Team Topology
Logos codifies the team structure that all platform tooling — GitHub, GCP, and Datadog — reflects. Every team, its repositories, and its observability scope are defined here and flow downstream.
- GitHub teams: Hierarchical parent/child teams with membership and repository access managed as code; four standard child teams (sandbox-approvers, non-production-approvers, production-approvers, repository-administrators) are created for every team
- GitHub repositories: Repositories are registered in pt-logos and provisioned with standard settings — squash-only merges, repository rulesets enforcing PR reviews and signed commits, Datadog webhooks, and standard repository files (release notes config, security policy)
- Datadog teams: Observability team structure mirrors GitHub teams; each team gets a service account with a per-team API key and app key stored as GitHub Actions secrets in that team's repositories
Team Configuration Schema
Each team is defined as an entry in the teams map inside a .tfvars file under teams/. The schema below documents every available field — click any object or map to expand its properties.
Team display name. Title Case; spaces and the lowercase word "and" are allowed.
Inline comment rendered after display_name in the tfvars file. Used for the team etymology blurb. Also used as the `description` frontmatter on the team's docs index page; render_team_docs_index and open_team_docs_pr require this field to be non-empty — an empty string will produce a docs_input_invalid error.
Team Topologies type. Must match the team_key prefix.
"platform-team""stream-aligned-team""complicated-subsystem-team""enabling-team"Components
| Component | Description |
|---|---|
team | A platform or stream-aligned team with a name, type, and member list |
github-team | A GitHub team mirroring the Logos team — controls repo access |
repository | A GitHub repository registered in Logos with standard settings and branch protection |
branch-protection | Rules applied to default branch: required reviews, status checks, no force push |
datadog-team | An observability team in Datadog mirroring the Logos team — owns dashboards and monitors |
Core Invariants
- Every team definition produces exactly one set of GCP, GitHub, and Datadog resources.
- Every provisioned GitHub repository has signed commits required, linear history enforced, and PR review active — the branch ruleset is hardcoded with
enforcement = "active"and no variable to disable it.