Infrastructure bootstrap repo for Vault, Terraform, and supporting automation. Everything else hangs off this layer.
- Vault via Portainer stack (
deploy/portainer/stacks/vault/) - Harbor registry stack (
deploy/portainer/stacks/harbor/) - Terraform configuration for GitHub org (
terraform/) - Automation: semantic-release, Renovate nightly, CodeQL, PR labelling
- CI guardrails: compose lint, Renovate config validation, stack checks
make vault-upthen runscripts/vault-setup.sh(or.ps1) to initialise Vault and store GitHub creds.- Copy
terraform/terraform.tfvars.exampletoterraform.tfvars, fill in owner/token (pull from Vault), then runterraform init. - Define repos in
terraform/repositories.tf, runterraform plan/apply. - Deploy additional services through Portainer using the compose files under
deploy/portainer/stacks/.
Full instructions live in BOOTSTRAP.md.
- Releases:
.github/workflows/release.yml(semantic-release + changelog PR) - Dependencies: nightly Renovate run at 03:00 UTC (
.github/workflows/renovate-run.yml, needsRENOVATE_TOKEN) - Security: CodeQL (
.github/workflows/codeql.yml) - PR hygiene: label sync + conventional commit PR labeler
- BOOTSTRAP.md – end-to-end setup
- CONTRIBUTING.md – workflow rules and release process
- agents.md – catalogue of automated workflows
- deploy/portainer/README.md – Portainer stack guide