Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/operations/concept/repository-configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ Using the [`integrations/github`](https://registry.terraform.io/providers/integr
|---|---|
| `module.github_repository.github_repository.this` | Merge methods (squash + rebase only, no merge commits), auto-merge disabled, delete-branch-on-merge, secret scanning + push protection |
| `module.github_repository.github_branch_protection.main` | Require a pull request and passing CI (`lint`, `test`, `build`) before merging into `main`; block direct pushes and force-pushes/deletion |
| `module.github_repository.github_repository_environment.production` | Placeholder deployment environment — no real deployment target exists yet |
| `module.github_repository.github_repository_environment.production`, `...staging` | The two fixed deployment environments every repo this module manages gets |
| `module.github_repository.github_repository_collaborators.this` | The full, authoritative collaborator list (empty by default) |

Solo-maintainer defaults were chosen deliberately: `main` requires a pull request but no minimum approval count, since GitHub can't let a lone maintainer approve their own PR, and branch admins aren't blanket-enforced so an emergency bypass stays possible.
Expand Down
10 changes: 5 additions & 5 deletions terraform/README.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# Repository configuration (Terraform)

Manages this repository's GitHub settings as code: merge/auto-merge behavior,
delete-branch-on-merge, secret scanning, branch protection on `main`, a
placeholder deployment environment, and the collaborator list. Uses the
delete-branch-on-merge, secret scanning, branch protection on `main`, the
`production`/`staging` deployment environments, and the collaborator list. Uses the
[`integrations/github`](https://registry.terraform.io/providers/integrations/github/latest/docs)
provider.

Expand Down Expand Up @@ -55,9 +55,9 @@ it first would try to *create* it and fail. Run this once, before the first
```

Nothing else needs importing: `main` currently has no branch protection
rule, there are no manually-added collaborators, and no `production`
environment exists yet — all three start as clean creates that match the
empty/absent live state.
rule, there are no manually-added collaborators, and neither the
`production` nor `staging` environment exists yet — all these start as
clean creates that match the empty/absent live state.

## What's intentionally not managed here

Expand Down
10 changes: 8 additions & 2 deletions terraform/github-repository/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -88,13 +88,19 @@ resource "github_branch_protection" "main" {

##### ENVIRONMENTS #####
#
# Placeholder — this template has no deployment target yet. Rename/adapt
# once a real environment exists to protect.
# Fixed set — every repo this module manages gets exactly "production" and
# "staging", named to match GitHub Actions environment-scoped secrets/vars
# and any workflow that deploys with `environment: production`/`staging`.
resource "github_repository_environment" "production" {
environment = "production"
repository = github_repository.this.name
}

resource "github_repository_environment" "staging" {
environment = "staging"
repository = github_repository.this.name
}

# Example environment variable (uncomment and adapt):
# resource "github_actions_environment_variable" "example" {
# repository = github_repository.this.name
Expand Down
6 changes: 6 additions & 0 deletions terraform/terraform.tfvars.example
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# Copy to terraform.tfvars (gitignored) and fill in for the repo you're
# actually configuring — or let the bootstrap-repo skill generate this file
# for you from `git remote -v`.

repository_owner = "your-github-username-or-org"
repository_name = "your-repo-name"
Loading