django-commons
diff --git a/‎.github/workflows/add_member.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/add_member.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/member-verification.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/member-verification.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/apply.yml‎ ‎.github/workflows/members-apply.yml‎.github/workflows/apply.yml renamed to .github/workflows/members-apply.yml
Lines changed: 16 additions & 19 deletions b/‎.github/workflows/apply.yml‎ ‎.github/workflows/members-apply.yml‎.github/workflows/apply.yml renamed to .github/workflows/members-apply.yml
Lines changed: 16 additions & 19 deletions
diff --git a/‎.github/workflows/plan.yml‎ ‎.github/workflows/members-plan.yml‎.github/workflows/plan.yml renamed to .github/workflows/members-plan.yml
Lines changed: 18 additions & 19 deletions b/‎.github/workflows/plan.yml‎ ‎.github/workflows/members-plan.yml‎.github/workflows/plan.yml renamed to .github/workflows/members-plan.yml
Lines changed: 18 additions & 19 deletions
diff --git a/‎.github/workflows/repos-apply.yml‎
Lines changed: 51 additions & 0 deletions b/‎.github/workflows/repos-apply.yml‎
Lines changed: 51 additions & 0 deletions
diff --git a/‎.github/workflows/repos-plan.yml‎
Lines changed: 60 additions & 0 deletions b/‎.github/workflows/repos-plan.yml‎
Lines changed: 60 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 0 additions & 1 deletion b/‎.gitignore‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎docs/projects.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/projects.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎scripts/add_member.py‎
Lines changed: 1 addition & 1 deletion b/‎scripts/add_member.py‎
Lines changed: 1 addition & 1 deletion
@@ -29,7 +29,7 @@ jobs:
           python-version: '3.12'
 
       - name: Checkout code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v6  # zizmor: ignore[unpinned-uses]
         with:
           # This is the default, but it's required since we are performing
           # Git operations later on.
@@ -94,7 +94,7 @@ jobs:
 
       - name: Commit changes
         run: |
-          git add terraform/production/org.tfvars
+          git add terraform/org.tfvars
           git commit -m "Add ${USERNAME} to django-commons"
           git push origin ${BRANCH_NAME}
 
 
@@ -13,7 +13,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v6  # zizmor: ignore[unpinned-uses]
         with:
           persist-credentials: false
 
 
@@ -1,54 +1,51 @@
-name: "Apply org changes"
+name: "Apply org membership changes"
 
 on:
   push:
     branches:
       - main
     paths:
-      - 'terraform/production/*.tfvars'
-      - 'terraform/*.tf'
-      - '.github/workflows/apply.yml'
-      - '.github/workflows/plan.yml'
+      - 'terraform/org.tfvars'
+      - 'terraform/members/*.tf'
+      - '.github/workflows/members-apply.yml'
+      - '.github/workflows/members-plan.yml'
 
 concurrency:
-  group: terraform-actions
+  group: terraform-actions-members
 
 jobs:
-  apply-changes:
-    name: "Org changes apply"
+  org-apply-changes:
+    name: "Apply org membership changes"
     runs-on: ubuntu-latest
 
     permissions:
       contents: read
       pull-requests: write
-
     timeout-minutes: 10
-
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v6  # zizmor: ignore[unpinned-uses]
         with:
           persist-credentials: false
       - name: terraform apply
-        # v1.44.0
-        uses: dflook/terraform-apply@5489b988934a50bf1489d5b7c5253b46520a7dca
+        uses: dflook/terraform-apply@8f47d0ad9f3cb9e50fd6b3595c0cb98f00c518df # v2.2.2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           TERRAFORM_ACTIONS_GITHUB_TOKEN: ${{ secrets.TERRAFORM_MANAGEMENT_GITHUB_TOKEN }}
         with:
-          path: "terraform"
+          auto_approve: true
+          path: "terraform/members"
+          label: 'members'
           variables: |
             github_token = "${{ secrets.TERRAFORM_MANAGEMENT_GITHUB_TOKEN }}"
           var_file: |
-            terraform/production/org.tfvars
-            terraform/production/repositories.tfvars
+            terraform/org.tfvars
 
       - name: Commit changes
         if: ${{ always() }}
-        # v0.10.0
-        uses: devops-infra/action-commit-push@8a2d9d73c3f506468129be2e4409e60dbed70357
+        uses: devops-infra/action-commit-push@8a2d9d73c3f506468129be2e4409e60dbed70357 # v1.0.3
         with:
           github_token: ${{ secrets.TERRAFORM_MANAGEMENT_GITHUB_TOKEN }}
           commit_prefix: "[AUTO]"
-          commit_message: "State changes after apply"
+          commit_message: "Members state changes after apply"
           force: false
@@ -1,16 +1,16 @@
-name: "Plan org changes and list them in a PR"
+name: "Plan org membership changes and list them in a PR"
 on:
   pull_request:
     branches:
       - main
     paths:
-      - 'terraform/production/*.tfvars'
-      - 'terraform/*.tf'
-      - '.github/workflows/apply.yml'
+      - 'terraform/org.tfvars'
+      - 'terraform/members/*.tf'
+      - '.github/workflows/members-apply.yml'
       # Do not trigger the plan action when it's been changed since this action has write permissions
 
 concurrency:
-  group: terraform-actions
+  group: terraform-actions-members
 
 jobs:
   format-terraform-code:
@@ -19,43 +19,42 @@ jobs:
     permissions:
       contents: read
       pull-requests: write
-    timeout-minutes: 10
+    timeout-minutes: 4
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v6  # zizmor: ignore[unpinned-uses]
         with:
           persist-credentials: false
 
       - name: terraform fmt check
-        # v2.2.2
-        uses: dflook/terraform-fmt-check@59168426e242f665bf7b70644d706224e665056a
+        uses: dflook/terraform-fmt-check@10eaa13fa61437aa51be2d12fafe95f152e3512d  # v2.2.2
         with:
-          path: "terraform"
+          path: "terraform/members"
 
-  plan-changes:
-    name: "Org changes plan"
+  org-plan-changes:
+    name: "Plan org membership changes and list them in a PR"
     runs-on: ubuntu-latest
-    needs: [ "format-terraform-code" ]
+    needs: ["format-terraform-code"]
     permissions:
       pull-requests: write
       contents: read
+    timeout-minutes: 10
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v6  # zizmor: ignore[unpinned-uses]
         with:
           persist-credentials: false
 
       - name: terraform plan
-        # v1.44.0
-        uses: dflook/terraform-plan@7878bff63e2099cdc9be9a6f33cbbbf687f8f0fe
+        uses: dflook/terraform-plan@dc251c444763eed5defd065b866874b6343017ca  # v2.2.2
         env:
           TERRAFORM_ACTIONS_GITHUB_TOKEN: ${{ secrets.TERRAFORM_MANAGEMENT_GITHUB_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           add_github_comment: true
-          path: "terraform"
+          path: "terraform/members"
+          label: 'members'
           variables: |
             github_token = "${{ secrets.TERRAFORM_MANAGEMENT_GITHUB_TOKEN }}"
           var_file: |
-            terraform/production/org.tfvars
-            terraform/production/repositories.tfvars
+            terraform/org.tfvars
@@ -0,0 +1,51 @@
+name: "Apply org repositories changes"
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'terraform/repositories.tfvars'
+      - 'terraform/repositories/*.tf'
+      - '.github/workflows/repos-apply.yml'
+      - '.github/workflows/repos-plan.yml'
+
+concurrency:
+  group: terraform-actions-repos
+
+jobs:
+  repos-apply-changes:
+    name: "Apply org-repositories changes"
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      pull-requests: write
+    timeout-minutes: 10
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6  # zizmor: ignore[unpinned-uses]
+        with:
+          persist-credentials: false
+      - name: terraform apply
+        uses: dflook/terraform-apply@8f47d0ad9f3cb9e50fd6b3595c0cb98f00c518df # v2.2.2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TERRAFORM_ACTIONS_GITHUB_TOKEN: ${{ secrets.TERRAFORM_MANAGEMENT_GITHUB_TOKEN }}
+        with:
+          auto_approve: true
+          path: "terraform/repositories"
+          label: 'repositories'
+          variables: |
+            github_token = "${{ secrets.TERRAFORM_MANAGEMENT_GITHUB_TOKEN }}"
+          var_file: |
+            terraform/repositories.tfvars
+
+      - name: Commit changes
+        if: ${{ always() }}
+        uses: devops-infra/action-commit-push@8a2d9d73c3f506468129be2e4409e60dbed70357 # v1.0.3
+        with:
+          github_token: ${{ secrets.TERRAFORM_MANAGEMENT_GITHUB_TOKEN }}
+          commit_prefix: "[AUTO]"
+          commit_message: "Repositories state changes after apply"
+          force: false
@@ -0,0 +1,60 @@
+name: "Plan org repositories changes and list them in a PR"
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'terraform/repositories.tfvars'
+      - 'terraform/repositories/*.tf'
+      - '.github/workflows/repos-apply.yml'
+      # Do not trigger the plan action when it's been changed since this action has write permissions
+
+concurrency:
+  group: terraform-actions-repos
+
+jobs:
+  format-terraform-code:
+    name: "Check Terraform code formatting"
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    timeout-minutes: 4
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6  # zizmor: ignore[unpinned-uses]
+        with:
+          persist-credentials: false
+
+      - name: terraform fmt check
+        uses: dflook/terraform-fmt-check@10eaa13fa61437aa51be2d12fafe95f152e3512d  # v2.2.2
+        with:
+          path: "terraform/repositories"
+
+  repos-plan-changes:
+    name: "Plan org-repositories changes and list them in a PR"
+    runs-on: ubuntu-latest
+    needs: ["format-terraform-code"]
+    permissions:
+      pull-requests: write
+      contents: read
+    timeout-minutes: 10
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6  # zizmor: ignore[unpinned-uses]
+        with:
+          persist-credentials: false
+
+      - name: terraform plan
+        uses: dflook/terraform-plan@dc251c444763eed5defd065b866874b6343017ca  # v2.2.2
+        env:
+          TERRAFORM_ACTIONS_GITHUB_TOKEN: ${{ secrets.TERRAFORM_MANAGEMENT_GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          add_github_comment: true
+          path: "terraform/repositories"
+          label: 'repos'
+          variables: |
+            github_token = "${{ secrets.TERRAFORM_MANAGEMENT_GITHUB_TOKEN }}"
+          var_file: |
+            terraform/repositories.tfvars
@@ -1,7 +1,6 @@
 *.backup
 notes.txt
 .terraform
-.terraform.lock.hcl
 .idea
 .dflook-terraform-github-actions
 tags
@@ -2,7 +2,7 @@
 
 These are the projects that have joined Django commons and the dates they joined.
 The true list of projects can be found in the 
-[repositories.tfvars](https://github.com/django-commons/membership/blob/main/terraform/production/repositories.tfvars) file.
+[repositories.tfvars](https://github.com/django-commons/membership/blob/main/terraform/repositories.tfvars) file.
 
 - django-valkey: 2025-06-17
 - django-prometheus: 2025-06-17
 
@@ -1,7 +1,7 @@
 import re
 import sys
 
-TERRAFORM_ORG_FILE = "./terraform/production/org.tfvars"
+TERRAFORM_ORG_FILE = "./terraform/org.tfvars"
 
 
 def add_member(content, new_member_name, team_name):