A comprehensive collection of Terraform modules for managing GitHub resources, including organization settings, repositories, teams, and team memberships. This project simplifies and automates GitHub organization management using Infrastructure as Code (IaC) principles.
- π’ Organization Management: Configure organization-level settings, company information, and social profiles
- π¦ Repository Management: Create, configure, and secure GitHub repositories with comprehensive settings
- π₯ Team Management: Define teams, manage memberships, and control repository access
- π Security Controls: Implement branch protection rules, security scanning, and access controls
- π§ Enterprise Ready: Full compatibility with GitHub Enterprise Server and GitHub.com
- π Modular Design: Use individual modules independently or combine them for complete GitHub management
terraform-github-management/
βββ modules/
β βββ organization/ # Organization settings and configuration
β βββ repositories/ # Repository creation and management
β βββ teams/ # Team creation and membership management
βββ examples/ # Example configurations for each module
β βββ organization-settings/
β βββ repositories/
β βββ teams/
βββ README.md # This documentation
βββ LICENSE # MIT License
βββ version.tf # Provider and Terraform version constraints
-
Terraform: Version
>= 1.9.0terraform --version
-
GitHub Provider: Version
~> 6.4(automatically installed) -
GitHub Authentication: Personal Access Token or GitHub App
export GITHUB_TOKEN="your_github_personal_access_token"
Required Token Scopes:
repo- Full repository accessadmin:org- Organization administrationread:org- Organization read accessuser- User profile access (for membership management)
-
Permissions: Organization owner or appropriate admin permissions for the resources you want to manage
module "organization" {
source = "github.com/elemntlabs/terraform-github-management//modules/organization"
organization_name = "my-awesome-org"
company_name = "My Company Inc."
organization_description = "Building amazing software together"
billing_email = "[email protected]"
blog_url = "https://mycompany.com/blog"
twitter_username = "mycompany"
}module "repositories" {
source = "github.com/elemntlabs/terraform-github-management//modules/repositories"
repositories = {
"web-frontend" = {
description = "Frontend application"
visibility = "public"
has_issues = true
auto_init = true
topics = ["react", "frontend", "web"]
}
"api-backend" = {
description = "Backend API service"
visibility = "private"
has_issues = true
auto_init = true
topics = ["golang", "api", "backend"]
}
}
default_branch_protection = {
pattern = "main"
enforce_admins = true
require_conversation_resolution = true
required_pull_request_reviews = {
required_approving_review_count = 1
require_code_owner_reviews = true
}
}
}module "teams" {
source = "github.com/elemntlabs/terraform-github-management//modules/teams"
teams = {
"developers" = {
description = "Development team"
privacy = "closed"
}
"maintainers" = {
description = "Repository maintainers"
privacy = "closed"
}
}
team_memberships = {
"developers" = {
members = {
"alice" = { role = "member" }
"bob" = { role = "member" }
"carol" = { role = "maintainer" }
}
}
}
team_repositories = {
"developers" = {
repositories = {
"web-frontend" = { permission = "push" }
"api-backend" = { permission = "push" }
}
}
}
}Manages GitHub organization settings and configuration.
Key Features:
- Organization profile and company information
- Billing and contact details
- Social media integration
- Organization-level settings
Example:
module "organization" {
source = "./modules/organization"
organization_name = "ACME Corp"
company_name = "ACME Corporation"
organization_description = "Making the world better with software"
billing_email = "[email protected]"
blog_url = "https://acme.com/blog"
twitter_username = "acmecorp"
}Comprehensive repository management with security and collaboration features.
Key Features:
- Repository creation and configuration
- Branch protection rules
- Collaborator and team access management
- Security and analysis features
- GitHub Pages support
- Template repository support
Example:
module "repositories" {
source = "./modules/repositories"
repositories = {
"awesome-project" = {
description = "An awesome open source project"
visibility = "public"
has_issues = true
topics = ["awesome", "open-source"]
}
}
default_branch_protection = {
pattern = "main"
required_pull_request_reviews = {
required_approving_review_count = 2
}
}
}Complete team management with hierarchical support and permission control.
Key Features:
- Team creation and configuration
- Team membership management
- Repository access control
- Team hierarchy support
- LDAP integration (GitHub Enterprise)
Example:
module "teams" {
source = "./modules/teams"
teams = {
"frontend-team" = {
description = "Frontend development team"
privacy = "closed"
}
}
team_memberships = {
"frontend-team" = {
members = {
"developer1" = { role = "member" }
"lead-dev" = { role = "maintainer" }
}
}
}
}All modules are fully compatible with GitHub Enterprise Server. Configure the provider for your enterprise instance:
provider "github" {
base_url = "https://github.enterprise.com/api/v3/"
token = var.github_token
}Enterprise-Specific Features:
- LDAP team synchronization
- SAML SSO integration
- Advanced security and compliance features
- Enterprise-specific repository settings
# Configure the provider
terraform {
required_providers {
github = {
source = "integrations/github"
version = "~> 6.4"
}
}
required_version = ">= 1.9.0"
}
provider "github" {
token = var.github_token
}
# Organization setup
module "organization" {
source = "./modules/organization"
organization_name = var.org_name
company_name = var.company_name
organization_description = var.org_description
billing_email = var.billing_email
blog_url = var.blog_url
twitter_username = var.twitter_username
}
# Create teams first
module "teams" {
source = "./modules/teams"
teams = var.teams
team_memberships = var.team_memberships
team_repositories = var.team_repositories
}
# Create repositories with team access
module "repositories" {
source = "./modules/repositories"
depends_on = [module.teams]
repositories = var.repositories
default_branch_protection = var.branch_protection
collaborators = var.collaborators
team_repositories = var.team_repository_access
}# variables.tf
variable "github_token" {
description = "GitHub personal access token"
type = string
sensitive = true
}
variable "org_name" {
description = "GitHub organization name"
type = string
}
variable "teams" {
description = "Teams configuration"
type = map(object({
description = string
privacy = string
}))
}
variable "repositories" {
description = "Repositories configuration"
type = map(object({
description = string
visibility = string
has_issues = bool
topics = list(string)
}))
}# Validate all modules
terraform validate
# Validate specific module
cd modules/repositories && terraform validate# See what changes will be made
terraform plan
# Apply changes
terraform apply
# Apply with auto-approval (use carefully)
terraform apply -auto-approveWe recommend using Terratest for automated testing:
func TestRepositoriesModule(t *testing.T) {
terraformOptions := &terraform.Options{
TerraformDir: "../examples/repositories",
}
defer terraform.Destroy(t, terraformOptions)
terraform.InitAndApply(t, terraformOptions)
// Add your assertions here
}Complete examples are available in the examples/ directory:
- Organization Settings - Basic organization configuration
- Repository Management - Comprehensive repository setup with security
- Team Management - Team creation with members and permissions
Each example includes:
- Complete Terraform configuration
- Variable definitions
- Expected outputs
- Usage instructions
- Token Security: Never commit GitHub tokens to version control
- Principle of Least Privilege: Grant minimum necessary permissions
- Branch Protection: Enable branch protection on all important repositories
- Required Reviews: Require code reviews for all changes
- Status Checks: Implement CI/CD status checks
- Team Permissions: Use teams instead of individual collaborators when possible
We welcome contributions! Please see our Contributing Guidelines for details.
- Fork this repository
- Clone your fork:
git clone https://github.com/yourusername/terraform-github-management.git - Create a feature branch:
git checkout -b feature/amazing-feature - Make your changes and test them
- Commit your changes:
git commit -m 'Add amazing feature' - Push to the branch:
git push origin feature/amazing-feature - Open a Pull Request
- Follow Terraform best practices
- Include comprehensive documentation
- Add examples for new features
- Ensure all modules validate successfully
- Write clear commit messages
This project is licensed under the MIT License - see the LICENSE file for details.
This project is maintained by Endalkachew Biruk at Elemnt Labs.
- π« Issues: GitHub Issues
- π¬ Discussions: GitHub Discussions
- π Documentation: Module Documentation
- HashiCorp for Terraform
- GitHub for the GitHub Terraform Provider
- The open-source community for inspiration and contributions
Made with β€οΈ by Elemnt Labs