Dev.to

GitHub Access Governance with Pulumi.

This is a submission for the Pulumi Deploy and Document Challenge: Get Creative with Pulumi and GitHub Introduction Managing user access in GitHub at scale is not easy, especially when you have to handle multiple repositories, teams, and permissions across an organization. It becomes even more challenging when you need to ensure security and compliance. That's where Pulumi comes in. It's a powerful Infrastructure as Code (IaC) tool that allows you to define and enforce access policies using familiar programming languages like Python, TypeScript, and Go. Instead of manually managing permissions, you can automate everything with code, making it more efficient and scalable. What I Built I wanted to build a fully automated system where permissions could be managed easily without logging into GitHub every time. With this project, you can define all your user roles and repository access in a simple YAML file, and Pulumi, along with Python & GitHub Actions, will take care of the rest! This is useful for startups, enterprises, open-source projects, or anyone who wants hassle-free, scalable GitHub access management. Live Demo Preparation Note: Make sure pulumi installation is done before. if not kindly refer https://www.pulumi.com/docs/iac/download-install Follow these steps to see the project in action: 1️⃣ Clone the Repository git clone https://github.com/Ajanhari/pulumi-github-access-governance.git cd pulumi-github-access-governance 2️⃣ Set Up Pulumi and Install Dependencies pip install pulumi pulumi-github pyyaml 3️⃣ Configure Pulumi for Your GitHub Organization # Login to Pulumi locally pulumi login --local # Set GitHub Personal Access Token (Replace with actual token) pulumi config set --secret githubToken "" # Initialize a new Pulumi stack named "dev" pulumi stack init dev # Set GitHub organization/owner (Replace 'YourOrgName' with your actual org) pulumi config set github:owner "YourOrgName" # Set GitHub API Base URL pulumi config set github:baseUrl "https://api.github.com" 4️⃣ Modify users.yaml to Assign Roles Edit the file and add/remove users based on your requirements. repositories: repo1: admin: - Ajanthan - Sachin maintain: - maintainer1 write: - Varun - dev2 triage: [] read: [] repo2: admin: - Ajanthan - Sachin write: - Varun 5️⃣ Deploy Changes pulumi up --yes 6️⃣ Verify in GitHub Check your GitHub repository settings to confirm the updated access permissions. 7️⃣ Automate with GitHub Actions Push the updated users.yaml file to the repository and let GitHub Actions handle the provisioning. git add users.yaml git commit -m "Updated user roles" git push origin main GitHub Actions will automatically apply the changes. Project Repo https://github.com/Ajanhari/pulumi-github-access-governance Advantages Centralized User Management – Assign access in one YAML file. Automated Access Control – No manual intervention required. Scalability – Works for hundreds of repositories. Compliance & Security – Logs changes via GitHub Actions. Final Thoughts If you're managing multiple GitHub repositories and looking for a way to automate access governance, Pulumi is definitely worth exploring. It brings the power of Infrastructure as Code to GitHub, making permission management easier, scalable, and more reliable.

Mar 30, 2025 - 04:53
 0
GitHub Access Governance with Pulumi.

This is a submission for the Pulumi Deploy and Document Challenge: Get Creative with Pulumi and GitHub

Introduction

Managing user access in GitHub at scale is not easy, especially when you have to handle multiple repositories, teams, and permissions across an organization. It becomes even more challenging when you need to ensure security and compliance.

That's where Pulumi comes in. It's a powerful Infrastructure as Code (IaC) tool that allows you to define and enforce access policies using familiar programming languages like Python, TypeScript, and Go. Instead of manually managing permissions, you can automate everything with code, making it more efficient and scalable.

What I Built

I wanted to build a fully automated system where permissions could be managed easily without logging into GitHub every time.

With this project, you can define all your user roles and repository access in a simple YAML file, and Pulumi, along with Python & GitHub Actions, will take care of the rest!

This is useful for startups, enterprises, open-source projects, or anyone who wants hassle-free, scalable GitHub access management.

Live Demo Preparation

Note: Make sure pulumi installation is done before. if not kindly refer https://www.pulumi.com/docs/iac/download-install

Follow these steps to see the project in action:

1️⃣ Clone the Repository 

git clone https://github.com/Ajanhari/pulumi-github-access-governance.git
cd pulumi-github-access-governance

2️⃣ Set Up Pulumi and Install Dependencies 

pip install pulumi pulumi-github pyyaml

3️⃣ Configure Pulumi for Your GitHub Organization 

# Login to Pulumi locally
pulumi login --local

# Set GitHub Personal Access Token (Replace with actual token)
pulumi config set --secret githubToken ""

# Initialize a new Pulumi stack named "dev"
pulumi stack init dev

# Set GitHub organization/owner (Replace 'YourOrgName' with your actual org)
pulumi config set github:owner "YourOrgName"

# Set GitHub API Base URL
pulumi config set github:baseUrl "https://api.github.com"

4️⃣ Modify users.yaml to Assign Roles

Edit the file and add/remove users based on your requirements.

repositories:
  repo1:
    admin:
      - Ajanthan
      - Sachin
    maintain:
      - maintainer1
    write:
      - Varun
      - dev2
    triage: []
    read: []
  repo2:
    admin:
      - Ajanthan
      - Sachin
    write:
      - Varun

5️⃣ Deploy Changes 

pulumi up --yes

6️⃣ Verify in GitHub

Check your GitHub repository settings to confirm the updated access permissions.

7️⃣ Automate with GitHub Actions

Push the updated users.yaml file to the repository and let GitHub Actions handle the provisioning.

git add users.yaml
git commit -m "Updated user roles"
git push origin main

GitHub Actions will automatically apply the changes.

Project Repo

https://github.com/Ajanhari/pulumi-github-access-governance

Advantages

  • Centralized User Management – Assign access in one YAML file.
  • Automated Access Control – No manual intervention required.
  • Scalability – Works for hundreds of repositories.
  • Compliance & Security – Logs changes via GitHub Actions.

Final Thoughts

If you're managing multiple GitHub repositories and looking for a way to automate access governance, Pulumi is definitely worth exploring. It brings the power of Infrastructure as Code to GitHub, making permission management easier, scalable, and more reliable.

Read More

Tags:

Previous Article

How to Build Scalable Web Applications with ASP.NET

Next Article

Flexbox Hands-On: A Visual Playground for Learning CSS Layout

Related Posts

DevOps Made Simple: A Beginner’s Guide to Best Open-Source DevOps Projects to Contribute in 2025

DevOps Made Simple: A Beginner’s Guide to Best Open-Sou...

Apr 1, 2025  0

Apr 4, 2025  0

How to Connect Next.js to Google Drive: A Full Guide

How to Connect Next.js to Google Drive: A Full Guide

Mar 4, 2025  0