Import and configure GitHub repo

infrastructure/github/backend.tf

@@ -0,0 +1,9 @@
+terraform {
+  backend "s3" {
+    bucket         = "c4c-neu-terraform-state-files"
+    key            = "github/terraform.tfstate"
+    region         = "us-east-2"
+    dynamodb_table = "terraform-state-lock"
+    encrypt        = true
+  }
+}

infrastructure/github/imports.tf

@@ -0,0 +1,4 @@
+import {
+  to = github_repository.branch
+  id = "branch"
+}

infrastructure/github/main.tf

@@ -0,0 +1,43 @@
+resource "github_repository" "branch" {
+  name        = "branch"
+  description = "Branch GitHub Admin"
+  visibility  = "public"
+
+  has_downloads   = true
+  has_issues      = true
+  has_projects    = true
+  has_wiki        = true
+  has_discussions = true
+
+  allow_merge_commit = false
+  allow_squash_merge = true
+  allow_rebase_merge = false
+
+  squash_merge_commit_message = "COMMIT_MESSAGES"
+  squash_merge_commit_title   = "COMMIT_OR_PR_TITLE"
+}
+
+resource "github_branch_default" "main" {
+  repository = github_repository.branch.name
+  branch     = "main"
+}
+
+resource "github_branch_protection" "main" {
+  repository_id = github_repository.branch.node_id
+  pattern       = "main"
+
+  required_pull_request_reviews {
+    required_approving_review_count = 2
+    dismiss_stale_reviews           = true
+    require_code_owner_reviews      = true
+  }
+
+  enforce_admins = false
+}
+
+resource "github_repository_collaborator" "collaborators" {
+  for_each   = { for c in var.repository_collaborators : c.username => c }
+  repository = github_repository.branch.name
+  username   = each.value.username
+  permission = each.value.permission
+}

infrastructure/github/providers.tf

@@ -0,0 +1,26 @@
+terraform {
+  required_providers {
+    github = {
+      source  = "integrations/github"
+      version = "~> 6.6"
+    }
+    infisical = {
+      source = "infisical/infisical"
+    }
+  }
+}
+
+provider "github" {
+  owner = "Code-4-Community"
+  token = ephemeral.infisical_secret.github_token.value
+}
+
+provider "infisical" {
+  host = "https://app.infisical.com"
+  auth = {
+    universal = {
+      client_id     = var.infisical_client_id
+      client_secret = var.infisical_client_secret
+    }
+  }
+}

infrastructure/github/secrets.tf

@@ -0,0 +1,20 @@
+ephemeral "infisical_secret" "github_token" {
+  name         = "branch-gh-admin"
+  env_slug     = "dev"
+  workspace_id = var.infisical_workspace_id
+  folder_path  = "/"
+}
+
+
+variable "infisical_client_id" {
+  type = string
+}
+
+variable "infisical_client_secret" {
+  type = string
+}
+
+variable "infisical_workspace_id" {
+  type    = string
+  default = "d1ee8b80-118c-4daf-ae84-31da43261b76"
+}

infrastructure/github/variables.tf

@@ -0,0 +1,13 @@
+variable "repository_collaborators" {
+  description = "List of GitHub users to add as collaborators"
+  type = list(object({
+    username   = string
+    permission = string
+  }))
+  default = [
+    # {
+    #   username   = "example-user"
+    #   permission = "push"
+    # }
+  ]
+}