Manage GitHub settings with Puppet

Manage GitHub settings with Puppet Git-based version systems have become the cornerstone of many best practices in development teams. In the last couple of years, with the rise of continuous delivery and continuous deployment, slowly but surely git has also gained a foothold in the operations environment. The DevOps mindset propagates the use of Infrastructure as Code and to put all this code in versioning systems like git. So git has become a big thing and an integral part of DevOps processes and tools. Examples of this are the full integration of Puppet and git. In the world of git Github has been one of the largest git service providers and many organizations are depending on either the hosted GitHub version or their own GitHub enterprise to drive both their development as well as their operations. But along the way, we forgot something. We should be putting all our configuration in code. But what about the GitHub configuration? Most of this is still done by clicking around. How can we move out GitHub configuration into code aswell.

Introducing github_config

Enterprise Modules now introduces the github_config puppet module. This module allows you to codify the setup of your GitHub setup into readable and maintainable Puppet code. Now a change in your setup is as easy as changing a line of Puppet code. You can use the same processes including reviews and other quality checks on the most important asset of your IT infrastructure: Your GitHub repo’s and their security.

The types

In this blog post, we will only briefly introduce the extensions to the puppet language (the Puppet types). In a later blog post, we will take you through some examples.

The github_config module allows you to manage:

  • github_collaborator
  • github_credentials
  • github_deploy_key
  • github_hook
  • github_organization
  • github_repo
  • github_team
  • github_team_repo

In the next paragraphs we are going to show you short example on these types.

github_collaborator

Allows you to manage GitHub collaborators on your repository. For organization-owned repositories, the list of collaborators includes outside collaborators, organization members with access through team memberships, organization members with access through default organization permissions, and organization owners.

Here is an example on how to do this:

github_collaborator { 'authentication/owner/repo:collaborator':
  ensure      => 'present',
  permissions => 'pull',
}

github_credentials

Specifies the credentials to use when connecting to GitHub.

Here is an example on how to use this:

github_credentials { 'user':
  ensure   => 'present',
  password => 'very_secret',
  username => 'github_username',
}

You can use multiple accounts. I that case all github puppet types will fetch information from all accounts.

github_deploy_key

Allows you to manage GitHub depoloy_keys. You can specify one or more deploy_keys to a repository. Here is an example:

  github_deploy_key { 'authentication/owner/repo:key_name':
    ensure    => 'present',
    key       => 'ssh-rsa XXXXB3NzaC5yc2EXXXXDAQABXXABAQDgrJyY5r+jfg+J5/nagq46UFVSwCLFwMh3UClkNTBxseuMxSa+GTBmeBnTDJySq5QxaCPj6P3oIIOUhjWZcjXo7MxAMXeTiPaMDQH9q8NJGiXhP19UDvEQMllHZG6qJmSNxAWkrFAIDxLO03AQYkYYoZSwF3lqcWQhCNtiRiCq2ivWBoRgotfXa6muo3yVvvsHVQnv9EojyfBdCxBZmRnRY9cAXGBQ2fx9TFba3cURgH9T9q2E6rB6TRI0jVDwvmdL/wLQPrNxUBD8lxd/uk4cE45emMFtQm0Hu4D/zlQLNarsiBhIaFFFOqIW+SJvmYipL6YxDX+huFdDrlfhFmwp',
    read_only => 'false',
  }

When you are specifying a different key or change the read_only property, under the hood puppet will delete the key and create a new one.

github_hook

Allows you to manage repository hooks. The Repository Webhooks API allows repository admins to manage the post-receive hooks for a repository. Webhooks can be managed using the JSON HTTP API, or the PubSubHubbub API.

If you would like to set up a single webhook to receive events from all of your organization’s repositories, check out the GitHub API documentation for Organization Webhooks.

Here is an example:

github_hook { 'authenticator/owner/repo:web':
  ensure => 'present',
  active => 'true',
  config => {'content_type' => 'form', 'insecure_ssl' => '0', 'url' => 'https://myurl.com'},
  events => ['push'],
}

github_organization

Allows you to manage a GitHub organization.

Here is an example on how to do this:

github_organization { 'account/organization':
  ensure        => 'present',
  billing_email => 'billing@company.org',
  blog          => 'https://www.enterprisemodules.com',
  description   => 'A github organization',
  email         => 'info@company.org',
  location      => 'The Netherlands',
}

github_repo

Allows you to create and manage GitHub repos. This includes repositories owned by the authenticated user, repositories where the authenticated user is a collaborator, and repositories that the authenticated user has access to through an organization membership.

Here is an example on how to do this:

github_repo { 'account/owner/repo':
  ensure        => 'present',
  description   => 'Just some text.',
  has_issues    => 'true',
  has_wiki      => 'true',
  homepage      => 'http://www.enterprisemodules.com/',
}

github_team

Allows you to manage a github team. Here is an example on how to do this:

github_team { 'authentication/organization/team_name':
  ensure      => 'present',
  description => 'My first team',
  members     => ['jim', 'spock', 'checkov']
  privacy     => 'secret',
}

github_team_repo

Allows you to manage the repo’s that are visible by team members. Here is an example on how to add a repository to a team.

github_team_repo { 'acount/organization/team:owner/repo':
  ensure      => 'present',
  permissions => 'pull',
}

Get started

Is this interesting for you? If so please check out the documentation for more details. Trying out our modules on a VirtualBox development environment is FREE. Contact us if you want to get started with this module in your own infrastructure.

Comments