Organization Workflow Settings
Definition of workflow settings on organization level, the following properties are supported:
Key | Value | Description | Notes |
---|---|---|---|
enabled_repositories | string | Defines which repositories are permitted to use GitHub Actions | all , none or selected |
selected_repositories | list[string] | The list of repositories that are permitted to use GitHub Actions | Only taken into account when enabled_repositories is set to selected |
allowed_actions | string | Defines which type of GitHub Actions are permitted to run | all , local_only or selected |
allow_github_owned_actions | boolean | If GitHub owned actions are permitted to run | Only taken into account when allowed_actions is set to selected |
allow_verified_creator_actions | boolean | If GitHub Actions from verified creators are permitted to run | Only taken into account when allowed_actions is set to selected |
allow_action_patterns | list[string] | A list of action patterns permitted to run | Only taken into account when allowed_actions is set to selected |
default_workflow_permissions | string | The default workflow permissions granted to the GITHUB_TOKEN | read or write |
actions_can_approve_pull_request_reviews | boolean | If actions can approve and merge pull requests |
Validation rules¶
- specifying a non-empty list of
selected_repositories
whileenabled_repositories
is not set toselected
, triggers a warning - specifying a non-empty list of
allow_action_patterns
whileallowed_actions
is not set toselected
, triggers a warning
Example usage¶
orgs.newOrg('adoptium') {
settings+: {
blog: "https://adoptium.net",
default_repository_permission: "none",
description: "The Adoptium Working Group ...",
name: "Eclipse Adoptium",
workflows+: {
allowed_actions: "selected",
allow_action_patterns: [
"marocchino/sticky-pull-request-comment@*",
"release-drafter/release-drafter@*"
]
}
},
...
}