Infrastructure as Code repository for managing the Container Platform team's GitHub repositories
- Repository setup and architecture
- Creating new repositories
- Importing existing repositories
- Troubleshooting
Important
Only @ministryofjustice/cloud-platform-engineers can do this
- Terraform (~> 1.10)
- GitHub CLI, authenticated with
repoandread:orgscopes
Export a GitHub token for the Terraform provider:
export TF_VAR_github_token="$(gh auth token)"The GitHub Actions workflow (.github/workflows/terraform.yml) handles authentication using the Container Platform Access GitHub App. It runs:
- use
terraform planon pull requests - use
terraform applyon merge tomain
The base branch (main) requires all commits to be signed. Unsigned commits will block your PR from merging. Learn more about signing commits in GitHub's documentation.
1. Generate a GPG key (skip if you already have one):
gpg --full-generate-key
# Choose: RSA, 4096 bits, set an expiry, use the email associated with your GitHub account2. Get your key ID:
gpg --list-secret-keys --keyid-format=long
# Look for the line: rsa4096/XXXXXXXXXXXXXXXX3. Export and add to GitHub:
gpg --armor --export XXXXXXXXXXXXXXXX
# Copy the output (including -----BEGIN/END PGP PUBLIC KEY BLOCK-----)
# Go to: GitHub > Settings > SSH and GPG keys > New GPG key4. Configure Git to sign all commits:
git config --global user.signingkey XXXXXXXXXXXXXXXX
git config --global commit.gpgsign true5. Verify it works:
echo "test" | gpg --clearsign
# If this produces signed output, you're setIf your PR already has unsigned commits, re-sign them:
git rebase --exec 'git commit --amend --no-edit -S' main
git push --force-with-leaseFor more detail, see this GitHub discussion on signing commits.