog API key used for creating webhooks | string |
n/a | yes |
| discord_webhook_api_key | The Discord API key used for creating webhooks | string |
n/a | yes |
| github_token | The GitHub token used for managing the organization | string |
n/a | yes |
| members | A set of members to add to the organization | set(string) |
[] |
no |
| organization_secrets | Map of secrets to add to the organization | map(object({ description = string visibility = string })) |
n/a | yes |
| repositories | Map of repositories to create | map(object({ description = string enable_branch_protection = optional(bool, true) enable_discord_webhook = optional(bool, true) enable_datadog_webhook = optional(bool, true) has_discussions = optional(bool, false) labels = optional(list(object({ color = string description = string name = string }))) is_template = optional(bool, false) push_allowances = optional(list(string), []) required_status_checks_contexts = optional(list(string), []) template = optional(string) topics = optional(list(string)) # In most cases, the visibility of your organizations repository should be private. # However, we are keeping our code public to encourage others to learn from our work. visibility = optional(string, "public") })) |
n/a | yes |
| team_children | Map of child teams to create | map(object({ description = string maintainers = optional(set(string), []) members = optional(set(string), []) permission = optional(string, null) parent_team_key = string repositories = optional(set(string), []) })) |
n/a | yes |
| team_parents | Map of parent teams to create | map(object({ description = string maintainers = optional(set(string), []) members = optional(set(string), []) permission = optional(string, null) privacy = optional(string, "closed") repositories = optional(set(string), []) review_request_delegation = optional(bool, false) })) |
n/a | yes |