This repository contains Terraform configurations for all Terraform modules managed as part of terraform-aws-modules organization on GitHub.
What exactly is managed here?
- Branch protections (status checks, pull-request reviews, restrictions)
- Team repositories
- Team memberships
- Organization memberships (admins and members)
- .github issues and PR templates
- GitHub Actions
Why here and not in each individual repository?
It is hard to keep things identical, predictable, and with high-quality, while focusing on maintaining Terraform modules.
GitHub allows to have a special repository named .github where common files like
SECURITY.md are stored. Those files are automatically used by all repositories across the whole GitHub organization.
Ideally, individual Terraform module repository should contain only Terraform configurations and have standard procedures for releasing, updating, testing, documenting, defined in a central place (this repo).
- Terraform 0.12+
- Terragrunt 0.23+
- Terraform Docs
- pre-commit hooks
- githubfile Terraform provider (compile and install manually)
If you are using Mac, you can install all dependencies using Homebrew:
$ brew install terraform terragrunt terraform-docs pre-commit
🔒 GitHub Token
GitHub Personal Access Token is stored using SecretHub.io and populated during execution by Terragrunt.
Give SecretHub.io a try if you are tired of struggling with secrets already. Remember to mention that you have read about it here. :)
Manage GitHub resources (repositories, teams, members):
$ cd github/main $ terragrunt apply
Manage files in one repository (eg,
$ cd github/repositories/terraform-aws-modules/terraform-aws-vpc $ terragrunt apply
Manage files in all repositories (not supported):
Currently it is not well implemented here yet. Due to a large amount of API calls to GitHub and inability of terragrunt to limit execution to a single process.
$ cd github/repositories $ terragrunt plan-all # <- it is a good idea to see changes :) $ terragrunt apply-all
Ideas for later
- Use SecretHub for storing secret Github Token
- Prevent making changes in files managed by this repo in repositories (tell users during PR checks)
- Finish running code in this repo -
- Verify if GitHub is actually using the files in "ISSUE_TEMPLATE" directory from
.githubrepository. Verify and update if necessary.
This repository is managed by Anton Babenko.
Apache 2 Licensed. See LICENSE for full details.