Repository¶
Definition of a Repository for a GitHub organization, the following properties are supported:
| Key | Value | Description | Notes |
|---|---|---|---|
| name | string | Name of the repository | |
| aliases | list[string] | List of repository alias names, need to add previous name when renaming a repository | |
| description | string or null | Project description | |
| homepage | string or null | Link to the homepage | |
| topics | list[string] | The list of topics of this repository | |
| private | boolean | If the project is private | |
| archived | boolean | If the repo is archived | |
| allow_auto_merge | boolean | If auto merges are permitted | |
| allow_forking | boolean | If the repo allows private forking | |
| allow_merge_commit | boolean | If merge commits are permitted | |
| allow_rebase_merge | boolean | If rebase merges are permitted | |
| allow_squash_merge | boolean | If squash merges are permitted | |
| allow_update_branch | boolean | If pull requests should suggest updates | |
| auto_init | boolean | If the repository shall be auto-initialized during creation | only considered during creation |
| code_scanning_default_setup_enabled | boolean | If the repo has default code scanning enabled | |
| code_scanning_default_query_suite | string | The query suite to use for default code scanning | default or extended, only taken into account when code_scanning_default_setup_enabled is set to true |
| code_scanning_default_languages | list[string] | The folder from which GitHub Pages should be built | actions, c-cpp, csharp, go, java-kotlin, javascript-typescript, python, ruby or swift, only taken into account when code_scanning_default_setup_enabled is set to true |
| custom_properties | dict[string, string | list[string]] | The custom properties to set for this repository | |
| default_branch | string | Name of the default branch | |
| delete_branch_on_merge | boolean | If branches shall automatically be deleted after a merge | |
| dependabot_alerts_enabled | boolean | If the repo has dependabot alerts enabled | |
| dependabot_security_updates_enabled | boolean | If the repo has dependabot security updates enabled | |
| gh_pages_build_type | string | If the repo has GitHub Pages enabled | disabled, legacy or workflow. Build-type legacy refers to building from a branch |
| gh_pages_source_branch | string or null | The branch from which GitHub Pages should be built | only taken into account when gh_pages_build_type is set to legacy |
| gh_pages_source_path | string or null | The folder from which GitHub Pages should be built | only taken into account when gh_pages_build_type is set to legacy |
| has_discussions | boolean | If the repo has discussions enabled | |
| has_issues | boolean | If the repo can have issues | |
| has_projects | boolean | If the repo can have projects | |
| has_wiki | boolean | If the repo has a wiki | |
| is_template | boolean | If the repo is can be used as a template repository | |
| merge_commit_message | string | Can be PR_BODY, PR_TITLE, or BLANK for a default merge commit message | |
| merge_commit_title | string | Can be PR_TITLE or MERGE_MESSAGE for a default merge commit title | |
| post_process_template_content | list[string] | A list of content paths in a template repository that shall be processed after creation | only considered during creation |
| private_vulnerability_reporting_enabled | boolean | If the repo has private vulnerability reporting enabled | |
| secret_scanning | string | If secret scanning is "enabled" or "disabled" | |
| secret_scanning_push_protection | string | If secret scanning push protection is "enabled" or "disabled" | |
| squash_merge_commit_message | string | Can be PR_BODY, COMMIT_MESSAGES, or BLANK for a default squash merge commit message | |
| squash_merge_commit_title | string | Can be PR_TITLE or COMMIT_OR_PR_TITLE for a default squash merge commit title | |
| template_repository | string or null | The template repository to use when creating the repo | read-only, only considered during creation |
| forked_repository | string or null | The repository to fork when creating the repo | only considered during creation |
| fork_default_branch_only | boolean | When creating a fork, whether only the default branch will be included in the fork | only considered during creation |
| web_commit_signoff_required | boolean | If the repo requires web commit signoff | |
| workflows | Workflow Settings | Workflow settings on organizational level | |
| webhooks | list[Webhook] | webhooks defined for this repo, see section above for details | |
| secrets | list[RepositorySecret] | secrets defined for this repo, see section below for details | |
| variables | list[RepositoryVariable] | variables defined for this repo, see section below for details | |
| environments | list[Environment] | environments defined for this repo, see section below for details | |
| branch_protection_rules | list[BranchProtectionRule] | branch protection rules of the repo, see section below for details |
Embedded Models¶
Workflow Settings¶
| Key | Value | Description | Notes |
|---|---|---|---|
| enabled | boolean | If GitHub actions are enabled for this repository | |
| allowed_actions | string | Defines which type of GitHub Actions are permitted to run | all, local_only or selected |
| allow_github_owned_actions | boolean | If GitHub owned actions are permitted to run | Only taken into account when allowed_actions is set to selected |
| allow_verified_creator_actions | boolean | If GitHub Actions from verified creators are permitted to run | Only taken into account when allowed_actions is set to selected |
| allow_action_patterns | list[string] | A list of action patterns permitted to run | Only taken into account when allowed_actions is set to selected |
| default_workflow_permissions | string | The default workflow permissions granted to the GITHUB_TOKEN | read or write |
| actions_can_approve_pull_request_reviews | boolean | If actions can approve and merge pull requests |
Jsonnet Function¶
Note
In general, you will only ever use orgs.newRepo as this function will define a new repository with default
values. However, in some cases it might be needed to change properties for a repo that has already been defined
in the default configuration. In such situation, you should use orgs.extendRepo.
Validation rules¶
-
TODO: complete
-
specifying a description of more than 350 characters triggers an error (maximum supported length by GitHub)
- specifying more than 20 topics triggers an error (maximum number of supported topics by GitHub)
- disabling
has_discussionswhile this repository is configured as source repository for discussion of this organization triggers an error - specifying a
template_repositoryandforked_repositoryat the same time triggers an error - specifying a non-empty list of
allow_action_patternswhileallowed_actionsis not set toselected, triggers a warning
Tip
Changing the default branch of a repository has the same behavior as doing it via the Web UI. If the new branch already exists, the default branch will be switched, otherwise, the current default branch will be renamed to the newly specified name.
Note
When enabling GitHub Pages by setting gh_pages_build_type to either legacy or workflow, you should also
define a github-pages environment, as it will be created automatically by GitHub.
Warning
Specifying a code scanning language that is not detected by GitHub in the repo itself will lead to an error during applying. In general, default setup for code scanning should be used with care as it has some weird behavior, using a custom workflow is the preferred way to use CodeQL. For the custom workflow to succeed, you need to disable the default setup though.
Example usage¶
orgs.newOrg('adoptium') {
...
_repositories+:: [
...
orgs.newRepo('.github') {
allow_auto_merge: true,
allow_merge_commit: false,
allow_update_branch: false,
dependabot_alerts_enabled: false,
web_commit_signoff_required: false,
workflows+: {
enabled: false,
},
branch_protection_rules: [
orgs.newBranchProtectionRule('main'),
],
},
}