DEV Community: sujay malghan The latest articles on DEV Community by sujay malghan (@sujay_malghan_). https://dev.to/sujay_malghan_ https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1504999%2F3b7ed4c6-7cd7-4a8f-afde-ae9e2ac4b519.jpg DEV Community: sujay malghan https://dev.to/sujay_malghan_ en RepoGuardian: Auto-Fix GitHub Repos with Pulumi and Python sujay malghan Sun, 30 Mar 2025 10:19:53 +0000 https://dev.to/sujay_malghan_/repoguardian-auto-fix-github-repos-with-pulumi-and-python-5bi https://dev.to/sujay_malghan_/repoguardian-auto-fix-github-repos-with-pulumi-and-python-5bi <p><em>This is a submission for the <a href="https://dev.to/challenges/pulumi">Pulumi Deploy and Document Challenge</a>: Get Creative with Pulumi and GitHub</em></p> <h2> What I Built </h2> <p>I built RepoGuardian, a GitHub repository linter and auto-fixer using Pulumi Automation API and the Pulumi GitHub Provider, fully written in Python.</p> <p>RepoGuardian scans all repositories under a GitHub account or organization, checks for missing <code>README.md</code> and <code>LICENSE</code> files, and automatically commits those files using Pulumi — ensuring consistent documentation across all repositories.</p> <p>It runs fully from Python using the Automation API, with no manual Pulumi CLI steps.</p> <h2> Live Demo Link </h2> <p>This project does not have a web-based demo. It is a backend automation tool meant to be run locally.</p> <h2> Project Repo </h2> <div class="ltag-github-readme-tag"> <div class="readme-overview"> <h2> <img src="https://assets.dev.to/assets/github-logo-5a155e1f9a670af7944dd5e12375bc76ed542ea80224905ecaf878b9157cdefc.svg" alt="GitHub logo"> <a href="https://github.com/sujaymalghan" rel="noopener noreferrer"> sujaymalghan </a> / <a href="https://github.com/sujaymalghan/repo-guardian" rel="noopener noreferrer"> repo-guardian </a> </h2> <h3> </h3> </div> <div class="ltag-github-body"> <div id="readme" class="md"> <div class="markdown-heading"> <h1 class="heading-element">RepoGuardian – GitHub Repository Linter and Auto-Fixer</h1> </div> <p>RepoGuardian is a Python-based automation tool that audits and fixes common hygiene issues across GitHub repositories. It scans all repositories in a GitHub account or organization, detects missing standard files (like README and LICENSE), and automatically commits them using Pulumi’s GitHub Provider and Automation API.</p> <p>This project was built for the "Get Creative with Pulumi + GitHub" Hackathon.</p> <div class="markdown-heading"> <h2 class="heading-element">Overview</h2> </div> <p>RepoGuardian addresses a common challenge in GitHub repository management: maintaining consistency and proper documentation across multiple repositories.</p> <p>It uses Pulumi's infrastructure-as-code approach not for cloud resources, but to programmatically manage and correct GitHub repositories.</p> <div class="markdown-heading"> <h2 class="heading-element">Features</h2> </div> <ul> <li>Scans all repositories in a GitHub account or organization</li> <li>Detects: <ul> <li>Missing <code>README.md</code> </li> <li>Missing <code>LICENSE</code> </li> </ul> </li> <li>Automatically fixes the issues by committing files using Pulumi</li> <li>Skips empty repositories with no commits</li> <li>Fully automated using Pulumi Automation API</li> <li>Requires no Pulumi CLI usage</li> </ul> <div class="markdown-heading"> <h2 class="heading-element">Technology Stack</h2> </div> <ul> <li>Python 3.x</li> <li>Pulumi Automation API</li> <li>Pulumi GitHub…</li> </ul> </div> </div> <div class="gh-btn-container"><a class="gh-btn" href="https://github.com/sujaymalghan/repo-guardian" rel="noopener noreferrer">View on GitHub</a></div> </div> <p>The repository includes:</p> <ul> <li>Python source code (<code>main.py</code>, <code>fixer.py</code>, <code>linter.py</code>)</li> <li> <code>.env.example</code> for environment config</li> <li>README with detailed usage instructions</li> <li>MIT License</li> </ul> <h2> My Journey </h2> <p>My goal was to explore how Pulumi could be used beyond infrastructure — to automate GitHub itself.</p> <p>I started by writing a linter using PyGitHub to scan for missing <code>README.md</code> and <code>LICENSE</code>. Then I integrated Pulumi’s Automation API to dynamically generate a Pulumi program per repository and apply the missing files using the GitHub Provider.</p> <h3> Key steps: </h3> <ol> <li>Built a repo linter using PyGitHub</li> <li>Integrated Pulumi Automation API for programmatic IaC</li> <li>Used <code>github.RepositoryFile</code> to add missing files</li> <li>Skipped empty repositories (no commits)</li> <li>Handled default branch detection for each repo</li> </ol> <h3> Challenges: </h3> <ul> <li>Handling 404 errors from empty repos</li> <li>Making sure Pulumi runs without CLI</li> <li>Passing environment configs securely</li> </ul> <p>This project taught me how infrastructure-as-code can apply to GitHub workflows — and how powerful Pulumi becomes when combined with API-based automation.</p> <h2> Using Pulumi with GitHub </h2> <p>Pulumi was central to this project:</p> <ul> <li>Automation API was used to run everything directly from Python</li> <li>GitHub Provider managed files like <code>README.md</code> and <code>LICENSE</code> inside repos</li> </ul> <p>This approach meant no Pulumi CLI commands, no YAML files — just Python and clean automation logic.</p> <p>I did not use Pulumi Copilot. All logic was implemented manually based on documentation.</p> <h2> Installation &amp; Usage </h2> <p>Follow these steps to install and run <strong>RepoGuardian</strong>:</p> <h3> 1. Clone the Repository </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/sujaymalghan/repo-guardian.git <span class="nb">cd </span>repo-guardian </code></pre> </div> <h3> 2. Set Up a Virtual Environment </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python <span class="nt">-m</span> venv venv <span class="nb">source </span>venv/bin/activate <span class="c"># macOS/Linux</span> <span class="c"># OR</span> venv<span class="se">\S</span>cripts<span class="se">\a</span>ctivate <span class="c"># Windows</span> </code></pre> </div> <h3> 3. Install Dependencies </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt </code></pre> </div> <h3> 4. Configure Environment Variables </h3> <p>Create a <code>.env</code> file in the root directory with the following content:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>GITHUB_TOKEN=your_github_token GITHUB_OWNER=your_github_username_or_org PULUMI_ACCESS_TOKEN=your_pulumi_token PULUMI_CONFIG_PASSPHRASE= </code></pre> </div> <blockquote> <p>Note: Make sure the GitHub token has access to your repos, and the Pulumi token is valid.</p> </blockquote> <h3> 5. Run the Tool </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python main.py </code></pre> </div> <p>This will:</p> <ul> <li>Scan all repositories under your GitHub account or organization</li> <li>Detect missing <code>README.md</code> or <code>LICENSE</code> files</li> <li>Automatically commit those files using Pulumi</li> </ul> <p>Thanks to the Pulumi and DEV teams for hosting this challenge.<br><br> This was a great opportunity to explore creative uses of Pulumi and build something meaningful for GitHub workflows.</p> devchallenge pulumichallenge github api