softwaredevelop · softwaredevelop · Apr 11, 2026 · Apr 11, 2026
diff --git a/iac/pulumi/github/repository/Pulumi.yaml b/iac/pulumi/github/repository/Pulumi.yaml
@@ -0,0 +1,5 @@
+name: github-repos
+runtime: go
+description: Pulumi project for provisioning and managing GitHub repositories across various projects
+options:
+  refresh: always
diff --git a/iac/pulumi/github/repository/dev.env b/iac/pulumi/github/repository/dev.env
@@ -0,0 +1,6 @@
+# env/dev.env
+GITHUB_OWNER=
+GITHUB_TOKEN=
+GITLAB_OWNER=
+GITLAB_REPOSITORY=
+GITLAB_TOKEN=
diff --git a/iac/pulumi/github/repository/main.go b/iac/pulumi/github/repository/main.go
@@ -0,0 +1,145 @@
+//revive:disable:package-comments,exported
+package main
+
+import (
+	"github.com/pulumi/pulumi-github/sdk/v6/go/github"
+	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
+	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
+)
+
+const (
+	repositoryName        = "daggerverse"
+	repositoryDescription = "Reusable Dagger modules for declarative, reproducible CI/CD pipelines and development workflows."
+	defaultBranch         = "main"
+)
+
+// Config layer
+
+type GitLabConfig struct {
+	Repository string
+	Owner      string
+	Token      pulumi.StringOutput
+}
+
+func LoadGitLabConfig(ctx *pulumi.Context) GitLabConfig {
+	cfg := config.New(ctx, "gitlab")
+
+	return GitLabConfig{
+		Repository: cfg.Require("repository"),
+		Owner:      cfg.Require("owner"),
+		Token:      cfg.RequireSecret("token"),
+	}
+}
+
+// Resources
+
+type GitHubResource struct {
+	Repository *github.Repository
+}
+
+func defineInfrastructure(ctx *pulumi.Context) (*GitHubResource, error) {
+	// Load config
+	gitlab := LoadGitLabConfig(ctx)
+
+	// Repository
+	repository, err := github.NewRepository(ctx, "daggerverseRepository", &github.RepositoryArgs{
+		DeleteBranchOnMerge: pulumi.Bool(true),
+		Description:         pulumi.String(repositoryDescription),
+		HasIssues:           pulumi.Bool(true),
+		HasProjects:         pulumi.Bool(true),
+		Name:                pulumi.String(repositoryName),
+		Topics: pulumi.StringArray{
+			pulumi.String("dagger"),
+			pulumi.String("daggerverse"),
+			pulumi.String("github"),
+			pulumi.String("gitlab"),
+			pulumi.String("go"),
+			pulumi.String("golang"),
+			pulumi.String("pulumi"),
+			pulumi.String("vscode"),
+		},
+		Visibility: pulumi.String("public"),
+		// VulnerabilityAlerts: pulumi.Bool(true),
+	}, pulumi.Protect(false))
+	if err != nil {
+		return nil, err
+	}
+
+	// Branch protection
+	_, err = github.NewBranchProtection(ctx, "daggerverseMainBranchProtection", &github.BranchProtectionArgs{
+		RepositoryId:          repository.NodeId,
+		Pattern:               pulumi.String(defaultBranch),
+		RequiredLinearHistory: pulumi.Bool(true),
+	}, pulumi.Protect(false))
+	if err != nil {
+		return nil, err
+	}
+
+	// Labels
+	_, err = github.NewIssueLabel(ctx, "daggerverseLabelGithubActions", &github.IssueLabelArgs{
+		Color:       pulumi.String("E66E01"),
+		Description: pulumi.String("This issue is related to github-actions dependencies"),
+		Name:        pulumi.String("dependencies:github-actions"),
+		Repository:  repository.Name,
+	}, pulumi.Protect(false))
+	if err != nil {
+		return nil, err
+	}
+
+	_, err = github.NewIssueLabel(ctx, "daggerverseLabelGoModules", &github.IssueLabelArgs{
+		Color:       pulumi.String("9BE688"),
+		Description: pulumi.String("This issue is related to go modules dependencies"),
+		Name:        pulumi.String("dependencies:go-modules"),
+		Repository:  repository.Name,
+	}, pulumi.Protect(false))
+	if err != nil {
+		return nil, err
+	}
+
+	// GitHub Actions secrets
+	_, err = github.NewActionsSecret(ctx, "daggerverseGitlabRepositorySecret", &github.ActionsSecretArgs{
+		Repository:     repository.Name,
+		SecretName:     pulumi.String("GITLAB_REPOSITORY"),
+		PlaintextValue: pulumi.String(gitlab.Repository),
+	}, pulumi.Parent(repository), pulumi.Protect(false))
+	if err != nil {
+		return nil, err
+	}
+
+	_, err = github.NewActionsSecret(ctx, "daggerverseGitlabTokenSecret", &github.ActionsSecretArgs{
+		Repository:     repository.Name,
+		SecretName:     pulumi.String("GITLAB_TOKEN"),
+		PlaintextValue: gitlab.Token,
+	}, pulumi.Parent(repository), pulumi.Protect(false))
+	if err != nil {
+		return nil, err
+	}
+
+	_, err = github.NewActionsSecret(ctx, "daggerverseGitlabOwnerSecret", &github.ActionsSecretArgs{
+		Repository:     repository.Name,
+		SecretName:     pulumi.String("GITLAB_OWNER"),
+		PlaintextValue: pulumi.String(gitlab.Owner),
+	}, pulumi.Parent(repository), pulumi.Protect(false))
+	if err != nil {
+		return nil, err
+	}
+
+	return &GitHubResource{
+		Repository: repository,
+	}, nil
+}
+
+// Entry point
+
+func main() {
+	pulumi.Run(func(ctx *pulumi.Context) error {
+		resources, err := defineInfrastructure(ctx)
+		if err != nil {
+			return err
+		}
+
+		ctx.Export("repositoryName", resources.Repository.Name)
+		ctx.Export("repositoryUrl", resources.Repository.HtmlUrl)
+		return nil
+	})
+}