Managing thousands of repositories across hundreds of users in GitHub can become very complex and tedious. You'll want basic naming conventions on repositories and teams, ways to manage users in those teams, roles, and security settings enforced as a minimum. The Terraform provider for GitHub allows us to manage our GitHub organization as a platform, just like any other infrastructure. Doing this will reduce technical debt when onboarding, provide ongoing supportability and give a defined team interaction mode of X-as-a-Service.

This open-source repository is an example of Infrastructure as Code (IaC) for managing a GitHub organization using Terraform, concepts from Team Topologies, and sensible default practices.

Currently, we have the following services interfaces defined by the beta GitHub Issue Forms:

• Add or update membership
• Add or update repository

Any issue created by an exposed service interface in any platform we build is labeled as a good first issue and documented to make completion of the work possible within the individual author's cognitive load. These issues align with one of our key concepts of cultivating and developing a strong pool of talented individuals ready to take on work and grow within the organization. They are helping new Infrastructure as Code engineers learn the GitHub flow through muscle memory. Large organizations will fail at Infrastructure as Code if they expect "traditional" infrastructure engineers to take on all the cognitive load of learning and treating infrastructure like code while learning cloud platforms. They are left with, at best, poor automation practices, not Infrastructure as Code.

After we merge a pull request, we use GitHub reusable workflows with OIDC to our Google Cloud Terraform backend Platform to run the terraform plan and use GitHub environments with a required reviewers protection rule before the apply job runs. Giving the author of the pull request a chance to look over the Terraform plan in detail and validate the changes are what they expect.

We also use Dependabot and reusable workflows to keep all our actions and terraform provider dependencies up to date. Along with CODEOWNERS to ensure the correct platform team is requested to review. The notifications are a bit noisy right now, but we hope to see an option to make a pull request draft by default so code reviewers will only receive notification once the pull request is ready for review.

In conclusion, GitHub is an extremely powerful tool that, hands down, enables collaboration and learning across engineers. GitHub powers Infrastructure as Code engineers and software engineers by creating a common language and skill set across the platform and stream-aligned teams with a comprehensive, end-to-end infrastructure and software development solution. With that and organizational design like Team Topologies in place, we see increased success in individuals, teams, organizations, and the software built for their customers.