diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index 6829844..4f47190 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -14,3 +14,5 @@ jobs:
 
       - name: Conventional commit check
         uses: cocogitto/cocogitto-action@v4
+        with:
+          command: check
diff --git a/.github/workflows/terragrunt_apply.yml b/.github/workflows/terragrunt_apply.yml
new file mode 100644
index 0000000..4ff3b8a
--- /dev/null
+++ b/.github/workflows/terragrunt_apply.yml
@@ -0,0 +1,65 @@
+---
+name: Terragrunt Apply
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "github/**"
+      - ".github/workflows/terragrunt_apply.yml"
+
+jobs:
+  terragrunt_apply:
+    runs-on: ubuntu-latest
+    name: Run Terragrunt Apply for GitHub Directory
+    permissions:
+      contents: read
+      issues: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Setup OpenTofu
+        uses: opentofu/setup-opentofu@v1
+        with:
+          tofu_version: 1.8.1
+
+      - name: Setup Terragrunt
+        run: |
+          wget https://github.com/gruntwork-io/terragrunt/releases/download/v0.67.16/terragrunt_linux_amd64
+          chmod +x terragrunt_linux_amd64
+          sudo mv terragrunt_linux_amd64 /usr/local/bin/terragrunt
+          terragrunt --version
+
+      - name: Configure MinIO credentials (for S3 backend)
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.MINIO_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.MINIO_SECRET_ACCESS_KEY }}
+        run: |
+          echo "MinIO credentials configured"
+
+      - name: Run Terragrunt Apply
+        working-directory: ./github
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.MINIO_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.MINIO_SECRET_ACCESS_KEY }}
+          GITHUB_TOKEN: ${{ secrets.TERRAGRUNT_GITHUB_API_TOKEN }}
+        run: |
+          terragrunt run-all apply --terragrunt-non-interactive
+
+      - name: Create Issue on Failure
+        if: failure()
+        uses: actions/github-script@v7
+        with:
+          script: |
+            github.rest.issues.create({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              title: `Terragrunt Apply Failed - ${context.sha.substring(0, 7)}`,
+              body: `❌ Terragrunt apply failed for commit ${context.sha}\n\nWorkflow run: ${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}\n\nPlease check the logs for details.`,
+              labels: ['terragrunt', 'deployment-failure']
+            })
diff --git a/.github/workflows/terragrunt_plan.yml b/.github/workflows/terragrunt_plan.yml
index e380e41..758f0bd 100644
--- a/.github/workflows/terragrunt_plan.yml
+++ b/.github/workflows/terragrunt_plan.yml
@@ -11,6 +11,10 @@ jobs:
   terragrunt_plan:
     runs-on: ubuntu-latest
     name: Run Terragrunt Plan for GitHub Directory
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
 
     steps:
       - name: Checkout code
@@ -43,6 +47,7 @@ jobs:
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.MINIO_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.MINIO_SECRET_ACCESS_KEY }}
+          GITHUB_TOKEN: ${{ secrets.TERRAGRUNT_GITHUB_API_TOKEN }}
         run: |
           terragrunt run-all plan --terragrunt-non-interactive
 
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index c23c5a5..8f75e27 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,10 +1,10 @@
 repos:
 - repo: https://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.96.1
+  rev: v1.103.0
   hooks:
     - id: terragrunt_fmt
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v5.0.0
+  rev: v6.0.0
   hooks:
     - id: check-merge-conflict
     - id: end-of-file-fixer
diff --git a/github/terraform-gh-modules/repos/dotgithub/terragrunt.hcl b/github/terraform-gh-modules/repos/dotgithub/terragrunt.hcl
index 1c7899a..d612cee 100644
--- a/github/terraform-gh-modules/repos/dotgithub/terragrunt.hcl
+++ b/github/terraform-gh-modules/repos/dotgithub/terragrunt.hcl
@@ -2,8 +2,8 @@ terraform {
   source = "tfr:///mineiros-io/repository/github?version=0.18.0"
 }
 
-include {
-  path = find_in_parent_folders()
+include "root" {
+  path = find_in_parent_folders("root.hcl")
 }
 
 # Indicate what region to deploy the resources into
diff --git a/github/unicornops/repos/family-chat/terragrunt.hcl b/github/unicornops/repos/family-chat/terragrunt.hcl
new file mode 100644
index 0000000..a961286
--- /dev/null
+++ b/github/unicornops/repos/family-chat/terragrunt.hcl
@@ -0,0 +1,35 @@
+terraform {
+  source = "tfr:///mineiros-io/repository/github?version=0.18.0"
+}
+
+include "root" {
+  path = find_in_parent_folders("root.hcl")
+}
+
+# Indicate what region to deploy the resources into
+generate "provider" {
+  path      = "provider.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<EOF
+provider "github" {
+  owner = "${local.org_vars.github_owner}"
+}
+terraform {
+  backend "s3" {}
+}
+EOF
+}
+
+locals {
+  org_vars  = yamldecode(file(find_in_parent_folders("org.yaml")))
+  repo_name = basename(get_terragrunt_dir())
+}
+
+inputs = {
+  name                 = local.repo_name
+  vulnerability_alerts = true
+  visibility           = "private"
+  description          = "Repo for the family chat project"
+  has_issues           = true
+  has_wiki             = true
+}