git-repo
GitHub Repository Creation
Create new GitHub repositories by adding OpenTofu modules to the github-infrastructure repo.
Workflow
1. Gather Parameters
Collect from the user:
| Parameter | Required | Default | Notes |
|---|---|---|---|
name |
Yes | - | kebab-case, e.g. my-new-repo |
description |
Yes | - | One-line description |
visibility |
No | private |
private or public |
is_template |
No | false |
true for template repos |
default_branch |
No | main |
Branch to protect (main or master) |
extra_branches |
No | [] |
Additional branches to protect |
status_checks |
No | ["Claude Code Review", "CodeRabbit", "Lint"] |
CI checks to require |
category |
No | infer | Projects, Specs, Infrastructure, or Templates |
Category inference: name ends with -spec → Specs; ends with -template → Templates; contains infrastructure, ci-, org- → Infrastructure; else → Projects.
2. Clone to Temp Directory
WORK_DIR=$(mktemp -d)
git clone --depth 1 git@github.com:OlechowskiMichal/github-infrastructure.git "$WORK_DIR/github-infrastructure"
cd "$WORK_DIR/github-infrastructure"
git checkout -b feat/add-<repo-name>
All subsequent file operations happen inside $WORK_DIR/github-infrastructure.
3. Create Module Files
Create tofu/repositories/<repo-name>/ with three files. Use the exact templates from references/templates.md.
4. Update Root Module
tofu/main.tf — Add under the correct category comment (# Projects, # Specs, # Infrastructure, # Templates):
module "<module_name>" {
source = "./repositories/<repo-name>"
}
Module name: replace hyphens and dots with underscores, strip leading dots.
tofu/outputs.tf — Add to both repositories and branch_protections outputs under the same category:
# In repositories:
"<repo-name>" = module.<module_name>.repository
# In branch_protections:
"<repo-name>" = module.<module_name>.branch_protection
5. Commit, Push, and Create PR
cd "$WORK_DIR/github-infrastructure"
tofu -chdir=tofu fmt -recursive
git add tofu/
git commit -m "feat: add <repo-name> repository"
git push -u origin feat/add-<repo-name>
gh pr create --title "feat: add <repo-name> repository" --body "Add OpenTofu module for <repo-name>"
6. Clean Up
[ -n "$WORK_DIR" ] && [ -d "$WORK_DIR" ] && rm -rf "$WORK_DIR"
Report the PR URL to the user.
OPA Policy Requirements
CI will reject violations. These are mandatory:
vulnerability_alerts = truedelete_branch_on_merge = trueallow_merge_commit = falseallow_squash_merge = truehas_wiki = falsehas_projects = falsehas_issues = true- Branch protection with
required_status_checksandrequired_pull_request_reviews allows_force_pushes = false,allows_deletions = false- At least 1 approving review
github_branch_protection.extrablock always present (even withfor_each = toset([]))lifecycle { prevent_destroy = true }on repository resourcearchive_on_destroy = true
More from molechowski/agent-skills
dev-task-queue
Persistent cross-session task queue for AI agents using Claude Code Tasks schema. Add, claim, complete, and reassign tasks with move-based locking, dependency tracking (blocks/blockedBy), conversation transcript linking, and staleness detection. Use for: (1) saving tasks for future agent sessions, (2) cross-session task persistence, (3) multi-agent task coordination, (4) linking conversation transcripts to tasks. Triggers: task queue, save task, agent task, queue task, persistent task, cross-session task, task for agent.
2res-x
Fetch X/Twitter tweet content by URL and search X posts. Resolves tweet links that WebFetch cannot scrape. Use for: reading saved X/Twitter links, fetching tweet content from URLs, searching X for posts on a topic, batch-processing X links from notes. Triggers: x.com link, twitter.com link, fetch tweet, read tweet, what does this tweet say, X search, twitter search.
1res-deep
Iterative multi-round deep research with structured analysis frameworks. Use for: deep research on a topic, compare X vs Y, landscape analysis, evaluate options for a decision, deep dive into a technology, comprehensive research with cross-referencing. Triggers: deep research, compare, landscape, evaluate, deep dive, comprehensive research, which is better, should we use.
1res-web
Research topics with web search. Use when: researching a topic or concept, finding current information, answering factual questions, comparing options or technologies. Triggers: research [topic], find out about, what are the best practices for, research the latest on.
1dev-rlm
Recursive codebase analysis using the RLM paradigm. Use when: analyzing large codebases (100+ files), investigating cross-cutting patterns, recursive decomposition of complex code questions, scanning for issues across entire repos. Triggers: analyze this codebase, how does X work across the codebase, scan all files for Y, recursive analysis, RLM.
1git-ship
Commit, create PR, and merge with CI skipped. Disables GitHub Actions workflows via API before push, re-enables after merge. Use when: shipping trivial changes (renames, typos, config), bypassing CI for safe changes, fast-tracking PRs. Triggers: /git-ship, commit and merge skip ci, ship without ci, fast merge.
1