From c133bde39b37198f676ec2b14729095bb11d5234 Mon Sep 17 00:00:00 2001 From: softwaredevelop <61334390+softwaredevelop@users.noreply.github.com> Date: Sat, 11 Apr 2026 18:49:39 +0200 Subject: [PATCH] iac: pulumi files --- iac/pulumi/github/repository/Pulumi.yaml | 5 + iac/pulumi/github/repository/dev.env | 6 + iac/pulumi/github/repository/main.go | 145 +++++++++++++++++++++++ 3 files changed, 156 insertions(+) create mode 100644 iac/pulumi/github/repository/Pulumi.yaml create mode 100644 iac/pulumi/github/repository/dev.env create mode 100644 iac/pulumi/github/repository/main.go diff --git a/iac/pulumi/github/repository/Pulumi.yaml b/iac/pulumi/github/repository/Pulumi.yaml new file mode 100644 index 0000000..c75cd7e --- /dev/null +++ b/iac/pulumi/github/repository/Pulumi.yaml @@ -0,0 +1,5 @@ +name: github-repos +runtime: go +description: Pulumi project for provisioning and managing GitHub repositories across various projects +options: + refresh: always diff --git a/iac/pulumi/github/repository/dev.env b/iac/pulumi/github/repository/dev.env new file mode 100644 index 0000000..2985fed --- /dev/null +++ b/iac/pulumi/github/repository/dev.env @@ -0,0 +1,6 @@ +# env/dev.env +GITHUB_OWNER= +GITHUB_TOKEN= +GITLAB_OWNER= +GITLAB_REPOSITORY= +GITLAB_TOKEN= diff --git a/iac/pulumi/github/repository/main.go b/iac/pulumi/github/repository/main.go new file mode 100644 index 0000000..eb4b981 --- /dev/null +++ b/iac/pulumi/github/repository/main.go @@ -0,0 +1,145 @@ +//revive:disable:package-comments,exported +package main + +import ( + "github.com/pulumi/pulumi-github/sdk/v6/go/github" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config" +) + +const ( + repositoryName = "daggerverse" + repositoryDescription = "Reusable Dagger modules for declarative, reproducible CI/CD pipelines and development workflows." + defaultBranch = "main" +) + +// Config layer + +type GitLabConfig struct { + Repository string + Owner string + Token pulumi.StringOutput +} + +func LoadGitLabConfig(ctx *pulumi.Context) GitLabConfig { + cfg := config.New(ctx, "gitlab") + + return GitLabConfig{ + Repository: cfg.Require("repository"), + Owner: cfg.Require("owner"), + Token: cfg.RequireSecret("token"), + } +} + +// Resources + +type GitHubResource struct { + Repository *github.Repository +} + +func defineInfrastructure(ctx *pulumi.Context) (*GitHubResource, error) { + // Load config + gitlab := LoadGitLabConfig(ctx) + + // Repository + repository, err := github.NewRepository(ctx, "daggerverseRepository", &github.RepositoryArgs{ + DeleteBranchOnMerge: pulumi.Bool(true), + Description: pulumi.String(repositoryDescription), + HasIssues: pulumi.Bool(true), + HasProjects: pulumi.Bool(true), + Name: pulumi.String(repositoryName), + Topics: pulumi.StringArray{ + pulumi.String("dagger"), + pulumi.String("daggerverse"), + pulumi.String("github"), + pulumi.String("gitlab"), + pulumi.String("go"), + pulumi.String("golang"), + pulumi.String("pulumi"), + pulumi.String("vscode"), + }, + Visibility: pulumi.String("public"), + // VulnerabilityAlerts: pulumi.Bool(true), + }, pulumi.Protect(false)) + if err != nil { + return nil, err + } + + // Branch protection + _, err = github.NewBranchProtection(ctx, "daggerverseMainBranchProtection", &github.BranchProtectionArgs{ + RepositoryId: repository.NodeId, + Pattern: pulumi.String(defaultBranch), + RequiredLinearHistory: pulumi.Bool(true), + }, pulumi.Protect(false)) + if err != nil { + return nil, err + } + + // Labels + _, err = github.NewIssueLabel(ctx, "daggerverseLabelGithubActions", &github.IssueLabelArgs{ + Color: pulumi.String("E66E01"), + Description: pulumi.String("This issue is related to github-actions dependencies"), + Name: pulumi.String("dependencies:github-actions"), + Repository: repository.Name, + }, pulumi.Protect(false)) + if err != nil { + return nil, err + } + + _, err = github.NewIssueLabel(ctx, "daggerverseLabelGoModules", &github.IssueLabelArgs{ + Color: pulumi.String("9BE688"), + Description: pulumi.String("This issue is related to go modules dependencies"), + Name: pulumi.String("dependencies:go-modules"), + Repository: repository.Name, + }, pulumi.Protect(false)) + if err != nil { + return nil, err + } + + // GitHub Actions secrets + _, err = github.NewActionsSecret(ctx, "daggerverseGitlabRepositorySecret", &github.ActionsSecretArgs{ + Repository: repository.Name, + SecretName: pulumi.String("GITLAB_REPOSITORY"), + PlaintextValue: pulumi.String(gitlab.Repository), + }, pulumi.Parent(repository), pulumi.Protect(false)) + if err != nil { + return nil, err + } + + _, err = github.NewActionsSecret(ctx, "daggerverseGitlabTokenSecret", &github.ActionsSecretArgs{ + Repository: repository.Name, + SecretName: pulumi.String("GITLAB_TOKEN"), + PlaintextValue: gitlab.Token, + }, pulumi.Parent(repository), pulumi.Protect(false)) + if err != nil { + return nil, err + } + + _, err = github.NewActionsSecret(ctx, "daggerverseGitlabOwnerSecret", &github.ActionsSecretArgs{ + Repository: repository.Name, + SecretName: pulumi.String("GITLAB_OWNER"), + PlaintextValue: pulumi.String(gitlab.Owner), + }, pulumi.Parent(repository), pulumi.Protect(false)) + if err != nil { + return nil, err + } + + return &GitHubResource{ + Repository: repository, + }, nil +} + +// Entry point + +func main() { + pulumi.Run(func(ctx *pulumi.Context) error { + resources, err := defineInfrastructure(ctx) + if err != nil { + return err + } + + ctx.Export("repositoryName", resources.Repository.Name) + ctx.Export("repositoryUrl", resources.Repository.HtmlUrl) + return nil + }) +}