{"id":51008418,"url":"https://github.com/nolte/terraform-github-bootstrap","last_synced_at":"2026-06-20T23:31:02.259Z","repository":{"id":359181437,"uuid":"1244892102","full_name":"nolte/terraform-github-bootstrap","owner":"nolte","description":"Bootstrap the nolte GitHub org via Terraform: org settings, teams, branch protection rulesets.","archived":false,"fork":false,"pushed_at":"2026-05-20T21:51:41.000Z","size":41,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"develop","last_synced_at":"2026-05-20T23:56:45.537Z","etag":null,"topics":["bootstrap","github","iac","nolte","terraform"],"latest_commit_sha":null,"homepage":"https://github.com/nolte/terraform-github-bootstrap","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nolte.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-20T17:47:42.000Z","updated_at":"2026-05-20T21:51:18.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/nolte/terraform-github-bootstrap","commit_stats":null,"previous_names":["nolte/terraform-github-bootstrap"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/nolte/terraform-github-bootstrap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nolte%2Fterraform-github-bootstrap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nolte%2Fterraform-github-bootstrap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nolte%2Fterraform-github-bootstrap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nolte%2Fterraform-github-bootstrap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nolte","download_url":"https://codeload.github.com/nolte/terraform-github-bootstrap/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nolte%2Fterraform-github-bootstrap/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34589204,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-20T02:00:06.407Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bootstrap","github","iac","nolte","terraform"],"created_at":"2026-06-20T23:31:02.185Z","updated_at":"2026-06-20T23:31:02.253Z","avatar_url":"https://github.com/nolte.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-github-bootstrap\n\n\u003e Manage the [`nolte`](https://github.com/nolte) GitHub account as Terraform: repository inventory and repository rulesets.\n\n\u003c!-- Badges will be regenerated by `project-structure-apply` once workflows have run on the default branch. --\u003e\n\n## Purpose\n\nThis repository owns parts of the [`nolte`](https://github.com/nolte) GitHub configuration as code, using the [`integrations/github`](https://registry.terraform.io/providers/integrations/github/latest/docs) Terraform provider.\n\n\u003e **`nolte` is a personal user account on GitHub, not an organisation.** Organisation-only concerns (org settings, teams, organisation-wide rulesets) are therefore out of scope here. If `nolte` is migrated to an organisation later, those concerns can be added in a separate root module without disturbing the current code.\n\nIt is a deliberate complement to [`nolte/gh-plumbing`](https://github.com/nolte/gh-plumbing):\n\n| Concern | Source of truth |\n|---|---|\n| Repository **inventory** (which repos exist, description, topics, visibility, has_issues / has_wiki / …) | **this repo** (Terraform `github_repository`) |\n| Per-repo **repository rulesets** (modern branch protection) | **this repo** (Terraform `github_repository_ruleset`) |\n| Per-repo settings, labels, merge strategy, classic branch protection | [`gh-plumbing`](https://github.com/nolte/gh-plumbing) (Probot Settings App via `_extends`) |\n| Reusable workflows, Boring-Cyborg / Stale / Release-Drafter commons, Renovate preset | [`gh-plumbing`](https://github.com/nolte/gh-plumbing) |\n\nTo keep both systems from fighting, the `github_repository` resource here `ignore_changes` on every field Probot owns (merge strategies, `delete_branch_on_merge`, auto-merge).\n\n## Getting started\n\n```sh\n# Install pinned tool versions (see .tool-versions).\ntask -l                 # discover available targets\ntask tf:fmt             # format\ntask tf:validate        # validate every root module\ntask tf:plan            # plan against the live account (requires GITHUB_TOKEN with `repo` scope)\ntask tf:apply           # apply (human-gated)\n```\n\n`terraform.tfvars` lives next to the root module and is git-ignored — copy `terraform.example.tfvars` and adjust. **Adopt every existing repo via `terraform import github_repository.managed[\"\u003cname\u003e\"] \u003cname\u003e` before the first apply**, otherwise Terraform will try to create a duplicate.\n\nState backend is currently **local** (`terraform.tfstate` next to the module). When a remote backend is adopted, update the module and migrate state explicitly.\n\n## Structure\n\n```\nterraform/\n  repos/                # repository inventory + per-repo rulesets\n  portfolio-app/        # wrapper around gh-plumbing//terraform/portfolio-app\n                        # provisions per-repo PORTFOLIO_APP_ID + PORTFOLIO_APP_PRIVATE_KEY\ndocs/                   # MkDocs source (English)\n.github/                # Probot configs + reusable-workflow consumers\nscripts/                # operator helpers (gopass → TF_VAR_* env loaders)\n```\n\n### portfolio-app credentials\n\nThe portfolio-app module needs a GitHub App that is **registered manually** — there is no GitHub API for App creation or private-key generation. Five manual steps before the first `task tf:apply:portfolio-app`:\n\n1. **Register the App** at \u003chttps://github.com/settings/apps/new\u003e. Permissions and webhook settings are documented at [`docs/en/portfolio-app.md`](docs/en/portfolio-app.md) and in the [upstream setup guide](https://github.com/nolte/gh-plumbing/blob/develop/docs/en/portfolio-app/setup.md).\n2. **Generate a private key** (`.pem`) on the App's settings page.\n3. **Note the numeric App ID** (visible on the App's settings page).\n4. **Install the App** in every consumer repository (default: `terraform-github-bootstrap`, `gh-plumbing`, `claude-shared`).\n5. **Persist credentials in gopass** and let Terraform read them via `TF_VAR_*`:\n\n```sh\nGP=internet/github.com/nolte/apps/nolte-portfolio-app\ngopass insert    \"$GP/appid\"                 # numeric App ID\ngopass insert    \"$GP/slug\"                  # e.g. nolte-portfolio-app\ngopass insert -m \"$GP/private_key\" \u003c downloaded.pem\nshred -u downloaded.pem\n\n# Each session before plan/apply:\nsource scripts/portfolio-app-env.sh\ntask tf:plan:portfolio-app\n```\n\n`scripts/portfolio-app-env.sh` exports `TF_VAR_app_id`, `TF_VAR_app_private_key`, and `GITHUB_TOKEN`; nothing touches tfvars or the repo. Full operator runbook at [`docs/en/portfolio-app.md`](docs/en/portfolio-app.md).\n\n\u003e **Spec note.** `spec/project/project-structure/` does not currently list `terraform/` as a sanctioned top-level source tree (only `src/`, `custom_components/`, `.claude-plugin/`, `playbooks/`+`roles/`). This repository uses `terraform/` as a conscious extension — analogous to the Ansible exception. Tracked under `spec/source-layout-extension.md` once the spec amendment lands upstream.\n\n## Related repositories\n\n- [`nolte/gh-plumbing`](https://github.com/nolte/gh-plumbing) — per-repo Probot Settings, reusable workflows, Renovate preset.\n- [`nolte/claude-shared`](https://github.com/nolte/claude-shared) — Claude Code plugin used to scaffold this repository.\n\n## Status\n\nBootstrap / pre-MVP. Local state, no CI gate on `tf:plan` yet. Repository inventory starts with this bootstrap repo itself (dogfood) and is meant to grow one `terraform import` at a time.\n\n## License\n\nTo be added. See open question in `spec/`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnolte%2Fterraform-github-bootstrap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnolte%2Fterraform-github-bootstrap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnolte%2Fterraform-github-bootstrap/lists"}