Terraform configuration for the stuzzicadenti-ag GitHub organization.
- Repository creation and settings
- Branch structure (
devdefault +mainproduction) - Branch protection rules (main: no force push, no delete, dismiss stale reviews)
- GitHub Pages configuration
- Repository topics and metadata
| Item | Location |
|---|---|
| Terraform state | Local, committed to git (shared with team) |
GITHUB_TOKEN |
Local env var (PAT, never committed) |
GITHUB_ORG_TOKEN |
GitHub org secret for CI/CD |
State is local and committed — it contains only public repo metadata (no secrets). This lets the team collaborate without needing Terraform Cloud. Migrate to remote state when the team grows.
PR to main ──→ fmt check ──→ validate ──→ plan (comment on PR)
Push to main ──→ init ──→ apply (auto-approve)
Workflow: .github/workflows/terraform.yml
| Repo | Type | Pages |
|---|---|---|
infrastructure |
IaC | No |
stuzzicadenti-test |
Test / Sandbox | No |
stuzzicadenti |
Toothpick showcase | Yes |
duelstake |
Gaming platform | Yes |
travel-planner |
Travel app | Yes |
cv-builder |
CV builder | Yes |
swapmart |
Swiss marketplace | Yes |
# Local (requires TF Cloud login)
terraform login
terraform init
terraform plan
terraform applyAdd a module block in main.tf:
module "my_new_repo" {
source = "./modules/repo"
org = var.org
name = "my-new-repo"
description = "Description here"
topics = ["tag1", "tag2"]
has_pages = true
}Then open a PR — CI will run terraform plan and comment the diff.
Install pre-commit, then pre-commit install.
Hooks: terraform_fmt, terraform_validate, detect-private-key, no-commit-to-branch (main).