feat: add aws s3 compatible backend

Author: bruzina

.env.tmpl

@@ -1,5 +1,13 @@
+# S3 backend configuration
+AWS_ENDPOINT_URL_S3="https://path.to.your.s3.endpoint"
+AWS_ACCESS_KEY_ID="access-key-id"
+AWS_SECRET_ACCESS_KEY="secret-access-key"
+
+# GitHub App configuration
+GITHUB_OWNER="your-organization"
 GITHUB_APP_ID=1234567
 GITHUB_APP_INSTALLATION_ID=123456789
 GITHUB_APP_PEM_FILE_PATH=./github-app.private-key.pem
 
+# Terraform configuration
 TF_VAR_config="../test.yaml"

.envrc

@@ -1,3 +1,5 @@
 dotenv_if_exists
 
 export GITHUB_APP_PEM_FILE=$(cat "$GITHUB_APP_PEM_FILE_PATH")
+
+TF_WORKSPACE="$GITHUB_OWNER"

README.md

@@ -5,10 +5,19 @@ GitHub organization managed as code.
 ## Features
 
 - **Automated GitHub Organization management** - Define repositories using simple YAML file.
+- **GitOps Workflow** - Manage configurations using pull requests and automate updates using GitHub Actions.
 - **Terraform** - Uses Terraform under the hood to apply changes efficiently.
+- **Terraform State Management** - Stores Terraform state securely in AWS S3.
 - **GitHub App Integration** - Uses a GitHub App for authentication and API interactions.
 
-## Setup
+## Installation and Configuration
+
+- Configure an AWS S3 bucket to store Terraform state files.
+- Set up a GitHub App and its installation to handle authentication and authorization for your GitHub Organization.
+- Implement GitOps by setting up a GitHub repository with:
+  - YAML-based configuration
+  - GitHub workflows
+  - Repository variables and secrets
 
 ### GitHub App
 
@@ -33,6 +42,18 @@ To create a GitHub App and a GitHub App Installation:
     - Install App
       - _your organization_: **Install**
 
+### GitHub Organization as Code
+
+Create GitHub organization YAML configuration file. See [GitHub Organization YAML](#github-organization-yaml) below.
+
+For example:
+
+```yaml
+---
+repositories:
+  - name: .github
+```
+
 ## Usage
 
 ### GitHub Organization Configuration YAML
@@ -59,7 +80,7 @@ Export variables `GITHUB_APP_ID`, `GITHUB_APP_INSTALLATION_ID`, and `GITHUB_APP_
 ```shell
 direnv allow
 # direnv: loading ~/bruzit/github-organization-as-code/.envrc
-# direnv: export +GH_OWNER +GITHUB_APP_ID +GITHUB_APP_INSTALLATION_ID +GITHUB_APP_PEM_FILE
+# direnv: export +AWS_ACCESS_KEY_ID +AWS_ENDPOINT_URL_S3 +AWS_SECRET_ACCESS_KEY +GITHUB_APP_ID +GITHUB_APP_INSTALLATION_ID +GITHUB_APP_PEM_FILE +GITHUB_APP_PEM_FILE_PATH +GITHUB_OWNER +TF_VAR_config
 
 # Use Terraform as you need
 terraform -chdir=terraform init

terraform/config.tf

@@ -5,6 +5,18 @@ terraform {
       version = "~> 6.0"
     }
   }
+
+  backend "s3" {
+    bucket               = "bruzit-terraform-github"
+    workspace_key_prefix = ""
+    key                  = "terraform.tfstate"
+    use_lockfile         = true # Set to false only for non-AWS S3 compatible APIs without "conditional object PUTs" capability
+    region               = "us-east-1"
+
+    # Only for non-AWS S3 compatible APIs
+    skip_credentials_validation = true
+    skip_requesting_account_id  = true
+  }
 }
 
 provider "github" {