From 31f7f2e1c90d131ba8138f72e13ddca24598ebfe Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Fri, 30 Sep 2022 17:56:56 -0700 Subject: ops(github): terraform configuration to manage GitHub Import current GitHub repositories into terraform. This should be the main way (going forward) to interact with GitHub to create / manage the repositories and ensuring I'm consistent in the ways I want to use it. --- ops/github/.gitignore | 3 + ops/github/README.org | 15 +++ ops/github/main.tf | 47 ++++++++ ops/github/repositories_private.tf | 218 +++++++++++++++++++++++++++++++++++++ ops/github/repositories_public.tf | 71 ++++++++++++ 5 files changed, 354 insertions(+) create mode 100644 ops/github/.gitignore create mode 100644 ops/github/README.org create mode 100644 ops/github/main.tf create mode 100644 ops/github/repositories_private.tf create mode 100644 ops/github/repositories_public.tf (limited to 'ops/github') diff --git a/ops/github/.gitignore b/ops/github/.gitignore new file mode 100644 index 0000000..112bb96 --- /dev/null +++ b/ops/github/.gitignore @@ -0,0 +1,3 @@ +# ignore the various terraform files that are generate. The state is +# stored in a GCS bucket. +.terraform* diff --git a/ops/github/README.org b/ops/github/README.org new file mode 100644 index 0000000..86c664a --- /dev/null +++ b/ops/github/README.org @@ -0,0 +1,15 @@ +#+TITLE: Managing GitHub with terraform + +This terraform configuration is to manage my GitHub configuration (repositories, projects, branches, etc). + +There's nothing special regarding how to use this repository. + +#+begin_src sh +GITHUB_TOKEN=(pass api/github/terraform) terraform plan +GITHUB_TOKEN=(pass api/github/terraform) terraform apply +#+end_src + +* Credentials +A token is needed to interact with the API. It's available in =pass= (under =api/github/terraform=). The token needs admin access for repositories and being able to read the user. +* State +The state is stored in a [[https://console.cloud.google.com/storage/browser/world-tf-state/github?project=fcuny-homelab&pageState=(%22StorageObjectListTable%22:(%22f%22:%22%255B%255D%22))&prefix=&forceOnObjectsSortingFiltering=false][GCS bucket]]. diff --git a/ops/github/main.tf b/ops/github/main.tf new file mode 100644 index 0000000..91f58cb --- /dev/null +++ b/ops/github/main.tf @@ -0,0 +1,47 @@ +locals { + terraform_service_account = "terraform@fcuny-homelab.iam.gserviceaccount.com" +} + +provider "google" { + alias = "impersonation" + scopes = [ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/userinfo.email", + ] +} + +data "google_service_account_access_token" "default" { + provider = google.impersonation + target_service_account = local.terraform_service_account + scopes = ["userinfo-email", "cloud-platform"] + lifetime = "1200s" +} + +provider "google" { + project = "fcuny-homelab" + region = "us-west1" + zone = "us-west1-c" + access_token = data.google_service_account_access_token.default.access_token + request_timeout = "60s" +} + +terraform { + required_providers { + github = { + source = "integrations/github" + version = "~> 4.0" + } + } + + backend "gcs" { + bucket = "world-tf-state" + prefix = "github/state" + impersonate_service_account = "terraform@fcuny-homelab.iam.gserviceaccount.com" + } +} + +# Configure the GitHub Provider. The environment variable +# `GITHUB_TOKEN` needs to be set. +provider "github" { + owner = "fcuny" +} diff --git a/ops/github/repositories_private.tf b/ops/github/repositories_private.tf new file mode 100644 index 0000000..5e45e3f --- /dev/null +++ b/ops/github/repositories_private.tf @@ -0,0 +1,218 @@ +resource "github_repository" "ballet" { + name = "ballet" + visibility = "private" + archived = true + has_downloads = false + has_issues = true + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true +} + +resource "github_repository" "cpan-graph" { + name = "cpan-graph" + visibility = "private" + archived = true + has_downloads = false + has_issues = true + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true +} + +resource "github_repository" "demorest" { + name = "demorest" + visibility = "private" + archived = true + has_downloads = false + has_issues = true + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true +} + +resource "github_repository" "devbox" { + name = "devbox" + visibility = "private" + archived = true + has_downloads = false + has_issues = true + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true +} + +resource "github_repository" "emacsd" { + name = "emacs.d" + visibility = "private" + has_downloads = false + has_issues = true + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true + vulnerability_alerts = true +} + +resource "github_repository" "feeddiscovery" { + name = "feeddiscovery" + visibility = "private" + archived = true + has_downloads = false + has_issues = true + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true +} + +resource "github_repository" "graph-gexf" { + name = "graph-gexf" + visibility = "private" + archived = true + has_downloads = false + has_issues = true + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true +} + +resource "github_repository" "kiokudb-backend-memcachedb" { + name = "kiokudb-backend-memcachedb" + visibility = "private" + archived = true + has_downloads = false + has_issues = true + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true +} + +resource "github_repository" "kiokudb-backend-riak" { + name = "kiokudb-backend-riak" + visibility = "private" + archived = true + has_downloads = false + has_issues = true + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true +} + +resource "github_repository" "lwpx-paranoidagent" { + name = "lwpx-paranoidagent" + visibility = "private" + archived = true + has_downloads = false + has_issues = true + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true +} + +resource "github_repository" "moosex-abstractfactory" { + name = "moosex-abstractfactory" + visibility = "private" + archived = true + has_downloads = false + has_issues = true + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true +} + +resource "github_repository" "moosex-methodprivate" { + name = "moosex-methodprivate" + visibility = "private" + archived = true + has_downloads = false + has_issues = true + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true +} + +resource "github_repository" "moosex-privacy" { + name = "moosex-privacy" + visibility = "private" + archived = true + has_downloads = false + has_issues = true + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true +} + +resource "github_repository" "moosex-useragent" { + name = "moosex-useragent" + visibility = "private" + archived = true + has_downloads = false + has_issues = true + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true +} + +resource "github_repository" "notebooks" { + name = "notebooks" + visibility = "private" + has_downloads = false + has_issues = false + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true +} + +resource "github_repository" "password-store" { + name = "password-store" + visibility = "private" + has_downloads = false + has_issues = false + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true +} + +resource "github_repository" "world" { + name = "world" + visibility = "private" + has_downloads = false + has_issues = true + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true + vulnerability_alerts = true +} diff --git a/ops/github/repositories_public.tf b/ops/github/repositories_public.tf new file mode 100644 index 0000000..8f70342 --- /dev/null +++ b/ops/github/repositories_public.tf @@ -0,0 +1,71 @@ +# github_repository.jitterbug: +resource "github_repository" "jitterbug" { + name = "jitterbug" + archived = true + allow_auto_merge = false + allow_merge_commit = false + allow_rebase_merge = false + allow_squash_merge = false + delete_branch_on_merge = true + description = "Cross Language Continuous Integration for Git" + has_downloads = true + has_issues = true + has_projects = true + has_wiki = true + homepage_url = "http://lumberjaph.net/jitterbug/" + vulnerability_alerts = true + pages { + cname = "jitterbug.pl" + source { + branch = "gh-pages" + path = "/" + } + } +} + +# github_repository.presque: +resource "github_repository" "presque" { + name = "presque" + archived = true + allow_auto_merge = false + allow_merge_commit = false + allow_rebase_merge = false + allow_squash_merge = false + delete_branch_on_merge = true + description = "a simple redis/tatsumaki message queue" + has_downloads = true + has_issues = true + has_projects = true + has_wiki = true + vulnerability_alerts = true +} + +# github_repository.webservice-google-suggest: +resource "github_repository" "webservice-google-suggest" { + name = "webservice-google-suggest" + archived = true + allow_auto_merge = false + allow_merge_commit = false + allow_rebase_merge = false + allow_squash_merge = false + delete_branch_on_merge = true + description = "WebService::Google::Suggest allows you to use Google Suggest as a Web Service API to retrieve completions to your search query or partial query" + has_downloads = true + has_issues = true + has_projects = true + has_wiki = true + vulnerability_alerts = true +} + +resource "github_repository" "anyevent-riak" { + name = "anyevent-riak" + archived = true + has_downloads = false + has_issues = true + has_projects = false + has_wiki = false + allow_merge_commit = false + allow_squash_merge = true + allow_rebase_merge = true + vulnerability_alerts = true +} -- cgit 1.4.1