Organization Workflow Settings
Definition of workflow settings on organization level, the following properties are supported:
| Key | Value | Description | Notes |
|---|---|---|---|
| enabled_repositories | string | Defines which repositories are permitted to use GitHub Actions | all, none or selected |
| selected_repositories | list[string] | The list of repositories that are permitted to use GitHub Actions | Only taken into account when enabled_repositories is set to selected |
| allowed_actions | string | Defines which type of GitHub Actions are permitted to run | all, local_only or selected |
| allow_github_owned_actions | boolean | If GitHub owned actions are permitted to run | Only taken into account when allowed_actions is set to selected |
| allow_verified_creator_actions | boolean | If GitHub Actions from verified creators are permitted to run | Only taken into account when allowed_actions is set to selected |
| allow_action_patterns | list[string] | A list of action patterns permitted to run | Only taken into account when allowed_actions is set to selected |
| default_workflow_permissions | string | The default workflow permissions granted to the GITHUB_TOKEN | read or write |
| actions_can_approve_pull_request_reviews | boolean | If actions can approve and merge pull requests |
Validation rules¶
- specifying a non-empty list of
selected_repositorieswhileenabled_repositoriesis not set toselected, triggers a warning - specifying a non-empty list of
allow_action_patternswhileallowed_actionsis not set toselected, triggers a warning
Example usage¶
orgs.newOrg('adoptium') {
settings+: {
blog: "https://adoptium.net",
default_repository_permission: "none",
description: "The Adoptium Working Group ...",
name: "Eclipse Adoptium",
workflows+: {
allowed_actions: "selected",
allow_action_patterns: [
"marocchino/sticky-pull-request-comment@*",
"release-drafter/release-drafter@*"
]
}
},
...
}