Adds Pulumi config to manage GitHub

[cogni-ai-ee]

Summary by CodeRabbit

• New Features

  • Added Pulumi-based GitHub resource support to enable repo provisioning via IaC.

• Documentation

  • Added guides covering Pulumi-GitHub workflows, import/apply commands, state management, and Git history-rewrite guidance.

• Chores

  • Updated dev environment to include Pulumi tooling and dependency.
  • Removed two devcontainer editor extensions.
  • Updated ignore patterns to include Pulumi artifacts and related YAML files.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

Adds Pulumi infrastructure for managing GitHub repositories, updates devcontainer and Python requirements to include Pulumi, adjusts ignore rules to include Pulumi artifacts (and stop ignoring .token.json), and adds documentation and skill guides for Pulumi-GitHub and Git history-rewrite workflows.

Changes

Cohort / File(s)	Summary
Ignore & Lint Configs \.cursorignore, \.gitignore, \.yamllint	Stop ignoring .token.json in .cursorignore; add Pulumi.*.yaml and .pulumi/ to ignore lists and lint ignores.
Devcontainer & Runtime deps .devcontainer/devcontainer.json, .devcontainer/requirements.txt	Remove two Claude VSCode extensions; add Pulumi devcontainer feature and add pulumi-github to devcontainer Python requirements.
Pulumi project pulumi/Cogni-AI-OU/Pulumi.yaml, pulumi/Cogni-AI-OU/README.md	New Pulumi YAML declaring three GitHub repositories (one repo + two templates), outputs for repository names, and pulumi tags; README with setup, import, and apply guidance.
Skill docs .github/skills/pulumi-github/SKILL.md, .github/skills/git/SKILL.md	New Pulumi-GitHub skill guide with usage/operational notes; Git skill extended with a "History Rewrites with Hooks" non-interactive workflow.

Sequence Diagram(s)

sequenceDiagram
  actor Developer as Developer
  participant Devcontainer as Devcontainer (IDE)
  participant PulumiCLI as Pulumi CLI
  participant GitHub as GitHub API
  participant State as Pulumi State

  rect rgba(135,206,250,0.5)
    Developer->>Devcontainer: open repo (devcontainer with Pulumi feature)
    Developer->>PulumiCLI: set env (GITHUB_TOKEN), configure stack
    Developer->>PulumiCLI: pulumi preview
    PulumiCLI->>GitHub: query resources (read)
    GitHub-->>PulumiCLI: current state
    PulumiCLI->>State: compare desired vs actual
    Note right of PulumiCLI: preview generated
    Developer->>PulumiCLI: pulumi up --yes
    PulumiCLI->>GitHub: create/update repository resources
    GitHub-->>PulumiCLI: confirm changes
    PulumiCLI->>State: persist new state
    PulumiCLI-->>Developer: apply complete / outputs
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 I hopped through YAML, tags, and name,

Pulumi seeds sprouted into GitHub fame.
Devcontainer prepped, tokens set just right,
Templates and repos hopped into sight.
A tiny rabbit cheers this infra flight!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'Adds Pulumi config to manage GitHub' accurately reflects the main change: introducing Pulumi configuration to manage GitHub resources through Infrastructure as Code.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@pulumi/Cogni-AI-OU/Pulumi.yaml`:
- Around line 53-55: Pulumi repo config currently disables all merge strategies
(allowMergeCommit, allowRebaseMerge, allowSquashMerge); change Pulumi.yaml so at
least one of these keys is set to true (e.g., set allowSquashMerge: true) to
enable a permitted merge method and keep the others as desired. Ensure you
update the keys allowMergeCommit, allowRebaseMerge, or allowSquashMerge
accordingly in the Pulumi.yaml file so one merge strategy is enabled.
- Around line 32-34: The repository settings currently disable all merge
strategies (allowMergeCommit, allowRebaseMerge, allowSquashMerge); update
Pulumi.yaml to enable at least one merge method by setting one of these flags to
true (for example set allowSquashMerge: true) so the repo can accept merges;
edit the block containing allowMergeCommit, allowRebaseMerge, and
allowSquashMerge to reflect the chosen enabled option.
- Around line 9-11: The repository settings currently disable all merge
strategies (allowMergeCommit, allowRebaseMerge, allowSquashMerge all set to
false), preventing PRs from being merged; enable at least one
strategy—preferably set allowSquashMerge: true (or set allowMergeCommit: true /
allowRebaseMerge: true if you prefer) and keep the other flags as desired; apply
the same change to the other occurrences of these keys in the file where the
three flags are set (the other blocks with allowMergeCommit, allowRebaseMerge,
allowSquashMerge) so at least one merge strategy is enabled across all
repository blocks.

🧹 Nitpick comments (1)

.devcontainer/requirements.txt (1)

13-13: Consider pinning pulumi-github version for reproducibility.

The pulumi-github package is added without version pinning. While this matches the pattern of most other dependencies in this file, unpinned dependencies can lead to unexpected breaking changes or inconsistent environments. Consider pinning to a specific version (e.g., pulumi-github>=6.0.0) to ensure reproducible builds.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

All merge strategies are disabled—PRs cannot be merged.

Setting allowMergeCommit, allowRebaseMerge, and allowSquashMerge all to false prevents any pull request from being merged via the GitHub UI. At least one merge strategy must be enabled.

🐛 Proposed fix to enable squash merge (recommended for cleaner history)

       allowMergeCommit: false
       allowRebaseMerge: false
-      allowSquashMerge: false
+      allowSquashMerge: true

Apply the same fix to the other repositories at lines 32-34 and 53-55.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	allowMergeCommit: false
	allowRebaseMerge: false
	allowSquashMerge: false
	allowMergeCommit: false
	allowRebaseMerge: false
	allowSquashMerge: true

🤖 Prompt for AI Agents

In `@pulumi/Cogni-AI-OU/Pulumi.yaml` around lines 9 - 11, The repository settings
currently disable all merge strategies (allowMergeCommit, allowRebaseMerge,
allowSquashMerge all set to false), preventing PRs from being merged; enable at
least one strategy—preferably set allowSquashMerge: true (or set
allowMergeCommit: true / allowRebaseMerge: true if you prefer) and keep the
other flags as desired; apply the same change to the other occurrences of these
keys in the file where the three flags are set (the other blocks with
allowMergeCommit, allowRebaseMerge, allowSquashMerge) so at least one merge
strategy is enabled across all repository blocks.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Same merge strategy issue—all disabled.

Same issue as repo_github_git_ops: no merge method is enabled. Enable at least one.

🤖 Prompt for AI Agents

In `@pulumi/Cogni-AI-OU/Pulumi.yaml` around lines 32 - 34, The repository settings
currently disable all merge strategies (allowMergeCommit, allowRebaseMerge,
allowSquashMerge); update Pulumi.yaml to enable at least one merge method by
setting one of these flags to true (for example set allowSquashMerge: true) so
the repo can accept merges; edit the block containing allowMergeCommit,
allowRebaseMerge, and allowSquashMerge to reflect the chosen enabled option.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Same merge strategy issue—all disabled.

Same issue as the other repositories: no merge method is enabled. Enable at least one.

🤖 Prompt for AI Agents

In `@pulumi/Cogni-AI-OU/Pulumi.yaml` around lines 53 - 55, Pulumi repo config
currently disables all merge strategies (allowMergeCommit, allowRebaseMerge,
allowSquashMerge); change Pulumi.yaml so at least one of these keys is set to
true (e.g., set allowSquashMerge: true) to enable a permitted merge method and
keep the others as desired. Ensure you update the keys allowMergeCommit,
allowRebaseMerge, or allowSquashMerge accordingly in the Pulumi.yaml file so one
merge strategy is enabled.