{"id":22261886,"url":"https://github.com/muhlba91/github-infrastructure","last_synced_at":"2025-07-28T08:33:20.900Z","repository":{"id":202640835,"uuid":"707803579","full_name":"muhlba91/github-infrastructure","owner":"muhlba91","description":"Automated creation of GitHub Repositories with optional Cloud Access.","archived":false,"fork":false,"pushed_at":"2024-11-19T16:00:37.000Z","size":1148,"stargazers_count":0,"open_issues_count":3,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-11-19T17:11:59.502Z","etag":null,"topics":["automation","aws","doppler","github","google-cloud","infrastructure","pulumi","vault"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/muhlba91.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-20T17:37:53.000Z","updated_at":"2024-11-19T16:00:38.000Z","dependencies_parsed_at":null,"dependency_job_id":"60f14d59-1e7c-428a-8d63-1a49f9a8c050","html_url":"https://github.com/muhlba91/github-infrastructure","commit_stats":{"total_commits":113,"total_committers":2,"mean_commits":56.5,"dds":"0.12389380530973448","last_synced_commit":"b1ccfe60d16207f7c9ff8ac2d517daf906335be7"},"previous_names":["muhlba91/github-infrastructure"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muhlba91%2Fgithub-infrastructure","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muhlba91%2Fgithub-infrastructure/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muhlba91%2Fgithub-infrastructure/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/muhlba91%2Fgithub-infrastructure/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/muhlba91","download_url":"https://codeload.github.com/muhlba91/github-infrastructure/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227886289,"owners_count":17834992,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","aws","doppler","github","google-cloud","infrastructure","pulumi","vault"],"created_at":"2024-12-03T09:14:47.083Z","updated_at":"2024-12-03T09:14:47.693Z","avatar_url":"https://github.com/muhlba91.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GitHub Infrastructure\n\n[![Build status](https://img.shields.io/github/actions/workflow/status/muhlba91/github-infrastructure/pipeline.yml?style=for-the-badge)](https://github.com/muhlba91/github-infrastructure/actions/workflows/pipeline.yml)\n[![License](https://img.shields.io/github/license/muhlba91/github-infrastructure?style=for-the-badge)](LICENSE.md)\n[![](https://api.scorecard.dev/projects/github.com/muhlba91/github-infrastructure/badge?style=for-the-badge)](https://scorecard.dev/viewer/?uri=github.com/muhlba91/github-infrastructure)\n\nThis repository contains the automation for [GitHub Repositories](https://github.com) with optional Cloud Access using [Pulumi](http://pulumi.com).\n\n---\n\n## Requirements\n\n- [NodeJS](https://nodejs.org/en), and [yarn](https://yarnpkg.com)\n- [Pulumi](https://www.pulumi.com/docs/install/)\n\n## Creating the Infrastructure\n\nTo create the repositories, a [Pulumi Stack](https://www.pulumi.com/docs/concepts/stack/) with the correct configuration needs to exists.\n\nThe stack can be deployed via:\n\n```bash\nyarn install\nyarn build; pulumi up\n```\n\n## Destroying the Infrastructure\n\nThe entire infrastructure can be destroyed via:\n\n```bash\nyarn install\nyarn build; pulumi destroy\n```\n\n**Attention**: you must set `ALLOW_REPOSITORY_DELETION=\"true\"` as an environment variable to be able to delete repositories!\n\n## Environment Variables\n\nTo successfully run, and configure the Pulumi plugins, you need to set a list of environment variables. Alternatively, refer to the used Pulumi provider's configuration documentation.\n\n- `AWS_REGION`: the AWS region to use\n- `AWS_ACCESS_KEY_ID`: the AWS secret key\n- `AWS_SECRET_ACCESS_KEY`: the AWS secret access key\n- `CLOUDSDK_COMPUTE_REGION` the Google Cloud (GCP) region\n- `GOOGLE_APPLICATION_CREDENTIALS`: reference to a file containing the Google Cloud (GCP) service account credentials\n- `GITHUB_TOKEN`: the GitHub token with permissions to manage repositories\n\n---\n\n## Configuration\n\nThe following section describes the configuration which must be set in the Pulumi Stack.\n\n***Attention:*** do use [Secrets Encryption](https://www.pulumi.com/docs/concepts/secrets/#:~:text=Pulumi%20never%20sends%20authentication%20secrets,“secrets”%20for%20extra%20protection.) provided by Pulumi for secret values!\n\n### AWS\n\nAWS configuration is based on each allowed account.\n\n```yaml\naws:\n  defaultRegion: the default region for every account\n  account: a map of AWS accounts to IAM role configuration\n    \u003cACCOUNT_ID\u003e:\n      roleArn: the IAM role ARN to assume with correct permissions\n      externalId: the the ExternalID property to assume the role\n```\n\n### Google Cloud\n\nGoogle Cloud configuration is based on each allowed project.\n\n```yaml\ngoogle:\n  allowHmacKeys: allows creating HMAC Google Cloud Storage keys\n  defaultRegion: the default region for every project\n  projects: a list containing all allowed project identifiers\n```\n\n### Repositories\n\nRepositories configuration sets default values and GitHub account information.\n\n```yaml\nrepositories:\n  owner: the owner/organization of all repositories\n  subscription: the subscription type of the user/organization (e.g. \"none\")\n```\n\n### Vault\n\nVault connection configuration. The token will be retrieved from the corresponding stack's output.\n\nAttention: Vault will only be used if a connection configuration can be created.\n\n```yaml\nvault:\n  address: the URL to the Vault instance\n```\n\n#### Repository YAML\n\nRepositories are defined in YAML format. For each repository to create a YAML file must be created in [assets/repositories/](assets/repositories/).\n\nThe format is described in the [template](assets/templates/repository.yml).\n\n---\n\n## Continuous Integration and Automations\n\n- [GitHub Actions](https://docs.github.com/en/actions) are linting, and verifying the code.\n- [Renovate Bot](https://github.com/renovatebot/renovate) is updating NodeJS packages, and GitHub Actions.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmuhlba91%2Fgithub-infrastructure","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmuhlba91%2Fgithub-infrastructure","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmuhlba91%2Fgithub-infrastructure/lists"}