A Terraform module that acts as a wrapper around the Terraform GitHub provider and offers a more convenient and tested way to manage GitHub Organizations following best practices.
This module supports Terraform v1.x and is compatible with the Official Terraform GitHub Provider v5.x from integrations/github
.
Attention: This module is incompatible with the Hashicorp GitHub Provider! The latest version of this module supporting hashicorp/github
provider is ~> 0.6.0
- GitHub as Code
- Module Features
- Getting Started
- Module Argument Reference
- Module Outputs
- External Documentation
- Module Versioning
- About Mineiros
- Reporting Issues
- Contributing
- Makefile Targets
- License
GitHub as Code is a commercial solution built on top of our open-source Terraform modules for GitHub. It helps our customers to manage their GitHub organization more efficiently by enabling anyone in their organization to self-service manage on- and offboarding of users, repositories, and settings such as branch protections, secrets, and more through code. GitHub as Code comes with pre-configured GitHub Actions pipelines for change pre-view in Pull Requests, fully automated rollouts and rollbacks. It's a comprehensive, ready-to-use blueprint maintained by our team of platform engineering experts and saves companies such as yours tons of time by building on top of a pre-configured solution instead of building and maintaining it yourself.
For details please see https://mineiros.io/github-as-code.
-
Standard Module Features: Organization Members, Organization Owners (Admins), Organization Projects, Blocked Users, Manage Organization Settings
-
Extended Module Features: Change organization member roles without removing and re-inviting users, Rename projects without recreating (when providing unique ids), No need to import members/admins on first run, Create an all member team that contains every member of your organization
To quickly start managing your GitHub Organization with Terraform:
module "organization" {
source = "mineiros-io/organization/github"
version = "~> 0.9.0"
all_members_team_name = "Mineiros"
settings = {
billing_email = "hello@mineiros.io"
company = "Mineiros"
blog = "https://blog.mineiros.io"
email = "hello@mineiros.io"
twitter_username = "mineirosio"
location = "Berlin"
name = "Terraform Tests"
description = "This Organization is just used to run some Terraform tests for https://github.com/mineiros-io"
has_organization_projects = true
has_repository_projects = true
default_repository_permission = "read"
members_can_create_repositories = false
members_can_create_public_repositories = false
members_can_create_private_repositories = false
members_can_create_internal_repositories = false
members_can_create_pages = false
members_can_create_public_pages = false
members_can_create_private_pages = false
members_can_fork_private_repositories = false
web_commit_signoff_required = false
advanced_security_enabled_for_new_repositories = false
dependabot_alerts_enabled_for_new_repositories = false
dependabot_security_updates_enabled_for_new_repositories = false
dependency_graph_enabled_for_new_repositories = false
secret_scanning_enabled_for_new_repositories = false
secret_scanning_push_protection_enabled_for_new_repositories = false
}
members = [
"a-user",
"b-user",
]
admins = [
"a-admin",
]
blocked_users = [
"blocked-user",
"another-blocked-user",
]
projects = [
{
id = "project-a"
name = "A Great Project"
body = "This is a project created by Terraform"
}
]
}
provider "github" {}
terraform {
required_version = "~> 1.0"
required_providers {
github = {
source = "integrations/github"
version = "~> 4.0"
}
}
}
See variables.tf and examples/ for details and use-cases.
-
settings
: (Optionalobject(settings)
)A map of settings for the GitHub organization.
Default is
{"fixed_response":{"content_type":"plain/text","message_body":"Nothing to see here!","status_code":418}}
.The
settings
object accepts the following attributes:-
billing_email
: (Requiredstring
)The billing email address for the organization.
-
email
: (Optionalstring
)The email address for the organization.
-
name
: (Optionalstring
)The name for the organization.
-
description
: (Optionalstring
)The description for the organization.
-
company_name
: (Optionalstring
)The company name for the organization.
-
blog
: (Optionalstring
)The blog URL for the organization.
-
twitter_username
: (Optionalstring
)The Twitter username for the organization.
-
location
: (Optionalstring
)The location for the organization.
-
has_organization_projects
: (Optionalbool
)Whether or not organization projects are enabled for the organization.
Default is
true
. -
has_repository_projects
: (Optionalbool
)Whether or not repository projects are enabled for the organization.
Default is
true
. -
default_repository_permission
: (Optionalstring
)The default permission for organization members to create new repositories. Can be one of
read
,write
,admin
, ornone
. -
members_can_create_repositories
: (Optionalbool
)Whether or not organization members can create new repositories.
Default is
false
. -
members_can_create_public_repositories
: (Optionalbool
)Whether or not organization members can create new public repositories.
Default is
true
. -
members_can_create_private_repositories
: (Optionalbool
)Whether or not organization members can create new private repositories.
Default is
false
. -
members_can_create_internal_repositories
: (Optionalbool
)Whether or not organization members can create new internal repositories. For Enterprise Organizations only.
Default is
false
. -
members_can_create_pages
: (Optionalbool
)Whether or not organization members can create new pages.
Default is
false
. -
members_can_create_public_pages
: (Optionalbool
)Whether or not organization members can create new public pages.
Default is
false
. -
members_can_fork_private_repositories
: (Optionalbool
)Whether or not organization members can fork private repositories.
Default is
false
. -
web_commit_signoff_required
: (Optionalbool
)Whether or not commit signatures are required for commits to the organization.
Default is
false
. -
advanced_security_enabled_for_new_repositories
: (Optionalbool
)Whether or not advanced security is enabled for new repositories.
Default is
false
. -
dependabot_alerts_enabled_for_new_repositories
: (Optionalbool
)Whether or not dependabot alerts are enabled for new repositories.
Default is
false
. -
dependabot_security_updates_enabled_for_new_repositories
: (Optionalbool
)Whether or not dependabot security updates are enabled for new repositories.
Default is
false
. -
dependency_graph_enabled_for_new_repositories
: (Optionalbool
)Whether or not dependency graph is enabled for new repositories.
Default is
false
. -
secret_scanning_enabled_for_new_repositories
: (Optionalbool
)Whether or not secret scanning is enabled for new repositories.
Default is
false
. -
secret_scanning_push_protection_enabled_for_new_repositories
: (Optionalbool
)Whether or not secret scanning push protection is enabled for new repositories.
Default is
false
.
-
-
blocked_users
: (Optionalset(string)
)A list of usernames to be blocked from a GitHub organization.
Default is
[]
.Example:
blocked_users = [ "blocked-user" ]
-
members
: (Optionalset(string)
)A list of users to be added to your organization with member role. When applied, an invitation will be sent to the user to become part of the organization. When destroyed, either the invitation will be cancelled or the user will be removed.
Default is
[]
.Example:
members = [ "admin", "another-admin" ]
-
admins
: (Optionalset(string)
)A list of users to be added to your organization with admin role. When applied, an invitation will be sent to the user to become part of the organization. When destroyed, either the invitation will be cancelled or the user will be removed.
Default is
[]
.Example:
admins = [ "admin", "another-admin" ]
-
projects
: (Optionallist(project)
)Create and manage projects for the GitHub organization.
Default is
[]
.Example:
projects = [ { name = "Test Project" body = "This is a test project created by Terraform" }, { name = "Test Project without a body" } ]
-
all_members_team_name
: (Optionalstring
)The name of the team that contains all members of the organization.
-
all_members_team_visibility
: (Optionalstring
)The level of privacy for the team. Must be one of
secret
orclosed
.Default is
"secret"
. -
catch_non_existing_members
: (Optionalbool
)Validates if the list of GitHub users are existing users on every run. Use carefully as it will trigger one additional API call for every given user on every iteration.
Default is
false
.
The following attributes are exported by the module:
-
blocked_users
: (set(string)
)A list of
github_organization_block
resource objects that describe all users that are blocked by the organization. -
memberships
: (list(membership)
)A list of
github_membership
resource objects that describe all members of the organization. -
projects
: (list(project)
)A list of
github_organization_project
resource objects that describe all projects of the organization. -
all_members_team
: (object(all_members_team)
)The outputs of the all members team that contains all members of your organization.
-
settings
: (object(all_members_team)
)The outputs of the organization settings.
This Module follows the principles of Semantic Versioning (SemVer).
Given a version number MAJOR.MINOR.PATCH
, we increment the:
MAJOR
version when we make incompatible changes,MINOR
version when we add functionality in a backwards compatible manner, andPATCH
version when we make backwards compatible bug fixes.
- Backwards compatibility in versions
0.0.z
is not guaranteed whenz
is increased. (Initial development) - Backwards compatibility in versions
0.y.z
is not guaranteed wheny
is increased. (Pre-release)
Mineiros is a DevOps as a Service company based in Berlin, Germany. We offer commercial support for all of our projects and encourage you to reach out if you have any questions or need help. Feel free to send us an email at hello@mineiros.io or join our Community Slack channel.
We can also help you with:
- Terraform modules for all types of infrastructure such as VPCs, Docker clusters, databases, logging and monitoring, CI, etc.
- Consulting & training on AWS, Terraform and DevOps
We use GitHub Issues to track community reported issues and missing features.
Contributions are always encouraged and welcome! For the process of accepting changes, we use Pull Requests. If you'd like more information, please see our Contribution Guidelines.
This repository comes with a handy Makefile.
Run make help
to see details on each available target.
This module is licensed under the Apache License Version 2.0, January 2004. Please see LICENSE for full details.
Copyright © 2021-2022 Mineiros GmbH