GitHub App powered by AWS Lambda to manage your repositories for you.
-
Enable this app for the scope you want it to have, per-repository or for your whole account/org
-
Customize it!
Configuration is formed through merging three potential configuration sources if they exist, automatedSecurityFixes and vulnerabilityAlerts are always both enabled by default
- This repository base-repo-config.yml
- A specifically named repository in the user/org called
.githubwith a file namedrepo-config.yml. example - A
.github/repo-config.ymlin the repository
vulnerabilityAlerts: true
automatedSecurityFixes: true
branchProtection:
- branch: '__DEFALT_BRANCH__'
# __DEFALT_BRANCH__ is dynamically swapped out for the repository's default branch
required_status_checks:
strict: true
# contexts: ALL
# if you provide the ALL string for contexts, it will apply all the checks that were run last against the branch
contexts:
- build
required_linear_history: true
enforce_admins: false
required_pull_request_reviews: null
restrictions: null
repo:
# see octokit docs for all paramshttps://octokit.github.io/rest.js/v18#repos-update
has_issues: true
has_projects: false
has_wiki: false
is_template: false
allow_squash_merge: true
allow_merge_commit: false
allow_rebase_merge: true
delete_branch_on_merge: true
files:
# You can also specify arbitrary files
'.github/FUNDING.yml': |
github: [yourusername]
'SECURITY.md': |
# Security Policy
## Reporting a Vulnerability
Please contact you@example.comYou only really need to do this if you don't trust me, want to run on-prem GitHub Enterprise or similar use case.
- Create a new GitHub App: https://github.com/settings/apps/new
- Use a temporary Webhook URL
- Download your GitHub App Private Key (i.e.
.pemfile) - Configure this project
- Move
.peminto this project and changeCERTvariable fromserverless.ymlif required - Change
APP_IDto match your new GitHub App
- Deploy this project. Check out https://serverless.com/framework/docs/getting-started/ for details.
- Update your GitHub App's Webhook URL
- shard the installations, it won't scale well
- support permissions on repo
- manage teams on an org
- manage webhooks
Using this could do all sorts of things, destroy repos, remove access, basically anything your account can do you're granting to this app and it's author(s) and indirectly the authors of anything in the dependency chain. I'd encourage you to do your own due-diligence before enabling it. The authors/maintainers do not accept any liability of any consequences that occur.