Skip to content

Migrate GitHub teams to infrastructure-as-code #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
domdomegg merged 2 commits into from
Oct 3, 2025
Merged

Migrate GitHub teams to infrastructure-as-code #5

domdomegg merged 2 commits into from
Oct 3, 2025
+766 −10

Conversation

@domdomegg
Copy link
Member

@domdomegg domdomegg commented Oct 3, 2025

This PR migrates all existing GitHub teams and repository permissions to be managed through code using Pulumi.

Changes

  • 25 teams added with proper hierarchy (steering-committee → core teams, SDK teams, working groups, interest groups)
  • 67 team members added with their team assignments
  • 21 repositories configured with team access permissions
  • New for managing repository permissions
  • Refactored to use config-driven approach
  • All MCP teams marked as GitHub-only with

What's managed

  • Team structure and hierarchy
  • Team memberships
  • Repository collaborator access (authoritative mode)

What's NOT managed

Next steps

Before merging:

  1. Run make preview to see what Pulumi will change
  2. Review the preview output for any unexpected changes
  3. Communicate migration plan to team members
  4. Deploy during a planned maintenance window

@domdomegg
Migrate GitHub teams to infrastructure-as-code
0c48efe 
- Add 25 teams with proper hierarchy (steering-committee, SDK teams, working groups, interest groups)
- Add 67 team members with their assignments
- Add repository access configuration for all 21 repositories
- Refactor github.ts to use config-driven approach with repoAccess.ts
- Mark all MCP teams as GitHub-only with onlyOnPlatforms
- Use RepositoryCollaborators for authoritative access management

Note: GitHub Projects V2 permissions are not yet supported by Pulumi and must be managed manually. See pulumi/pulumi-github#1006
@domdomegg
Add individual user collaborators to repository access
efee47a 
Preserves direct collaborator access for users who have explicit permissions outside of team membership, including:
- jspahrsummers: admin on multiple core repos
- Go SDK collaborators (neild, rsc, rolandshoemaker, h9jiang)
- C# SDK collaborators (jeffhandley, MackinnonBuck, jozkee, localden, PederHP)
- Rust SDK collaborators (jamadeo, jokemanfire, 4t145)
- Inspector collaborators (richardkmichael, olaservo, an-dustin, ashwin-ant)
- Financial services IG collaborators (aniabot, imfing, sambhav, KengoA, nitsanh)
- And others

Without this, RepositoryCollaborators (authoritative mode) would remove all individual user access.
@domdomegg domdomegg changed the title Migrate GitHub teams to infrastructure-as-code [do not merge yet] Migrate GitHub teams to infrastructure-as-code Oct 3, 2025
@domdomegg
Copy link
Member Author

domdomegg commented Oct 3, 2025

Approve, but do not merge yet: need to delete the old teams first, which will require coordinating on Discord etc. and timing this all correctly.

@domdomegg domdomegg changed the title [do not merge yet] Migrate GitHub teams to infrastructure-as-code Migrate GitHub teams to infrastructure-as-code Oct 3, 2025
@domdomegg domdomegg merged commit d55acd7 into main Oct 3, 2025
4 checks passed
@domdomegg domdomegg deleted the adamj/migrate-github-teams branch October 3, 2025 21:33
domdomegg added a commit that referenced this pull request Oct 3, 2025
@domdomegg
Migrate GitHub teams to infrastructure-as-code (#5)
7883dbc 
* Migrate GitHub teams to infrastructure-as-code

- Add 25 teams with proper hierarchy (steering-committee, SDK teams, working groups, interest groups)
- Add 67 team members with their assignments
- Add repository access configuration for all 21 repositories
- Refactor github.ts to use config-driven approach with repoAccess.ts
- Mark all MCP teams as GitHub-only with onlyOnPlatforms
- Use RepositoryCollaborators for authoritative access management

Note: GitHub Projects V2 permissions are not yet supported by Pulumi and must be managed manually. See pulumi/pulumi-github#1006

* Add individual user collaborators to repository access

Preserves direct collaborator access for users who have explicit permissions outside of team membership, including:
- jspahrsummers: admin on multiple core repos
- Go SDK collaborators (neild, rsc, rolandshoemaker, h9jiang)
- C# SDK collaborators (jeffhandley, MackinnonBuck, jozkee, localden, PederHP)
- Rust SDK collaborators (jamadeo, jokemanfire, 4t145)
- Inspector collaborators (richardkmichael, olaservo, an-dustin, ashwin-ant)
- Financial services IG collaborators (aniabot, imfing, sambhav, KengoA, nitsanh)
- And others

Without this, RepositoryCollaborators (authoritative mode) would remove all individual user access.
@adelsaydhashim-ux

This comment was marked as spam.

Sign in to view
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@domdomegg @adelsaydhashim-ux