Safe-settings
– an app to manage policy-as-code and apply repository settings to repositories across an organization.
- In
safe-settings
all the settings are stored centrally in anadmin
repo within the organization. This is important. Unlike Settings Probot, the settings files cannot be in individual repositories. - There are 3 levels at which the settings could be managed:
- Org-level settings are defined in
.github/settings.yml
Suborg
level settings. Asuborg
is an arbitrary collection of repos belonging to projects, business units, or teams. Thesuborg
settings reside in a yaml file for eachsuborg
in the.github/suborgs
folder.Repo
level settings. They reside in a repo specific yaml in.github/repos
folder
- Org-level settings are defined in
- It is recommended to break the settings into org-level, suborg-level, and repo-level units. This will allow different teams to be define and manage policies for their specific projects or business units.With
CODEOWNERS
, this will allow different people to be responsible for approving changes in different projects.
Note: The settings file must have a .yml
extension only. .yaml
extension is ignored, for now.