Skip to content

nathlan/github-config

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

158 Commits
.devcontainer
.devcontainer
 
 
.github
.github
 
 
.vscode
.vscode
 
 
docs
docs
 
 
terraform
terraform
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

github-config

Migration notice: This repository was developed under the nathlan organisation. Replace all references to nathlan with <YOUR_GITHUB_ORG> before use — see the migration checklist for the full list.

This repository manages a GitHub organisation's configuration — repositories, teams, branch protection rulesets, CODEOWNERS files, Actions secrets and variables, Copilot agent environments, and Agentic Workflows — as Terraform infrastructure-as-code. A single root module in terraform/ declares all resources. Changes go through pull request review and a four-stage CI/CD pipeline (validate → security scan → plan → apply) backed by OIDC-authenticated Azure state storage.

What You'll Need

  • Azure Storage Account and blob container for Terraform state
  • Azure Managed Identity with a Federated Identity Credential (OIDC)
  • GitHub App installed on your organisation (admin, contents, PRs, secrets, variables, workflows permissions)
  • Service account with fine-grained PATs for Copilot and Agentic Workflow secrets
  • GitHub prod environment on the github-config repository

See docs/prerequisites.md for the complete prerequisites inventory and per-step checklists.

Quick Start

Follow the step-by-step deployment guide: docs/SETUP.md

Migrate org references → provision Azure state storage → create GitHub App → generate PATs → configure secrets and variables → first apply.

Documentation

Document Description
docs/prerequisites.md Prerequisites, secrets inventory, migration checklist
docs/SETUP.md Ordered deployment guide
docs/ARCHITECTURE.md Design rationale, authentication model, CI/CD pipeline
docs/analysis.md Codebase analysis — variables, resources, workflows
terraform/README.md Terraform module reference

Agent Workflows

The repository uses a two-tier agent architecture for automated provisioning.

[Agentic Workflow] — GitHub Config Dispatcher

Event-driven workflow triggered by issues: [opened, closed] with the github-config label. Assigns a coding agent to the issue and posts a completion comment.

  • Definition: .github/workflows/github-config-dispatcher.md
  • Compiled: .github/workflows/github-config-dispatcher.lock.yml

[Cloud coding agent] — GitHub Configuration Agent

Headless agent (.github/agents/github-config.agent.md) assigned by the dispatcher. Parses issue configuration, edits terraform/terraform.tfvars, commits to a branch, and creates a PR for human review. Uses Copilot built-in tools, Terraform MCP Server, and GitHub MCP Server.

Developer Experience

  • MCP integration.vscode/mcp.json configures Terraform and GitHub MCP servers for agent tool access

Repository Structure

.
├── .github/
│   ├── agents/
│   │   └── github-config.agent.md
│   ├── aw/
│   │   └── actions-lock.json
│   └── workflows/
│       ├── copilot-setup-steps.yml
│       ├── github-config-dispatcher.lock.yml   ← compiled
│       ├── github-config-dispatcher.md         ← Agentic Workflow definition
│       └── github-terraform-cicd.yml
├── .vscode/
│   └── mcp.json
├── docs/
│   ├── ARCHITECTURE.md
│   ├── SETUP.md
│   ├── analysis.md
│   └── prerequisites.md
└── terraform/
    ├── data.tf
    ├── imports.tf
    ├── main.tf
    ├── outputs.tf
    ├── provider.tf
    ├── README.md
    ├── terraform.tf
    ├── terraform.tfvars
    └── variables.tf

About

GitHub repository configuration managed with Terraform

Topics

shared-resources terraform-managed

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages