{"id":32659565,"url":"https://github.com/sudo-kraken/.github","last_synced_at":"2026-05-13T20:34:12.654Z","repository":{"id":321615199,"uuid":"1081056554","full_name":"sudo-kraken/.github","owner":"sudo-kraken","description":"Automate organisation and repository configuration using Pulumi. Uses uv for Python tooling and the Pulumi CLI for stack operations.","archived":false,"fork":false,"pushed_at":"2026-04-30T17:46:38.000Z","size":287,"stargazers_count":1,"open_issues_count":9,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-30T19:21:31.001Z","etag":null,"topics":["automation","git-automation","jinja2","metadata","pulumi","python","templating"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sudo-kraken.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-22T08:47:07.000Z","updated_at":"2026-04-17T05:40:56.000Z","dependencies_parsed_at":"2026-02-13T17:09:28.808Z","dependency_job_id":null,"html_url":"https://github.com/sudo-kraken/.github","commit_stats":null,"previous_names":["sudo-kraken/.github"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sudo-kraken/.github","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sudo-kraken%2F.github","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sudo-kraken%2F.github/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sudo-kraken%2F.github/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sudo-kraken%2F.github/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sudo-kraken","download_url":"https://codeload.github.com/sudo-kraken/.github/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sudo-kraken%2F.github/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32999490,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-13T13:14:54.681Z","status":"ssl_error","status_checked_at":"2026-05-13T13:14:51.610Z","response_time":115,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","git-automation","jinja2","metadata","pulumi","python","templating"],"created_at":"2025-10-31T15:00:27.033Z","updated_at":"2026-05-13T20:34:12.649Z","avatar_url":"https://github.com/sudo-kraken.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"src/git_automation/logo/logo.svg\" align=\"center\" width=\"144px\" height=\"144px\" alt=\"logo\"/\u003e\n\n### GitHub Organisation Automation with Pulumi\n\n_Automate organisation and repository configuration using Pulumi. Uses uv for Python tooling and the Pulumi CLI for stack operations._\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n![Python 3.11+](https://img.shields.io/badge/Python-3.11%2B-3776AB?style=for-the-badge\u0026logo=python)\n![Pulumi CLI](https://img.shields.io/badge/Pulumi-CLI-4B57A5?style=for-the-badge\u0026logo=pulumi)\n\n\u003c/div\u003e\n\n## Contents\n\n- [Overview](#overview)\n- [Architecture at a glance](#architecture-at-a-glance)\n- [Features](#features)\n- [Prerequisites](#prerequisites)\n- [Access token permissions](#access-token-permissions)\n- [Safety](#safety)\n- [Setup](#setup)\n- [Run](#run)\n  - [Using different environments](#using-different-environments)\n  - [Import an existing resource](#import-an-existing-resource)\n  - [Delete a resource](#delete-a-resource)\n  - [Manual Pulumi operations](#manual-pulumi-operations)\n- [Troubleshooting](#troubleshooting)\n- [Limitations and manual steps](#limitations-and-manual-steps)\n- [Licence](#licence)\n- [Security](#security)\n- [Contributing](#contributing)\n- [Support](#support)\n\n## Overview\n\nThis repository contains Pulumi constructs and helper code that codify GitHub organisation and repository settings. Stacks are managed with the Pulumi CLI and repositories will be permanently deleted when removed from configuration.\n\nThis repository also contains reusable README templates and generator code under `src/git_automation/templates`. Use the included templates to render repository README files. See `Pulumi.stack.yaml.example` for an example stack configuration showing repository options.\n\n## Architecture at a glance\n\n- **Pulumi** defines GitHub resources.\n- **Pulumi CLI** runs previews and applies for stacks.\n- **uv** manages Python tooling used in the project.\n- **Environment switching** via `PULUMI_STACK` or other environment variables for dev and prod.\n\n## Features\n\n- Declarative management of GitHub repositories and settings.\n- Environment-aware configuration using `PULUMI_STACK`.\n- Import support for bringing existing repositories under management.\n- Template-based repository file synchronization and workflow generation.\n\n## Prerequisites\n\n- Python **3.11+** with **uv**.\n- **Pulumi CLI**.\n\n## Access token permissions\n\nCreate a fine-grained GitHub token with the following repository level permissions. Scope to all or to specific repositories as needed.\n\n- Administration Read/Write\n- Contents Read/Write\n- Issues Read/Write for labels\n- Workflows Read/Write for GitHub Actions\n\n## Safety\n\n\u003e [!WARNING]\n\u003e Repositories will be **permanently deleted** when removed from your Pulumi configuration and running `pulumi up`. Always ensure you have backups before removing repositories from your stack configuration. To enable safer archiving instead of deletion, modify `archive_on_destroy=True` in `GitRepositoryComponent.py`.\n\n## Setup\n\n```sh\n# Install Python dependencies via uv\nuv sync\n\n# Install Pulumi CLI\ncurl -fsSL https://get.pulumi.com | sh\n\n# (optional) Install any local helper tooling you need\n```\n\n## Run\n\n```sh\n# Set environment variables\nexport GITHUB_TOKEN=xxxx\nexport PULUMI_STACK=dev\nexport PULUMI_CONFIG_PASSPHRASE=xxxx\nexport AWS_ACCESS_KEY_ID=xxxx\nexport AWS_SECRET_ACCESS_KEY=xxxx\nexport AWS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt\n\n# Select or create the stack, preview and apply\npulumi login 's3://etc' # see the pulumi docs for details on cloud backends\npulumi stack select $PULUMI_STACK || pulumi stack init $PULUMI_STACK\npulumi preview\npulumi up\n```\n\n### Using different environments\n\n```sh\n# Development\nexport PULUMI_STACK=dev\npulumi stack select $PULUMI_STACK\npulumi up\n\n# Production\nexport PULUMI_STACK=prod\npulumi stack select $PULUMI_STACK\npulumi up\n```\n\n### Import an existing resource\n\n```sh\n# Example (resource type, name, id vary by provider)\npulumi import \u003cresource-type\u003e \u003cname\u003e \u003cid\u003e\n# e.g. pulumi import github:index/repository:Repository repo_name owner/repo\n```\n\n### Delete a resource\n\n```sh\n# Remove repository from configuration in your stack file, then:\npulumi up  # This will permanently delete the repository\n\n# WARNING: This is destructive and cannot be undone easily\n```\n\n### Manual Pulumi operations\n\n```sh\n# If you need to run Pulumi commands directly on a specific stack\npulumi stack select \u003cstack\u003e\npulumi preview\npulumi up\n```\n\n## Troubleshooting\n\n- **401 or provider initialisation errors**\n\n  Check `GITHUB_TOKEN` scope and that the token has the required permissions.\n\n- **Changes not applied to expected environment**\n\n  Confirm `PULUMI_STACK` is set to the desired stack before `pulumi up`.\n\n- **TLS or proxy issues**\n\n  If running behind a proxy or custom CA, set `AWS_CA_BUNDLE` or your platform equivalent for provider calls that require custom trust.\n\n- **Import fails**\n\n  Ensure the import ID matches the provider’s expected format. For repositories it is typically `owner/repo`.\n\n## Limitations and manual steps\n\nSome settings are not currently supported by the GitHub provider and require manual configuration.\n\nIn **Code security**:\n\n- Enable **Dependabot alerts**.\n\n- Disable **Dependabot security updates**.\n\nIn **Settings → Actions**:\n\n- Set **Approval for running fork pull request workflows from contributors** to **Require approval for all external contributors**.\n\n- In **Workflow permissions**, tick **Allow GitHub Actions to create and approve pull requests**.\n\n- Tick **Require actions to be pinned to a full length commit SHA**.\n\nIn **Settings → Rules → Rulesets → automation-sync**:\n\n- Under **Require status checks to pass**, tick **Require branches to be up to date before merging**.\n\nUser level limitation:\n\nIn **Settings → Installations**:\n\n- Add the required GitHub Apps to your repositories.\n\n## License\n\nThis project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.\n\n## Security\n\nIf you discover a security issue, please review and follow the guidance in [SECURITY.md](SECURITY.md), or open a private security-focused issue with minimal details and request a secure contact channel.\n\n## Contributing\n\nOpen issues or submit pull requests for suggestions and improvements.\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md)\n\n## Support\n\nOpen an [issue](/../../issues) with as much detail as possible, including Pulumi and provider versions and relevant command output.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsudo-kraken%2F.github","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsudo-kraken%2F.github","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsudo-kraken%2F.github/lists"}