From 47eb52626b73e194f14e0710e479548fbcf5b0c5 Mon Sep 17 00:00:00 2001 From: UnstoppableMango Date: Sat, 13 Jun 2026 18:24:39 -0500 Subject: [PATCH 1/2] Spruce up the readme --- README.md | 40 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2462de9..c5dd2b4 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,39 @@ -# github +# unmango/github -The parts of GitHub we manage with IaC +GitHub organization configuration as code. Repositories, branch protection, and settings managed via [Pulumi](https://www.pulumi.com/). + +## What is this? + +This repository replaces manual GitHub UI configuration with declarative TypeScript. Rather than configuring repositories through the GitHub UI, settings are version-controlled, reviewed via pull request, and applied programmatically. + +**Pulumi** is an infrastructure-as-code tool that lets you describe infrastructure (GitHub repos, AWS resources, Kubernetes clusters, etc.) using real programming languages instead of domain-specific configuration languages like HCL. It tracks deployed state and computes diffs between desired and actual configuration, the same mental model as `kubectl apply` or `terraform plan/apply`. + +## What's managed here + +Every public repository under [@unmango](https://github.com/unmango) is defined in [`index.ts`](./index.ts). Each repo gets: + +- **Branch protection** on `main`: required PRs, stale review dismissal, required status checks, commit signatures, linear history +- **Consistent merge settings**: squash-only, delete branch on merge, no auto-merge +- **MIT license** and vulnerability alerts enabled by default + +Private repos use a minimal configuration without branch rulesets. + +## Structure + +``` +index.ts # All repos declared here +components/ + repo.ts # Base class: shared defaults for all repos + publicRepo.ts # Adds branch ruleset enforcement + privateRepo.ts # Private visibility, no rulesets +``` + +`PublicRepo` and `PrivateRepo` extend a shared base component. Adding a new repo means instantiating one of these classes with a name, description, and the CI check names that must pass before merging. + +## Usage + +```bash +make preview # Dry run — see what would change +make diff # Detailed diff of pending changes +make up # Apply changes to GitHub +``` From 3e8458959fe145852aeb07c9f02198f0cf1ef048 Mon Sep 17 00:00:00 2001 From: Erik Rasmussen Date: Sat, 13 Jun 2026 18:26:58 -0500 Subject: [PATCH 2/2] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c5dd2b4..bece442 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,8 @@ This repository replaces manual GitHub UI configuration with declarative TypeScr Every public repository under [@unmango](https://github.com/unmango) is defined in [`index.ts`](./index.ts). Each repo gets: -- **Branch protection** on `main`: required PRs, stale review dismissal, required status checks, commit signatures, linear history -- **Consistent merge settings**: squash-only, delete branch on merge, no auto-merge +- **Branch protection** on the default branch (usually `main`): required PRs, stale review dismissal, required status checks, commit signatures, linear history +- **Consistent merge settings**: squash-only, delete branch on merge, auto-merge enabled - **MIT license** and vulnerability alerts enabled by default Private repos use a minimal configuration without branch rulesets.