Contents
Introduction
Managing a GitHub organisation for a community like Geek.Zone presents unique challenges, particularly when relying on manual processes. Previously, new members faced lengthy delays waiting for a human GitHub org owner to add them, negatively impacting their initial experience with Geek.Zone. Similarly, the timely removal of individuals who had left Geek.Zone was not effectively managed, leading to suboptimal maintenance of our GitHub organisation. To address these issues, we’ve developed an automated system using Python, cURL, and OpenTofu (TF), a FOSS fork of Terraform, to ensure that our GitHub organisation always reflects Geek.Zone membership.
Step 1: Transitioning from Manual to Automated Membership Management
The first hurdle in our automation journey was dealing with legacy membership issues. Since TF only has visibility of members listed in the Membermojo membership register, it cannot manage members who are not on this list. This limitation meant that former Geek.Zone members who were added manually were not recognized by the automated system. To overcome this, we had to devise a method to remove these members, so we created a one-time-use Python script to remove these legacy members. This step was critical to ensure that our GitHub organisation reflected our current, active membership, ensuring the initial alignment of the membership records with the automated system. This script was a necessary step for a one-off cleanup, but for regular operations, we prefer the reliability and standardization offered by TF.
Step 2: Downloading the Membership Spreadsheet
The process begins with the automated download of the membership spreadsheet from Membermojo using cURL, providing the essential data for the next steps.
Step 3: Processing the Spreadsheet with Python
Next, a Python script was used to extract GitHub usernames and roles from the spreadsheet, discarding entries without GitHub usernames. The output was a structured JSON file with the membership data.
Step 4: Loading Data into OpenTofu
In TF, we configured a local variable to import this JSON data as a map, ready for integration with the GitHub provider.
Step 5: Efficient Member Management with TF
This step is where the automation process truly shines. TF is now equipped to accurately identify new Geek.Zone members from the processed data, as well as to detect members who have left. Utilising the for_each
construct in TF, we configured the github_membership
resource to loop over the member list. This configuration allows TF to automatically add new members to the GitHub organisation and remove those who are no longer part of Geek.Zone. TF uses its state file to cross-reference the current GitHub organisation members with the updated member list from Membermojo, ensuring that our GitHub organisation’s membership is always synchronized with our actual membership status. This automation not only saves time but also enhances the accuracy and responsiveness of our membership management.
Step 6: Scheduling Regular Updates with GitHub Actions
To ensure up-to-date membership information, GitHub Actions is configured to run the entire process (excluding the initial cleanup) every 30 minutes.
Conclusion
With this automation in place, Geek.Zone now enjoys a more efficient, timely and accurate system for managing its GitHub organisation memberships. This solution, albeit temporary for us until the Geek.Zone/Web platform is fully operational, demonstrates a robust methodology for handling large(ish (in our case))-scale management of identially configured cloud resources using OpenTofu. It’s a significant step forward in our journey towards more streamlined and automated processes.
As always, all our code is open source, so you can take a look for yourself on our GitHub.
Want to join the Geek.Zone/Dev team?
Just complete the Geek.Zone/DevInduction and you’ll be up and running before you can say Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch!