We have dozens of private repositories and we want to encourage our developers to embrace the micro-repo model and reduce as much friction as possible with this. We use a combination of GitHub Enterprise Cloud and SonarCloud to help us ensure high quality in our codebase.
For shortness I will use these abbreviations for the rest of this topic:
- GH for GitHub
- SC for SonarCloud
- TF Terraform
- TFP Terraform Provider
When new GH repositories are created we have a regular check to see that they were added and we configure them with consistent branch protection rules and other common settings. To automate that on the GH side we use the GH TFP, with some templating, so that we can ensure strong consistency, and exceptions. We then just run
TF apply and a few seconds later we know all our repos are configured as expected.
Since one of our branch protections requirements is to have SC checks for our main and release branches enabled, we then have manually to go to the SC UI, find the new repositories, configure them with/without Automatic Analysis, tune the rules as needed. It would be much better if we could extend our existing terraform template to do the bulk of this for us on the terraform side as it would ensure that as soon as the branch rules are set in GH, the project would be guaranteed to be configured on SC at the same time.
This would greatly reduce administrative burden on us, but also make it even easier for our developers to create new repos that will always have the same requirements enabled quickly without additional manual processes.
While we could write scripts that call the SC APIs, having a TFP would simplify this greatly.
Some of the things we would like to see covered, but not a comprehensive list:
- configuration of rules
- configuration of quality gates
- adding new projects
- configuration of the branches to analyze
- removal of projects
- define user groups and permissions