Open mattwynne opened 2 years ago
mattwynne
commented
2 years ago We could also use Pulumi, which has the advantage of using a regular programming language for the declarations instead of HCL. https://www.pulumi.com/registry/packages/github/
I'll have a tinker with both.
mattwynne
commented
2 years ago I've played with Pulumi today, and managed to get it to configure team access to a couple of repos. Proof of concept code is here: https://github.com/cucumber/github-settings
mattwynne
commented
2 years ago The first task I tried to take on with this was to give us declarative management of team-repo permissions. It seems that this just isn't possible at the moment.
However, it should still be possible to use either Pulumi or Terraform to set up and manage the branch protection rules we need established for repos where we have release automation. I'll try that next.
mattwynne
commented
2 years ago Perhaps this could be a better solution than Terraform:
mattwynne
commented
2 years ago Sigh. Doesn't seem to support branch protection rules properly: https://github.com/probot/settings/issues/227
luke-hill
commented
1 year ago @mattwynne any updates here?
mattwynne
commented
1 year ago I haven't found any technology that can do it. I found https://github.com/repository-settings/app but last time I looked it had a bunch of usability problems (e.g. https://github.com/repository-settings/app#security-implications) and wasn't under active development. It looks like things may have picked up again, so it could still be an option.
As we break apart the monorepo (#1724) and implement release automation (#1688), it becomes increasingly difficult to manage the various branch protection rule and environment settings in each repo.
@mpkorstanje has suggested using Terraform to manage this config. Here's a blog post with some examples: https://www.mineiros.io/blog/how-to-manage-your-github-organization-with-terraform