Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenTofu managment of GitHub Settings #302

Open
genebean opened this issue Jan 16, 2025 · 6 comments
Open

OpenTofu managment of GitHub Settings #302

genebean opened this issue Jan 16, 2025 · 6 comments

Comments

@genebean
Copy link

Kinda like was mentioned in #140 back in 2017, I think we should use https://registry.terraform.io/providers/integrations/github/latest/docs to manage settings within GitHub so as to have an audit trail and clear approval process for all changes, especially in light of moving to the hosted GitHub Enterprise and the OpenVoxProject's repositories. The key idea here is that we can declarativly manage GitHub in much the way that we use Puppet to manage our infrastructures.

Assuming this is approved, the next step would be to determine the desired state backend to use.

Once a backend is determined, the next step would be to work with the PMC to import all existing manageable resources into OpenTofu using methods similar to what is shown at the bottom of https://registry.terraform.io/providers/integrations/github/latest/docs/resources/membership. Once the existing reality is imported, we could then start actively managing the state in a programmatic, pull request based way.
@bastelfreak
Copy link
Member

I think this totally makes sense and I would love to see this happening.

@jstraw
Copy link

jstraw commented Jan 16, 2025

the import process is very manual and not very fast, and once done you'll need to create new repos via tofu, and do some hoops to take ownership of a repo. It is all fairly easy to document once we get there though.

We should also look at a github action to apply it.

@ekohl
Copy link
Member

ekohl commented Jan 16, 2025

I have no experience with it, but conceptually it makes a lot of sense to me. As someone who has done a fair bit of being GH admin for repos I can say with confidence that doing it manually results in very inconsistent results.

especially in light of moving to the hosted GitHub Enterprise

I missed this bit. What's this exactly about?

@bastelfreak
Copy link
Member

especially in light of moving to the hosted GitHub Enterprise

I missed this bit. What's this exactly about?

Vox Pupuli is currently at the "teams" plan. GitHub offered to sponsor us the next level, "enterprise". One of the benefits is that we can have multiple GitHub orgs under the same sponsorship account. And that means that https://github.com/OpenVoxProject could also participate from the sponsored CI runners that we already have.

@ekohl
Copy link
Member

ekohl commented Jan 16, 2025

I saw that, but wasn't quite sure of the exact implications.

@ghoneycutt
Copy link
Member

ghoneycutt commented Jan 17, 2025
edited
Loading

I've used terraform to manage GitHub in enterprise settings and am strongly in favor as it provides all the benefits of infrastructure as code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
🦊Vox Pupuli monthly sync
Status: No status
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ekohl @ghoneycutt @bastelfreak @jstraw @genebean