From 1107316235ea457b566570a3a1ffaa49de4f4ecf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Madis=20K=C3=B5osaar?= Date: Thu, 12 Feb 2026 10:37:24 +0200 Subject: [PATCH 1/7] fix: apply org-level settings before loading repository configurations --- lib/plugins/branches.js | 20 ++++++++++++++------ lib/settings.js | 3 +++ 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/lib/plugins/branches.js b/lib/plugins/branches.js index d28e2f905..28bb09cc9 100644 --- a/lib/plugins/branches.js +++ b/lib/plugins/branches.js @@ -5,10 +5,18 @@ const Overrides = require('./overrides') const ignorableFields = [] const previewHeaders = { accept: 'application/vnd.github.hellcat-preview+json,application/vnd.github.luke-cage-preview+json,application/vnd.github.zzzax-preview+json' } const overrides = { - 'contexts': { - 'action': 'reset', - 'type': 'array' - }, + contexts: { + action: 'reset', + type: 'array' + } +} + +// GitHub API requires these fields to be present in updateBranchProtection calls +// See: https://docs.github.com/rest/branches/branch-protection#update-branch-protection +const requiredBranchProtectionDefaults = { + required_status_checks: null, + enforce_admins: null, + restrictions: null } module.exports = class Branches extends ErrorStash { @@ -73,7 +81,7 @@ module.exports = class Branches extends ErrorStash { resArray.push(new NopCommand(this.constructor.name, this.repo, null, results)) } - Object.assign(params, branch.protection, { headers: previewHeaders }) + Object.assign(params, requiredBranchProtectionDefaults, branch.protection, { headers: previewHeaders }) if (this.nop) { resArray.push(new NopCommand(this.constructor.name, this.repo, this.github.repos.updateBranchProtection.endpoint(params), 'Add Branch Protection')) @@ -83,7 +91,7 @@ module.exports = class Branches extends ErrorStash { return this.github.repos.updateBranchProtection(params).then(res => this.log.debug(`Branch protection applied successfully ${JSON.stringify(res.url)}`)).catch(e => { this.logError(`Error applying branch protection ${JSON.stringify(e)}`); return [] }) }).catch((e) => { if (e.status === 404) { - Object.assign(params, Overrides.removeOverrides(overrides, branch.protection, {}), { headers: previewHeaders }) + Object.assign(params, requiredBranchProtectionDefaults, Overrides.removeOverrides(overrides, branch.protection, {}), { headers: previewHeaders }) if (this.nop) { resArray.push(new NopCommand(this.constructor.name, this.repo, this.github.repos.updateBranchProtection.endpoint(params), 'Add Branch Protection')) return Promise.resolve(resArray) diff --git a/lib/settings.js b/lib/settings.js index 8d9e07b2b..9a6d37bf1 100644 --- a/lib/settings.js +++ b/lib/settings.js @@ -46,6 +46,9 @@ class Settings { const settings = new Settings(nop, context, context.repo(), config, ref) try { + // Apply org-level settings (e.g., rulesets) first, matching syncAll behavior + await settings.updateOrg() + for (const repo of repos) { settings.repo = repo await settings.loadConfigs(repo) From 0051d0e26024567f1d081d060fd2529e1b7ce30c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Madis=20K=C3=B5osaar?= Date: Thu, 12 Feb 2026 10:37:50 +0200 Subject: [PATCH 2/7] fix: enhance descriptions and add new properties for security features in settings.json --- schema/dereferenced/settings.json | 229 +++++++++++++++++------------- 1 file changed, 132 insertions(+), 97 deletions(-) diff --git a/schema/dereferenced/settings.json b/schema/dereferenced/settings.json index e94a66e57..fc9a45c3e 100644 --- a/schema/dereferenced/settings.json +++ b/schema/dereferenced/settings.json @@ -39,7 +39,17 @@ "properties": { "advanced_security": { "type": "object", - "description": "Use the `status` property to enable or disable GitHub Advanced Security for this repository. For more information, see \"[About GitHub Advanced Security](/github/getting-started-with-github/learning-about-github/about-github-advanced-security).\"", + "description": "Use the `status` property to enable or disable GitHub Advanced Security for this repository.\nFor more information, see \"[About GitHub Advanced\nSecurity](/github/getting-started-with-github/learning-about-github/about-github-advanced-security).\"\n\nFor standalone Code Scanning or Secret Protection products, this parameter cannot be used.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "code_security": { + "type": "object", + "description": "Use the `status` property to enable or disable GitHub Code Security for this repository.", "properties": { "status": { "type": "string", @@ -67,6 +77,16 @@ } } }, + "secret_scanning_ai_detection": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning AI detection for this repository. For more information, see \"[Responsible detection of generic secrets with AI](https://docs.github.com/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/responsible-ai-generic-secrets).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, "secret_scanning_non_provider_patterns": { "type": "object", "description": "Use the `status` property to enable or disable secret scanning non-provider patterns for this repository. For more information, see \"[Supported secret scanning patterns](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).\"", @@ -135,7 +155,7 @@ }, "use_squash_pr_title_as_default": { "type": "boolean", - "description": "Either `true` to allow squash-merge commits to use pull request title, or `false` to use commit message. **This property has been deprecated. Please use `squash_merge_commit_title` instead.", + "description": "Either `true` to allow squash-merge commits to use pull request title, or `false` to use commit message. **This property is closing down. Please use `squash_merge_commit_title` instead.", "default": false, "deprecated": true }, @@ -338,7 +358,7 @@ }, "maintainers": { "type": "array", - "description": "List GitHub IDs for organization members who will become team maintainers.", + "description": "List GitHub usernames for organization members who will become team maintainers.", "items": { "type": "string" } @@ -368,7 +388,7 @@ }, "permission": { "type": "string", - "description": "**Deprecated**. The permission that new repositories will be added to the team with when none is specified.", + "description": "**Closing down notice**. The permission that new repositories will be added to the team with when none is specified.", "enum": [ "pull", "push" @@ -409,7 +429,7 @@ "contexts": { "type": "array", "deprecated": true, - "description": "**Deprecated**: The list of status checks to require in order to merge into this branch. If any of these checks have recently been set by a particular GitHub App, they will be required to come from that app in future for the branch to merge. Use `checks` instead of `contexts` for more fine-grained control.", + "description": "**Closing down notice**: The list of status checks to require in order to merge into this branch. If any of these checks have recently been set by a particular GitHub App, they will be required to come from that app in future for the branch to merge. Use `checks` instead of `contexts` for more fine-grained control.", "items": { "type": "string" } @@ -663,7 +683,8 @@ "enum": [ "branch", "tag", - "push" + "push", + "repository" ], "default": "branch" }, @@ -690,7 +711,7 @@ "actor_id": { "type": "integer", "nullable": true, - "description": "The ID of the actor that can bypass a ruleset. If `actor_type` is `OrganizationAdmin`, this should be `1`. If `actor_type` is `DeployKey`, this should be null. `OrganizationAdmin` is not applicable for personal repositories." + "description": "The ID of the actor that can bypass a ruleset. Required for `Integration`, `RepositoryRole`, and `Team` actor types. If `actor_type` is `OrganizationAdmin`, `actor_id` is ignored. If `actor_type` is `DeployKey`, this should be null. `OrganizationAdmin` is not applicable for personal repositories." }, "actor_type": { "type": "string", @@ -705,10 +726,11 @@ }, "bypass_mode": { "type": "string", - "description": "When the specified actor can bypass the ruleset. `pull_request` means that an actor can only bypass rules on pull requests. `pull_request` is not applicable for the `DeployKey` actor type. Also, `pull_request` is only applicable to branch rulesets.", + "description": "When the specified actor can bypass the ruleset. `pull_request` means that an actor can only bypass rules on pull requests. `pull_request` is not applicable for the `DeployKey` actor type. Also, `pull_request` is only applicable to branch rulesets. When `bypass_mode` is `exempt`, rules will not be run for that actor and a bypass audit entry will not be created.", "enum": [ "always", - "pull_request" + "pull_request", + "exempt" ], "default": "always" } @@ -718,7 +740,7 @@ "conditions": { "title": "Organization ruleset conditions", "type": "object", - "description": "Conditions for an organization ruleset.\nThe branch and tag rulesets conditions object should contain both `repository_name` and `ref_name` properties, or both `repository_id` and `ref_name` properties, or both `repository_property` and `ref_name` properties.\nThe push rulesets conditions object does not require the `ref_name` property.", + "description": "Conditions for an organization ruleset.\nThe branch and tag rulesets conditions object should contain both `repository_name` and `ref_name` properties, or both `repository_id` and `ref_name` properties, or both `repository_property` and `ref_name` properties.\nThe push rulesets conditions object does not require the `ref_name` property.\nFor repository policy rulesets, the conditions object should only contain the `repository_name`, the `repository_id`, or the `repository_property`.", "oneOf": [ { "type": "object", @@ -1043,83 +1065,6 @@ } } }, - { - "title": "merge_queue", - "description": "Merges must be performed via a merge queue.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "type": { - "type": "string", - "enum": [ - "merge_queue" - ] - }, - "parameters": { - "type": "object", - "properties": { - "check_response_timeout_minutes": { - "type": "integer", - "description": "Maximum time for a required status check to report a conclusion. After this much time has elapsed, checks that have not reported a conclusion will be assumed to have failed", - "minimum": 1, - "maximum": 360 - }, - "grouping_strategy": { - "type": "string", - "description": "When set to ALLGREEN, the merge commit created by merge queue for each PR in the group must pass all required checks to merge. When set to HEADGREEN, only the commit at the head of the merge group, i.e. the commit containing changes from all of the PRs in the group, must pass its required checks to merge.", - "enum": [ - "ALLGREEN", - "HEADGREEN" - ] - }, - "max_entries_to_build": { - "type": "integer", - "description": "Limit the number of queued pull requests requesting checks and workflow runs at the same time.", - "minimum": 0, - "maximum": 100 - }, - "max_entries_to_merge": { - "type": "integer", - "description": "The maximum number of PRs that will be merged together in a group.", - "minimum": 0, - "maximum": 100 - }, - "merge_method": { - "type": "string", - "description": "Method to use when merging changes from queued pull requests.", - "enum": [ - "MERGE", - "SQUASH", - "REBASE" - ] - }, - "min_entries_to_merge": { - "type": "integer", - "description": "The minimum number of PRs that will be merged together in a group.", - "minimum": 0, - "maximum": 100 - }, - "min_entries_to_merge_wait_minutes": { - "type": "integer", - "description": "The time merge queue should wait after the first PR is added to the queue for the minimum group size to be met. After this time has elapsed, the minimum group size will be ignored and a smaller group will be merged.", - "minimum": 0, - "maximum": 360 - } - }, - "required": [ - "check_response_timeout_minutes", - "grouping_strategy", - "max_entries_to_build", - "max_entries_to_merge", - "merge_method", - "min_entries_to_merge", - "min_entries_to_merge_wait_minutes" - ] - } - } - }, { "title": "required_deployments", "description": "Choose which environments must be successfully deployed to before refs can be pushed into a ref that matches this rule.", @@ -1184,6 +1129,18 @@ "parameters": { "type": "object", "properties": { + "allowed_merge_methods": { + "type": "array", + "description": "Array of allowed merge methods. Allowed values include `merge`, `squash`, and `rebase`. At least one option must be enabled.", + "items": { + "type": "string", + "enum": [ + "merge", + "squash", + "rebase" + ] + } + }, "dismiss_stale_reviews_on_push": { "type": "boolean", "description": "New, reviewable commits pushed will dismiss previous pull request review approvals." @@ -1205,6 +1162,55 @@ "required_review_thread_resolution": { "type": "boolean", "description": "All conversations on code must be resolved before a pull request can be merged." + }, + "required_reviewers": { + "type": "array", + "description": "> [!NOTE]\n> `required_reviewers` is in beta and subject to change.\n\nA collection of reviewers and associated file patterns. Each reviewer has a list of file patterns which determine the files that reviewer is required to review.", + "items": { + "title": "RequiredReviewerConfiguration", + "description": "A reviewing team, and file patterns describing which files they must approve changes to.", + "type": "object", + "properties": { + "file_patterns": { + "type": "array", + "description": "Array of file patterns. Pull requests which change matching files must be approved by the specified team. File patterns use fnmatch syntax.", + "items": { + "type": "string" + } + }, + "minimum_approvals": { + "type": "integer", + "description": "Minimum number of approvals required from the specified team. If set to zero, the team will be added to the pull request but approval is optional." + }, + "reviewer": { + "title": "Reviewer", + "description": "A required reviewing team", + "type": "object", + "properties": { + "id": { + "type": "integer", + "description": "ID of the reviewer which must review changes to matching files." + }, + "type": { + "type": "string", + "description": "The type of the reviewer", + "enum": [ + "Team" + ] + } + }, + "required": [ + "id", + "type" + ] + } + }, + "required": [ + "file_patterns", + "minimum_approvals", + "reviewer" + ] + } } }, "required": [ @@ -1307,7 +1313,7 @@ "properties": { "name": { "type": "string", - "description": "How this rule will appear to users." + "description": "How this rule appears when configuring it." }, "negate": { "type": "boolean", @@ -1354,7 +1360,7 @@ "properties": { "name": { "type": "string", - "description": "How this rule will appear to users." + "description": "How this rule appears when configuring it." }, "negate": { "type": "boolean", @@ -1401,7 +1407,7 @@ "properties": { "name": { "type": "string", - "description": "How this rule will appear to users." + "description": "How this rule appears when configuring it." }, "negate": { "type": "boolean", @@ -1448,7 +1454,7 @@ "properties": { "name": { "type": "string", - "description": "How this rule will appear to users." + "description": "How this rule appears when configuring it." }, "negate": { "type": "boolean", @@ -1495,7 +1501,7 @@ "properties": { "name": { "type": "string", - "description": "How this rule will appear to users." + "description": "How this rule appears when configuring it." }, "negate": { "type": "boolean", @@ -1525,7 +1531,7 @@ }, { "title": "file_path_restriction", - "description": "Prevent commits that include changes in specified file paths from being pushed to the commit graph.", + "description": "Prevent commits that include changes in specified file and folder paths from being pushed to the commit graph. This includes absolute paths that contain file names.", "type": "object", "required": [ "type" @@ -1556,7 +1562,7 @@ }, { "title": "max_file_path_length", - "description": "Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph.", + "description": "Prevent commits that include file paths that exceed the specified character limit from being pushed to the commit graph.", "type": "object", "required": [ "type" @@ -1573,9 +1579,9 @@ "properties": { "max_file_path_length": { "type": "integer", - "description": "The maximum amount of characters allowed in file paths", + "description": "The maximum amount of characters allowed in file paths.", "minimum": 1, - "maximum": 256 + "maximum": 32767 } }, "required": [ @@ -1617,7 +1623,7 @@ }, { "title": "max_file_size", - "description": "Prevent commits that exceed a specified file size limit from being pushed to the commit.", + "description": "Prevent commits with individual files that exceed the specified limit from being pushed to the commit graph.", "type": "object", "required": [ "type" @@ -1768,6 +1774,35 @@ ] } } + }, + { + "title": "copilot_code_review", + "description": "Request Copilot code review for new pull requests automatically if the author has access to Copilot code review and their premium requests quota has not reached the limit.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "copilot_code_review" + ] + }, + "parameters": { + "type": "object", + "properties": { + "review_draft_pull_requests": { + "type": "boolean", + "description": "Copilot automatically reviews draft pull requests before they are marked as ready for review." + }, + "review_on_push": { + "type": "boolean", + "description": "Copilot automatically reviews each new push to the pull request." + } + } + } + } } ] } From bb1b033f9b9a9b4463554ce731fa4b602155bba1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Madis=20K=C3=B5osaar?= Date: Thu, 12 Feb 2026 17:59:10 +0200 Subject: [PATCH 3/7] fix: update description for deprecated squash-merge commit title property in settings.json --- schema/dereferenced/settings.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/schema/dereferenced/settings.json b/schema/dereferenced/settings.json index fc9a45c3e..df3d9231a 100644 --- a/schema/dereferenced/settings.json +++ b/schema/dereferenced/settings.json @@ -155,7 +155,7 @@ }, "use_squash_pr_title_as_default": { "type": "boolean", - "description": "Either `true` to allow squash-merge commits to use pull request title, or `false` to use commit message. **This property is closing down. Please use `squash_merge_commit_title` instead.", + "description": "Either `true` to allow squash-merge commits to use pull request title, or `false` to use commit message. **This property is closing down. Please use `squash_merge_commit_title` instead.**", "default": false, "deprecated": true }, From d57526e2b3cbbce2d10a32f54e3ebe51a26ace84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Madis=20K=C3=B5osaar?= Date: Fri, 27 Mar 2026 14:30:16 +0200 Subject: [PATCH 4/7] Update api endpoint version --- app.yml | 2 +- docs/github-settings/1. repository-settings.md | 4 ++-- docs/github-settings/2. repository-variables.md | 2 +- docs/github-settings/3. collaborators.md | 4 ++-- docs/github-settings/4. teams.md | 2 +- docs/github-settings/5. branch-protection.md | 2 +- docs/github-settings/6. deployment-environments.md | 6 +++--- docs/github-settings/7. autolinks.md | 2 +- docs/github-settings/8. labels.md | 6 +++--- docs/sample-settings/settings.yml | 12 ++++++------ index.js | 8 ++++---- lib/plugins/autolinks.js | 2 +- lib/plugins/collaborators.js | 2 +- lib/plugins/rulesets.js | 2 +- lib/plugins/variables.js | 8 ++++---- lib/settings.js | 2 +- schema/settings.json | 12 ++++++------ test/unit/lib/plugins/rulesets.test.js | 2 +- 18 files changed, 40 insertions(+), 40 deletions(-) diff --git a/app.yml b/app.yml index 04b1f7015..1a72906d7 100644 --- a/app.yml +++ b/app.yml @@ -115,7 +115,7 @@ default_permissions: organization_administration: write # Manage Actions variables. - # https://docs.github.com/en/rest/actions/variables?apiVersion=2022-11-28 + # https://docs.github.com/en/rest/actions/variables?apiVersion=2026-03-10 actions_variables: write diff --git a/docs/github-settings/1. repository-settings.md b/docs/github-settings/1. repository-settings.md index 4d7fc0785..46eaa64b9 100644 --- a/docs/github-settings/1. repository-settings.md +++ b/docs/github-settings/1. repository-settings.md @@ -50,8 +50,8 @@ repository: >[!TIP] >GitHub's API documentation defines these inputs and types: ->1. [Update an environment](https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#update-a-repository) ->2. [Replace all repository topics](https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#replace-all-repository-topics) +>1. [Update an environment](https://docs.github.com/en/rest/repos/repos?apiVersion=2026-03-10#update-a-repository) +>2. [Replace all repository topics](https://docs.github.com/en/rest/repos/repos?apiVersion=2026-03-10#replace-all-repository-topics)
diff --git a/docs/github-settings/2. repository-variables.md b/docs/github-settings/2. repository-variables.md index 5a9871b70..8d6d733f6 100644 --- a/docs/github-settings/2. repository-variables.md +++ b/docs/github-settings/2. repository-variables.md @@ -18,7 +18,7 @@ variables: >[!TIP] >GitHub's API documentation defines these inputs and types: ->1. [Update a repository variable](https://docs.github.com/en/rest/actions/variables?apiVersion=2022-11-28#update-a-repository-variable) +>1. [Update a repository variable](https://docs.github.com/en/rest/actions/variables?apiVersion=2026-03-10#update-a-repository-variable)
diff --git a/docs/github-settings/3. collaborators.md b/docs/github-settings/3. collaborators.md index bbc971c14..56a0ac595 100644 --- a/docs/github-settings/3. collaborators.md +++ b/docs/github-settings/3. collaborators.md @@ -20,8 +20,8 @@ collaborators: >[!TIP] >GitHub's API documentation defines these inputs and types: ->1. [Add a repository collaborator](https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2022-11-28#add-a-repository-collaborator) ->2. [Remove a repository collaborator](https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2022-11-28#remove-a-repository-collaborator) +>1. [Add a repository collaborator](https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2026-03-10#add-a-repository-collaborator) +>2. [Remove a repository collaborator](https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2026-03-10#remove-a-repository-collaborator)
diff --git a/docs/github-settings/4. teams.md b/docs/github-settings/4. teams.md index 496b30a32..e6085ebcd 100644 --- a/docs/github-settings/4. teams.md +++ b/docs/github-settings/4. teams.md @@ -20,7 +20,7 @@ teams: >[!TIP] >GitHub's API documentation defines these inputs and types: ->1. [Add or update team repository permissions](https://docs.github.com/en/rest/teams/teams?apiVersion=2022-11-28#add-or-update-team-repository-permissions) +>1. [Add or update team repository permissions](https://docs.github.com/en/rest/teams/teams?apiVersion=2026-03-10#add-or-update-team-repository-permissions)
diff --git a/docs/github-settings/5. branch-protection.md b/docs/github-settings/5. branch-protection.md index 4874a1d79..8f054f818 100644 --- a/docs/github-settings/5. branch-protection.md +++ b/docs/github-settings/5. branch-protection.md @@ -55,7 +55,7 @@ branches: >[!TIP] >GitHub's API documentation defines these inputs and types: ->1. [Update a repository variable](https://docs.github.com/en/rest/actions/variables?apiVersion=2022-11-28#update-a-repository-variable) +>1. [Update a repository variable](https://docs.github.com/en/rest/actions/variables?apiVersion=2026-03-10#update-a-repository-variable)
diff --git a/docs/github-settings/6. deployment-environments.md b/docs/github-settings/6. deployment-environments.md index c4705b33b..87c9e6b81 100644 --- a/docs/github-settings/6. deployment-environments.md +++ b/docs/github-settings/6. deployment-environments.md @@ -46,9 +46,9 @@ environments: >[!TIP] >GitHub's API documentation defines these inputs and types: ->1. [Create or update an environment](https://docs.github.com/en/rest/deployments/environments?apiVersion=2022-11-28#create-or-update-an-environment) ->2. [Create a deployment branch policy](https://docs.github.com/en/rest/deployments/branch-policies?apiVersion=2022-11-28#create-a-deployment-branch-policy) ->3. [Create an environment variable](https://docs.github.com/en/rest/actions/variables?apiVersion=2022-11-28#create-an-environment-variable) +>1. [Create or update an environment](https://docs.github.com/en/rest/deployments/environments?apiVersion=2026-03-10#create-or-update-an-environment) +>2. [Create a deployment branch policy](https://docs.github.com/en/rest/deployments/branch-policies?apiVersion=2026-03-10#create-a-deployment-branch-policy) +>3. [Create an environment variable](https://docs.github.com/en/rest/actions/variables?apiVersion=2026-03-10#create-an-environment-variable)
diff --git a/docs/github-settings/7. autolinks.md b/docs/github-settings/7. autolinks.md index 9ae3c19f7..26b5143ca 100644 --- a/docs/github-settings/7. autolinks.md +++ b/docs/github-settings/7. autolinks.md @@ -20,7 +20,7 @@ variables: >[!TIP] >GitHub's API documentation defines these inputs and types: ->1. [Create an autolink reference for a repository](https://docs.github.com/en/rest/repos/autolinks?apiVersion=2022-11-28#create-an-autolink-reference-for-a-repository) +>1. [Create an autolink reference for a repository](https://docs.github.com/en/rest/repos/autolinks?apiVersion=2026-03-10#create-an-autolink-reference-for-a-repository)
diff --git a/docs/github-settings/8. labels.md b/docs/github-settings/8. labels.md index ddf4c4b43..cee530f47 100644 --- a/docs/github-settings/8. labels.md +++ b/docs/github-settings/8. labels.md @@ -19,9 +19,9 @@ labels: >[!TIP] >GitHub's API documentation defines these inputs and types: ->1. [Create a label](https://docs.github.com/en/rest/issues/labels?apiVersion=2022-11-28#create-a-label) ->2. [Update a label](https://docs.github.com/en/rest/issues/labels?apiVersion=2022-11-28#update-a-label) ->3. [Delete a label](https://docs.github.com/en/rest/issues/labels?apiVersion=2022-11-28#delete-a-label) +>1. [Create a label](https://docs.github.com/en/rest/issues/labels?apiVersion=2026-03-10#create-a-label) +>2. [Update a label](https://docs.github.com/en/rest/issues/labels?apiVersion=2026-03-10#update-a-label) +>3. [Delete a label](https://docs.github.com/en/rest/issues/labels?apiVersion=2026-03-10#delete-a-label)
diff --git a/docs/sample-settings/settings.yml b/docs/sample-settings/settings.yml index 7e19d3354..1ede6a079 100644 --- a/docs/sample-settings/settings.yml +++ b/docs/sample-settings/settings.yml @@ -1,7 +1,7 @@ # This settings file can be used to create org-level settings # This is the settings that need to be applied to all repositories in the org -# See https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#create-an-organization-repository for all available settings for a repository +# See https://docs.github.com/en/rest/repos/repos?apiVersion=2026-03-10#create-an-organization-repository for all available settings for a repository repository: # A short description of the repository that will show up on GitHub description: description of the repo @@ -123,7 +123,7 @@ milestones: state: open # Collaborators: give specific users access to any repository. -# See https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2022-11-28#add-a-repository-collaborator for available options +# See https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2026-03-10#add-a-repository-collaborator for available options collaborators: - username: regpaco # The permission to grant the collaborator. Can be one of: @@ -144,7 +144,7 @@ collaborators: - another-repo # Teams -# See https://docs.github.com/en/rest/teams/teams?apiVersion=2022-11-28#create-a-team for available options +# See https://docs.github.com/en/rest/teams/teams?apiVersion=2026-03-10#create-a-team for available options teams: - name: core # The permission to grant the team. Can be one of: @@ -163,7 +163,7 @@ teams: visibility: closed # Branch protection rules -# See https://docs.github.com/en/rest/branches/branch-protection?apiVersion=2022-11-28#update-branch-protection for available options +# See https://docs.github.com/en/rest/branches/branch-protection?apiVersion=2026-03-10#update-branch-protection for available options branches: # If the name of the branch value is specified as `default`, then the app will create a branch protection rule to apply against the default branch in the repo - name: default @@ -202,7 +202,7 @@ branches: teams: [] # Custom properties -# See https://docs.github.com/en/rest/repos/custom-properties?apiVersion=2022-11-28 +# See https://docs.github.com/en/rest/repos/custom-properties?apiVersion=2026-03-10 custom_properties: - name: test value: test @@ -221,7 +221,7 @@ validator: pattern: "[a-zA-Z0-9_-]+" # Rulesets -# See https://docs.github.com/en/rest/orgs/rules?apiVersion=2022-11-28#create-an-organization-repository-rulesetfor available options +# See https://docs.github.com/en/rest/orgs/rules?apiVersion=2026-03-10#create-an-organization-repository-rulesetfor available options rulesets: - name: Template # The target of the ruleset. Can be one of: diff --git a/index.js b/index.js index 4707c82d0..ac1777c46 100644 --- a/index.js +++ b/index.js @@ -407,7 +407,7 @@ module.exports = (robot, { getRouter }, Settings = require('./lib/settings')) => repo: env.ADMIN_REPO, path: oldPath, headers: { - 'X-GitHub-Api-Version': '2022-11-28' + 'X-GitHub-Api-Version': '2026-03-10' } }) let content = Buffer.from(repofile.data.content, 'base64').toString() @@ -418,10 +418,10 @@ module.exports = (robot, { getRouter }, Settings = require('./lib/settings')) => // Check if a config file already exists for the renamed repo name await context.octokit.request('GET /repos/{owner}/{repo}/contents/{path}', { owner: payload.repository.owner.login, - repo: env.ADMIN_REPO, + repo: env.ADMIN_REPO, path: newPath, headers: { - 'X-GitHub-Api-Version': '2022-11-28' + 'X-GitHub-Api-Version': '2026-03-10' } }) } catch (error) { @@ -436,7 +436,7 @@ module.exports = (robot, { getRouter }, Settings = require('./lib/settings')) => message: `Repo Renamed and safe-settings renamed the file from ${payload.changes.repository.name.from} to ${payload.repository.name}`, sha: repofile.data.sha, headers: { - 'X-GitHub-Api-Version': '2022-11-28' + 'X-GitHub-Api-Version': '2026-03-10' } }) robot.log.debug(`Created a new setting file ${newPath}`) diff --git a/lib/plugins/autolinks.js b/lib/plugins/autolinks.js index db85abff8..5145fe9cd 100644 --- a/lib/plugins/autolinks.js +++ b/lib/plugins/autolinks.js @@ -19,7 +19,7 @@ module.exports = class Autolinks extends Diffable { changed (existing, attr) { // is_alphanumeric was added mid-2023. In order to continue to support settings yamls which dont specify this // attribute, consider an unset is_alphanumeric as `true` (since that is the default value in the API) - // https://docs.github.com/en/rest/repos/autolinks?apiVersion=2022-11-28#create-an-autolink-reference-for-a-repository + // https://docs.github.com/en/rest/repos/autolinks?apiVersion=2026-03-10#create-an-autolink-reference-for-a-repository const isAlphaNumericMatch = attr.is_alphanumeric === undefined ? existing.is_alphanumeric // === true, the default : attr.is_alphanumeric === existing.is_alphanumeric diff --git a/lib/plugins/collaborators.js b/lib/plugins/collaborators.js index e0b351488..5fba30eb2 100644 --- a/lib/plugins/collaborators.js +++ b/lib/plugins/collaborators.js @@ -15,7 +15,7 @@ module.exports = class Collaborators extends Diffable { } find () { - // https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2022-11-28 + // https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2026-03-10 // 'outside' means all outside collaborators of an organization-owned repository. // 'direct' means all collaborators with permissions to an organization-owned repository, regardless of organization membership status. (includes outside collaborators) // 'all' means all collaborators the authenticated user can see. diff --git a/lib/plugins/rulesets.js b/lib/plugins/rulesets.js index b77ead1bd..ad9a21f05 100644 --- a/lib/plugins/rulesets.js +++ b/lib/plugins/rulesets.js @@ -12,7 +12,7 @@ const overrides = { } const version = { - 'X-GitHub-Api-Version': '2022-11-28' + 'X-GitHub-Api-Version': '2026-03-10' } module.exports = class Rulesets extends Diffable { constructor (nop, github, repo, entries, log, errors, scope) { diff --git a/lib/plugins/variables.js b/lib/plugins/variables.js index 25795c408..2ca49ce29 100644 --- a/lib/plugins/variables.js +++ b/lib/plugins/variables.js @@ -16,7 +16,7 @@ module.exports = class Variables extends Diffable { /** * Look-up existing variables for a given repository * - * @see {@link https://docs.github.com/en/rest/actions/variables?apiVersion=2022-11-28#list-repository-variables} list repository variables + * @see {@link https://docs.github.com/en/rest/actions/variables?apiVersion=2026-03-10#list-repository-variables} list repository variables * @returns {Array.} Returns a list of variables that exist in a repository */ async find () { @@ -81,7 +81,7 @@ module.exports = class Variables extends Diffable { * @param {Array.} existing Existing variables defined in the repository * @param {Array.} variables Variables that we have defined as code * - * @see {@link https://docs.github.com/en/rest/actions/variables?apiVersion=2022-11-28#update-a-repository-variable} update a repository variable + * @see {@link https://docs.github.com/en/rest/actions/variables?apiVersion=2026-03-10#update-a-repository-variable} update a repository variable * @returns */ async update (existing, variables = []) { @@ -150,7 +150,7 @@ module.exports = class Variables extends Diffable { * * @param {object} variable The variable to add, with name and value * - * @see {@link https://docs.github.com/en/rest/actions/variables?apiVersion=2022-11-28#create-a-repository-variable} create a repository variable + * @see {@link https://docs.github.com/en/rest/actions/variables?apiVersion=2026-03-10#create-a-repository-variable} create a repository variable * @returns */ async add (variable) { @@ -175,7 +175,7 @@ module.exports = class Variables extends Diffable { * * @param {String} existing Name of the existing variable to remove * - * @see {@link https://docs.github.com/en/rest/actions/variables?apiVersion=2022-11-28#delete-a-repository-variable} delete a repository variable + * @see {@link https://docs.github.com/en/rest/actions/variables?apiVersion=2026-03-10#delete-a-repository-variable} delete a repository variable * @returns */ async remove (existing) { diff --git a/lib/settings.js b/lib/settings.js index 8314c9eee..919e01854 100644 --- a/lib/settings.js +++ b/lib/settings.js @@ -607,7 +607,7 @@ ${this.results.reduce((x, y) => { this.log.debug(` In getRepoConfigMap ${JSON.stringify(this.repo)}`) // GitHub getContent api has a hard limit of returning 1000 entries without // any pagination. They suggest to use Tree api. - // https://docs.github.com/en/rest/repos/contents?apiVersion=2022-11-28#get-repository-content + // https://docs.github.com/en/rest/repos/contents?apiVersion=2026-03-10#get-repository-content // get /repos directory sha to use in the getTree api const repo = { owner: this.repo.owner, repo: env.ADMIN_REPO } diff --git a/schema/settings.json b/schema/settings.json index 4d390b38f..8c8a53c81 100644 --- a/schema/settings.json +++ b/schema/settings.json @@ -5,7 +5,7 @@ "repositories": { "allOf": [ { - "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2022-11-28.json#/paths/~1repos~1{owner}~1{repo}/patch/requestBody/content/application~1json/schema" + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}/patch/requestBody/content/application~1json/schema" }, { "type": "object", @@ -105,7 +105,7 @@ "items": { "allOf": [ { - "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2022-11-28.json#/paths/~1repos~1{owner}~1{repo}~1collaborators~1{username}/put/requestBody/content/application~1json/schema" + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}~1collaborators~1{username}/put/requestBody/content/application~1json/schema" }, { "type": "object", @@ -136,7 +136,7 @@ "description": "Teams", "type": "array", "items": { - "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2022-11-28.json#/paths/~1orgs~1{org}~1teams/post/requestBody/content/application~1json/schema" + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1orgs~1{org}~1teams/post/requestBody/content/application~1json/schema" } }, "branches": { @@ -149,7 +149,7 @@ "type": "string" }, "protection": { - "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2022-11-28.json#/paths/~1repos~1{owner}~1{repo}~1branches~1{branch}~1protection/put/requestBody/content/application~1json/schema" + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}~1branches~1{branch}~1protection/put/requestBody/content/application~1json/schema" } } } @@ -173,7 +173,7 @@ "description": "Autolinks", "type": "array", "items": { - "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2022-11-28.json#/paths/~1repos~1{owner}~1{repo}~1autolinks/post/requestBody/content/application~1json/schema" + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}~1autolinks/post/requestBody/content/application~1json/schema" } }, "validator": { @@ -189,7 +189,7 @@ "description": "Rulesets", "type": "array", "items": { - "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2022-11-28.json#/paths/~1orgs~1{org}~1rulesets/post/requestBody/content/application~1json/schema" + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1orgs~1{org}~1rulesets/post/requestBody/content/application~1json/schema" } } } diff --git a/test/unit/lib/plugins/rulesets.test.js b/test/unit/lib/plugins/rulesets.test.js index f15abd63f..678e97779 100644 --- a/test/unit/lib/plugins/rulesets.test.js +++ b/test/unit/lib/plugins/rulesets.test.js @@ -3,7 +3,7 @@ const { when } = require('jest-when') const Rulesets = require('../../../../lib/plugins/rulesets') const version = { - 'X-GitHub-Api-Version': '2022-11-28' + 'X-GitHub-Api-Version': '2026-03-10' } const repo_conditions = { ref_name: { From 8450339bf5237b2e15e54d20a7f4b0634d293b4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Madis=20K=C3=B5osaar?= Date: Fri, 27 Mar 2026 15:58:19 +0200 Subject: [PATCH 5/7] Add JSON schemas for safe-settings configuration at repo, org, and suborg levels - Introduced `repos.json` schema for repository-level safe-settings overrides. - Updated `settings.json` schema to include additional properties for org-level configurations. - Created `suborgs.json` schema for suborg-level safe-settings configuration. - Enhanced the build script to dereference all schemas and handle errors during the process. --- lib/plugins/custom_properties.js | 20 +- schema/dereferenced/repos.json | 2742 ++++++++++++++++++++++++++++ schema/dereferenced/settings.json | 62 +- schema/dereferenced/suborgs.json | 2776 +++++++++++++++++++++++++++++ schema/repos.json | 324 ++++ schema/settings.json | 313 +++- schema/suborgs.json | 358 ++++ script/build-schema | 28 +- 8 files changed, 6511 insertions(+), 112 deletions(-) create mode 100644 schema/dereferenced/repos.json create mode 100644 schema/dereferenced/suborgs.json create mode 100644 schema/repos.json create mode 100644 schema/suborgs.json diff --git a/lib/plugins/custom_properties.js b/lib/plugins/custom_properties.js index 5d6ab6e5b..95b82501e 100644 --- a/lib/plugins/custom_properties.js +++ b/lib/plugins/custom_properties.js @@ -12,10 +12,12 @@ module.exports = class CustomProperties extends Diffable { // Force all names to lowercase to avoid comparison issues. normalizeEntries () { - this.entries = this.entries.map(({ name, value }) => ({ - name: name.toLowerCase(), - value - })) + this.entries = this.entries + .filter(({ name }) => name != null) + .map(({ name, value }) => ({ + name: name.toLowerCase(), + value + })) } async find () { @@ -38,10 +40,12 @@ module.exports = class CustomProperties extends Diffable { // Force all names to lowercase to avoid comparison issues. normalize (properties) { - return properties.map(({ property_name: propertyName, value }) => ({ - name: propertyName.toLowerCase(), - value - })) + return properties + .filter(({ property_name: propertyName }) => propertyName != null) + .map(({ property_name: propertyName, value }) => ({ + name: propertyName.toLowerCase(), + value + })) } comparator (existing, attrs) { diff --git a/schema/dereferenced/repos.json b/schema/dereferenced/repos.json new file mode 100644 index 000000000..355285e29 --- /dev/null +++ b/schema/dereferenced/repos.json @@ -0,0 +1,2742 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "title": "Safe-settings repo-level configuration", + "description": "Schema for .github/repos/{repo-name}.yml — repo-level safe-settings override configuration. Settings here are merged on top of org-level and suborg-level settings for the specific repository.", + "type": "object", + "properties": { + "repositories": { + "description": "Repository settings", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the repository." + }, + "description": { + "type": "string", + "description": "A short description of the repository." + }, + "homepage": { + "type": "string", + "description": "A URL with more information about the repository." + }, + "private": { + "type": "boolean", + "description": "Either `true` to make the repository private or `false` to make it public. Default: `false`. \n**Note**: You will get a `422` error if the organization restricts [changing repository visibility](https://docs.github.com/articles/repository-permission-levels-for-an-organization#changing-the-visibility-of-repositories) to organization owners and a non-owner tries to change the value of private.", + "default": false + }, + "visibility": { + "type": "string", + "description": "The visibility of the repository.", + "enum": [ + "public", + "private" + ] + }, + "security_and_analysis": { + "type": "object", + "description": "Specify which security and analysis features to enable or disable for the repository.\n\nTo use this parameter, you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository. For more information, see \"[Managing security managers in your organization](https://docs.github.com/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization).\"\n\nFor example, to enable GitHub Advanced Security, use this data in the body of the `PATCH` request:\n`{ \"security_and_analysis\": {\"advanced_security\": { \"status\": \"enabled\" } } }`.\n\nYou can check which security and analysis features are currently enabled by using a `GET /repos/{owner}/{repo}` request.", + "nullable": true, + "properties": { + "advanced_security": { + "type": "object", + "description": "Use the `status` property to enable or disable GitHub Advanced Security for this repository.\nFor more information, see \"[About GitHub Advanced\nSecurity](/github/getting-started-with-github/learning-about-github/about-github-advanced-security).\"\n\nFor standalone Code Scanning or Secret Protection products, this parameter cannot be used.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "code_security": { + "type": "object", + "description": "Use the `status` property to enable or disable GitHub Code Security for this repository.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning for this repository. For more information, see \"[About secret scanning](/code-security/secret-security/about-secret-scanning).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_push_protection": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning push protection for this repository. For more information, see \"[Protecting pushes with secret scanning](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_ai_detection": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning AI detection for this repository. For more information, see \"[Responsible detection of generic secrets with AI](https://docs.github.com/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/responsible-ai-generic-secrets).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_non_provider_patterns": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning non-provider patterns for this repository. For more information, see \"[Supported secret scanning patterns](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_delegated_alert_dismissal": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning delegated alert dismissal for this repository.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_delegated_bypass": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning delegated bypass for this repository.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_delegated_bypass_options": { + "type": "object", + "description": "Feature options for secret scanning delegated bypass.\nThis object is only honored when `security_and_analysis.secret_scanning_delegated_bypass.status` is set to `enabled`.\nYou can send this object in the same request as `secret_scanning_delegated_bypass`, or update just the options in a separate request.", + "properties": { + "reviewers": { + "type": "array", + "description": "The bypass reviewers for secret scanning delegated bypass.\nIf you omit this field, the existing set of reviewers is unchanged.", + "items": { + "type": "object", + "required": [ + "reviewer_id", + "reviewer_type" + ], + "properties": { + "reviewer_id": { + "type": "integer", + "description": "The ID of the team or role selected as a bypass reviewer" + }, + "reviewer_type": { + "type": "string", + "description": "The type of the bypass reviewer", + "enum": [ + "TEAM", + "ROLE" + ] + } + } + } + } + } + } + } + }, + "has_issues": { + "type": "boolean", + "description": "Either `true` to enable issues for this repository or `false` to disable them.", + "default": true + }, + "has_projects": { + "type": "boolean", + "description": "Either `true` to enable projects for this repository or `false` to disable them. **Note:** If you're creating a repository in an organization that has disabled repository projects, the default is `false`, and if you pass `true`, the API returns an error.", + "default": true + }, + "has_wiki": { + "type": "boolean", + "description": "Either `true` to enable the wiki for this repository or `false` to disable it.", + "default": true + }, + "is_template": { + "type": "boolean", + "description": "Either `true` to make this repo available as a template repository or `false` to prevent it.", + "default": false + }, + "default_branch": { + "type": "string", + "description": "Updates the default branch for this repository." + }, + "allow_squash_merge": { + "type": "boolean", + "description": "Either `true` to allow squash-merging pull requests, or `false` to prevent squash-merging.", + "default": true + }, + "allow_merge_commit": { + "type": "boolean", + "description": "Either `true` to allow merging pull requests with a merge commit, or `false` to prevent merging pull requests with merge commits.", + "default": true + }, + "allow_rebase_merge": { + "type": "boolean", + "description": "Either `true` to allow rebase-merging pull requests, or `false` to prevent rebase-merging.", + "default": true + }, + "allow_auto_merge": { + "type": "boolean", + "description": "Either `true` to allow auto-merge on pull requests, or `false` to disallow auto-merge.", + "default": false + }, + "delete_branch_on_merge": { + "type": "boolean", + "description": "Either `true` to allow automatically deleting head branches when pull requests are merged, or `false` to prevent automatic deletion.", + "default": false + }, + "allow_update_branch": { + "type": "boolean", + "description": "Either `true` to always allow a pull request head branch that is behind its base branch to be updated even if it is not required to be up to date before merging, or false otherwise.", + "default": false + }, + "use_squash_pr_title_as_default": { + "type": "boolean", + "description": "Either `true` to allow squash-merge commits to use pull request title, or `false` to use commit message. **This property is closing down. Please use `squash_merge_commit_title` instead.", + "default": false, + "deprecated": true + }, + "squash_merge_commit_title": { + "type": "string", + "enum": [ + "PR_TITLE", + "COMMIT_OR_PR_TITLE" + ], + "description": "Required when using `squash_merge_commit_message`.\n\nThe default value for a squash merge commit title:\n\n- `PR_TITLE` - default to the pull request's title.\n- `COMMIT_OR_PR_TITLE` - default to the commit's title (if only one commit) or the pull request's title (when more than one commit)." + }, + "squash_merge_commit_message": { + "type": "string", + "enum": [ + "PR_BODY", + "COMMIT_MESSAGES", + "BLANK" + ], + "description": "The default value for a squash merge commit message:\n\n- `PR_BODY` - default to the pull request's body.\n- `COMMIT_MESSAGES` - default to the branch's commit messages.\n- `BLANK` - default to a blank commit message." + }, + "merge_commit_title": { + "type": "string", + "enum": [ + "PR_TITLE", + "MERGE_MESSAGE" + ], + "description": "Required when using `merge_commit_message`.\n\nThe default value for a merge commit title.\n\n- `PR_TITLE` - default to the pull request's title.\n- `MERGE_MESSAGE` - default to the classic title for a merge message (e.g., Merge pull request #123 from branch-name)." + }, + "merge_commit_message": { + "type": "string", + "enum": [ + "PR_BODY", + "PR_TITLE", + "BLANK" + ], + "description": "The default value for a merge commit message.\n\n- `PR_TITLE` - default to the pull request's title.\n- `PR_BODY` - default to the pull request's body.\n- `BLANK` - default to a blank commit message." + }, + "archived": { + "type": "boolean", + "description": "Whether to archive this repository. `false` will unarchive a previously archived repository.", + "default": false + }, + "allow_forking": { + "type": "boolean", + "description": "Either `true` to allow private forks, or `false` to prevent private forks.", + "default": false + }, + "web_commit_signoff_required": { + "type": "boolean", + "description": "Either `true` to require contributors to sign off on web-based commits, or `false` to not require contributors to sign off on web-based commits.", + "default": false + } + } + }, + { + "type": "object", + "properties": { + "auto_init": { + "description": "Create an initial commit with empty README. Keep this set to true in most cases since many of the policies below cannot be implemented on bare repos", + "type": "boolean" + }, + "gitignore_template": { + "description": "Desired language or platform [.gitignore template](https://github.com/github/gitignore) to apply. Use the name of the template without the extension. For example, 'Haskell'.", + "type": "string" + }, + "license_template": { + "description": "Choose an [open source license template](https://choosealicense.com/) that best suits your needs, and then use the [license keyword](https://help.github.com/articles/licensing-a-repository/#searching-github-by-license-type) as the `license_template` string. For example, 'mit' or 'mpl-2.0'.", + "type": "string" + }, + "topics": { + "description": "A list of topics to set on the repository", + "type": "array", + "items": { + "type": "string" + } + }, + "security": { + "description": "Settings for Code security and analysis", + "type": "object", + "properties": { + "enableVulnerabilityAlerts": { + "type": "boolean" + }, + "enableAutomatedSecurityFixes": { + "type": "boolean" + } + } + }, + "force_create": { + "description": "If true, create the repository if it does not already exist.", + "type": "boolean" + }, + "template": { + "description": "Name of a template repository to use when creating a new repository.", + "type": "string" + } + } + } + ] + }, + "labels": { + "description": "Labels: define labels for Issues and Pull Requests", + "type": "object", + "properties": { + "include": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "color": { + "description": "The hexadecimal color code for the label. If including a `#`, make sure to wrap it with quotes!", + "type": "string" + }, + "description": { + "type": "string" + }, + "oldname": { + "description": "Include the old name to rename an existing label", + "type": "string" + } + } + } + }, + "exclude": { + "description": "Ignore any labels matching these regexes (don't delete them)", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "collaborators": { + "description": "Collaborators: give specific users access to any repository.", + "type": "array", + "items": { + "description": "A collaborator entry giving a specific user access to a repository.", + "allOf": [ + { + "type": "object", + "properties": { + "permission": { + "type": "string", + "description": "The permission to grant the collaborator. **Only valid on organization-owned repositories.** We accept the following permissions to be set: `pull`, `triage`, `push`, `maintain`, `admin` and you can also specify a custom repository role name, if the owning organization has defined any.", + "default": "push" + } + } + }, + { + "type": "object", + "properties": { + "username": { + "type": "string" + }, + "exclude": { + "description": "You can exclude a list of repos for this collaborator and all repos except these repos would have this collaborator", + "type": "array", + "items": { + "type": "string" + } + }, + "include": { + "description": "You can include a list of repos for this collaborator and only those repos would have this collaborator", + "type": "array", + "items": { + "type": "string" + } + } + } + } + ] + } + }, + "teams": { + "description": "Teams", + "type": "array", + "items": { + "description": "A team entry", + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the team." + }, + "description": { + "type": "string", + "description": "The description of the team." + }, + "maintainers": { + "type": "array", + "description": "List GitHub usernames for organization members who will become team maintainers.", + "items": { + "type": "string" + } + }, + "repo_names": { + "type": "array", + "description": "The full name (e.g., \"organization-name/repository-name\") of repositories to add the team to.", + "items": { + "type": "string" + } + }, + "privacy": { + "type": "string", + "description": "The level of privacy this team should have. The options are: \n**For a non-nested team:** \n * `secret` - only visible to organization owners and members of this team. \n * `closed` - visible to all members of this organization. \nDefault: `secret` \n**For a parent or child team:** \n * `closed` - visible to all members of this organization. \nDefault for child team: `closed`", + "enum": [ + "secret", + "closed" + ] + }, + "notification_setting": { + "type": "string", + "description": "The notification setting the team has chosen. The options are: \n * `notifications_enabled` - team members receive notifications when the team is @mentioned. \n * `notifications_disabled` - no one receives notifications. \nDefault: `notifications_enabled`", + "enum": [ + "notifications_enabled", + "notifications_disabled" + ] + }, + "parent_team_id": { + "type": "integer", + "description": "The ID of a team to set as the parent team." + } + }, + "required": [ + "name" + ] + } + }, + "milestones": { + "description": "Milestones: define milestones for Issues and Pull Requests", + "type": "array", + "items": { + "description": "A milestone entry", + "type": "object", + "properties": { + "title": { + "type": "string" + }, + "description": { + "type": "string" + }, + "state": { + "description": "The state of the milestone. Either `open` or `closed`", + "type": "string" + } + } + } + }, + "branches": { + "description": "Branch protection rules", + "type": "array", + "items": { + "description": "A branch protection rule entry", + "type": "object", + "properties": { + "name": { + "description": "If the name of the branch value is specified as `default`, then the app will create a branch protection rule to apply against the default branch in the repo", + "type": "string" + }, + "protection": { + "type": "object", + "properties": { + "required_status_checks": { + "type": "object", + "description": "Require status checks to pass before merging. Set to `null` to disable.", + "nullable": true, + "properties": { + "strict": { + "type": "boolean", + "description": "Require branches to be up to date before merging." + }, + "contexts": { + "type": "array", + "deprecated": true, + "description": "**Closing down notice**: The list of status checks to require in order to merge into this branch. If any of these checks have recently been set by a particular GitHub App, they will be required to come from that app in future for the branch to merge. Use `checks` instead of `contexts` for more fine-grained control.", + "items": { + "type": "string" + } + }, + "checks": { + "type": "array", + "description": "The list of status checks to require in order to merge into this branch.", + "items": { + "type": "object", + "required": [ + "context" + ], + "properties": { + "context": { + "type": "string", + "description": "The name of the required check" + }, + "app_id": { + "type": "integer", + "description": "The ID of the GitHub App that must provide this check. Omit this field to automatically select the GitHub App that has recently provided this check, or any app if it was not set by a GitHub App. Pass -1 to explicitly allow any app to set the status." + } + } + } + } + }, + "required": [ + "strict", + "contexts" + ] + }, + "enforce_admins": { + "type": "boolean", + "description": "Enforce all configured restrictions for administrators. Set to `true` to enforce required status checks for repository administrators. Set to `null` to disable.", + "nullable": true + }, + "required_pull_request_reviews": { + "type": "object", + "description": "Require at least one approving review on a pull request, before merging. Set to `null` to disable.", + "nullable": true, + "properties": { + "dismissal_restrictions": { + "type": "object", + "description": "Specify which users, teams, and apps can dismiss pull request reviews. Pass an empty `dismissal_restrictions` object to disable. User and team `dismissal_restrictions` are only available for organization-owned repositories. Omit this parameter for personal repositories.", + "properties": { + "users": { + "type": "array", + "description": "The list of user `login`s with dismissal access", + "items": { + "type": "string" + } + }, + "teams": { + "type": "array", + "description": "The list of team `slug`s with dismissal access", + "items": { + "type": "string" + } + }, + "apps": { + "type": "array", + "description": "The list of app `slug`s with dismissal access", + "items": { + "type": "string" + } + } + } + }, + "dismiss_stale_reviews": { + "type": "boolean", + "description": "Set to `true` if you want to automatically dismiss approving reviews when someone pushes a new commit." + }, + "require_code_owner_reviews": { + "type": "boolean", + "description": "Blocks merging pull requests until [code owners](https://docs.github.com/articles/about-code-owners/) review them." + }, + "required_approving_review_count": { + "type": "integer", + "description": "Specify the number of reviewers required to approve pull requests. Use a number between 1 and 6 or 0 to not require reviewers." + }, + "require_last_push_approval": { + "type": "boolean", + "description": "Whether the most recent push must be approved by someone other than the person who pushed it. Default: `false`.", + "default": false + }, + "bypass_pull_request_allowances": { + "type": "object", + "description": "Allow specific users, teams, or apps to bypass pull request requirements.", + "properties": { + "users": { + "type": "array", + "description": "The list of user `login`s allowed to bypass pull request requirements.", + "items": { + "type": "string" + } + }, + "teams": { + "type": "array", + "description": "The list of team `slug`s allowed to bypass pull request requirements.", + "items": { + "type": "string" + } + }, + "apps": { + "type": "array", + "description": "The list of app `slug`s allowed to bypass pull request requirements.", + "items": { + "type": "string" + } + } + } + } + } + }, + "restrictions": { + "type": "object", + "description": "Restrict who can push to the protected branch. User, app, and team `restrictions` are only available for organization-owned repositories. Set to `null` to disable.", + "nullable": true, + "properties": { + "users": { + "type": "array", + "description": "The list of user `login`s with push access", + "items": { + "type": "string" + } + }, + "teams": { + "type": "array", + "description": "The list of team `slug`s with push access", + "items": { + "type": "string" + } + }, + "apps": { + "type": "array", + "description": "The list of app `slug`s with push access", + "items": { + "type": "string" + } + } + }, + "required": [ + "users", + "teams" + ] + }, + "required_linear_history": { + "type": "boolean", + "description": "Enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch. Set to `true` to enforce a linear commit history. Set to `false` to disable a linear commit Git history. Your repository must allow squash merging or rebase merging before you can enable a linear commit history. Default: `false`. For more information, see \"[Requiring a linear commit history](https://docs.github.com/github/administering-a-repository/requiring-a-linear-commit-history)\" in the GitHub Help documentation." + }, + "allow_force_pushes": { + "type": "boolean", + "description": "Permits force pushes to the protected branch by anyone with write access to the repository. Set to `true` to allow force pushes. Set to `false` or `null` to block force pushes. Default: `false`. For more information, see \"[Enabling force pushes to a protected branch](https://docs.github.com/github/administering-a-repository/enabling-force-pushes-to-a-protected-branch)\" in the GitHub Help documentation.\"", + "nullable": true + }, + "allow_deletions": { + "type": "boolean", + "description": "Allows deletion of the protected branch by anyone with write access to the repository. Set to `false` to prevent deletion of the protected branch. Default: `false`. For more information, see \"[Enabling force pushes to a protected branch](https://docs.github.com/github/administering-a-repository/enabling-force-pushes-to-a-protected-branch)\" in the GitHub Help documentation." + }, + "block_creations": { + "type": "boolean", + "description": "If set to `true`, the `restrictions` branch protection settings which limits who can push will also block pushes which create new branches, unless the push is initiated by a user, team, or app which has the ability to push. Set to `true` to restrict new branch creation. Default: `false`." + }, + "required_conversation_resolution": { + "type": "boolean", + "description": "Requires all conversations on code to be resolved before a pull request can be merged into a branch that matches this rule. Set to `false` to disable. Default: `false`." + }, + "lock_branch": { + "type": "boolean", + "description": "Whether to set the branch as read-only. If this is true, users will not be able to push to the branch. Default: `false`.", + "default": false + }, + "allow_fork_syncing": { + "type": "boolean", + "description": "Whether users can pull changes from upstream when the branch is locked. Set to `true` to allow fork syncing. Set to `false` to prevent fork syncing. Default: `false`.", + "default": false + } + }, + "required": [ + "required_status_checks", + "enforce_admins", + "required_pull_request_reviews", + "restrictions" + ] + } + } + } + }, + "autolinks": { + "description": "Autolinks", + "type": "array", + "items": { + "description": "An autolink reference entry", + "type": "object", + "properties": { + "key_prefix": { + "type": "string", + "description": "This prefix appended by certain characters will generate a link any time it is found in an issue, pull request, or commit." + }, + "url_template": { + "type": "string", + "description": "The URL must contain `` for the reference number. `` matches different characters depending on the value of `is_alphanumeric`." + }, + "is_alphanumeric": { + "type": "boolean", + "default": true, + "description": "Whether this autolink reference matches alphanumeric characters. If true, the `` parameter of the `url_template` matches alphanumeric characters `A-Z` (case insensitive), `0-9`, and `-`. If false, this autolink reference only matches numeric characters." + } + }, + "required": [ + "key_prefix", + "url_template" + ] + } + }, + "validator": { + "description": "Repository name validation", + "type": "object", + "properties": { + "pattern": { + "type": "string" + } + } + }, + "environments": { + "description": "Deployment environments", + "type": "array", + "items": { + "description": "A deployment environment configuration entry", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "The name of the deployment environment", + "type": "string" + }, + "wait_timer": { + "description": "The amount of time to delay a job after the job is initially triggered (in minutes)", + "type": "integer" + }, + "reviewers": { + "description": "The people or teams that may review jobs that reference the environment", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of reviewer (`User` or `Team`)", + "type": "string" + }, + "id": { + "description": "The id of the user or team who can review the deployment", + "type": "integer" + } + } + } + }, + "deployment_branch_policy": { + "description": "The type of deployment branch policy for this environment", + "type": "object", + "properties": { + "protected_branches": { + "description": "Whether only protected branches can be deployed to this environment", + "type": "boolean" + }, + "custom_branch_policies": { + "description": "Whether only branches that match the specified name patterns can deploy to this environment", + "type": "boolean" + } + } + }, + "prevent_self_review": { + "description": "Whether or not a user who created the job is prevented from approving their own job", + "type": "boolean" + } + } + } + }, + "custom_properties": { + "description": "Custom properties", + "type": "array", + "items": { + "description": "A custom property entry", + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "variables": { + "description": "Repository or org-level Actions variables", + "type": "array", + "items": { + "description": "An Actions variable entry", + "type": "object", + "required": [ + "name", + "value" + ], + "properties": { + "name": { + "description": "The name of the variable", + "type": "string" + }, + "value": { + "description": "The value of the variable", + "type": "string" + }, + "visibility": { + "description": "The visibility of the variable. Can be `all`, `private`, or `selected`", + "type": "string", + "enum": [ + "all", + "private", + "selected" + ] + } + } + } + } + }, + "$defs": { + "RepositorySettings": { + "description": "Repository settings", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the repository." + }, + "description": { + "type": "string", + "description": "A short description of the repository." + }, + "homepage": { + "type": "string", + "description": "A URL with more information about the repository." + }, + "private": { + "type": "boolean", + "description": "Either `true` to make the repository private or `false` to make it public. Default: `false`. \n**Note**: You will get a `422` error if the organization restricts [changing repository visibility](https://docs.github.com/articles/repository-permission-levels-for-an-organization#changing-the-visibility-of-repositories) to organization owners and a non-owner tries to change the value of private.", + "default": false + }, + "visibility": { + "type": "string", + "description": "The visibility of the repository.", + "enum": [ + "public", + "private" + ] + }, + "security_and_analysis": { + "type": "object", + "description": "Specify which security and analysis features to enable or disable for the repository.\n\nTo use this parameter, you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository. For more information, see \"[Managing security managers in your organization](https://docs.github.com/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization).\"\n\nFor example, to enable GitHub Advanced Security, use this data in the body of the `PATCH` request:\n`{ \"security_and_analysis\": {\"advanced_security\": { \"status\": \"enabled\" } } }`.\n\nYou can check which security and analysis features are currently enabled by using a `GET /repos/{owner}/{repo}` request.", + "nullable": true, + "properties": { + "advanced_security": { + "type": "object", + "description": "Use the `status` property to enable or disable GitHub Advanced Security for this repository.\nFor more information, see \"[About GitHub Advanced\nSecurity](/github/getting-started-with-github/learning-about-github/about-github-advanced-security).\"\n\nFor standalone Code Scanning or Secret Protection products, this parameter cannot be used.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "code_security": { + "type": "object", + "description": "Use the `status` property to enable or disable GitHub Code Security for this repository.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning for this repository. For more information, see \"[About secret scanning](/code-security/secret-security/about-secret-scanning).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_push_protection": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning push protection for this repository. For more information, see \"[Protecting pushes with secret scanning](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_ai_detection": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning AI detection for this repository. For more information, see \"[Responsible detection of generic secrets with AI](https://docs.github.com/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/responsible-ai-generic-secrets).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_non_provider_patterns": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning non-provider patterns for this repository. For more information, see \"[Supported secret scanning patterns](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_delegated_alert_dismissal": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning delegated alert dismissal for this repository.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_delegated_bypass": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning delegated bypass for this repository.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_delegated_bypass_options": { + "type": "object", + "description": "Feature options for secret scanning delegated bypass.\nThis object is only honored when `security_and_analysis.secret_scanning_delegated_bypass.status` is set to `enabled`.\nYou can send this object in the same request as `secret_scanning_delegated_bypass`, or update just the options in a separate request.", + "properties": { + "reviewers": { + "type": "array", + "description": "The bypass reviewers for secret scanning delegated bypass.\nIf you omit this field, the existing set of reviewers is unchanged.", + "items": { + "type": "object", + "required": [ + "reviewer_id", + "reviewer_type" + ], + "properties": { + "reviewer_id": { + "type": "integer", + "description": "The ID of the team or role selected as a bypass reviewer" + }, + "reviewer_type": { + "type": "string", + "description": "The type of the bypass reviewer", + "enum": [ + "TEAM", + "ROLE" + ] + } + } + } + } + } + } + } + }, + "has_issues": { + "type": "boolean", + "description": "Either `true` to enable issues for this repository or `false` to disable them.", + "default": true + }, + "has_projects": { + "type": "boolean", + "description": "Either `true` to enable projects for this repository or `false` to disable them. **Note:** If you're creating a repository in an organization that has disabled repository projects, the default is `false`, and if you pass `true`, the API returns an error.", + "default": true + }, + "has_wiki": { + "type": "boolean", + "description": "Either `true` to enable the wiki for this repository or `false` to disable it.", + "default": true + }, + "is_template": { + "type": "boolean", + "description": "Either `true` to make this repo available as a template repository or `false` to prevent it.", + "default": false + }, + "default_branch": { + "type": "string", + "description": "Updates the default branch for this repository." + }, + "allow_squash_merge": { + "type": "boolean", + "description": "Either `true` to allow squash-merging pull requests, or `false` to prevent squash-merging.", + "default": true + }, + "allow_merge_commit": { + "type": "boolean", + "description": "Either `true` to allow merging pull requests with a merge commit, or `false` to prevent merging pull requests with merge commits.", + "default": true + }, + "allow_rebase_merge": { + "type": "boolean", + "description": "Either `true` to allow rebase-merging pull requests, or `false` to prevent rebase-merging.", + "default": true + }, + "allow_auto_merge": { + "type": "boolean", + "description": "Either `true` to allow auto-merge on pull requests, or `false` to disallow auto-merge.", + "default": false + }, + "delete_branch_on_merge": { + "type": "boolean", + "description": "Either `true` to allow automatically deleting head branches when pull requests are merged, or `false` to prevent automatic deletion.", + "default": false + }, + "allow_update_branch": { + "type": "boolean", + "description": "Either `true` to always allow a pull request head branch that is behind its base branch to be updated even if it is not required to be up to date before merging, or false otherwise.", + "default": false + }, + "use_squash_pr_title_as_default": { + "type": "boolean", + "description": "Either `true` to allow squash-merge commits to use pull request title, or `false` to use commit message. **This property is closing down. Please use `squash_merge_commit_title` instead.", + "default": false, + "deprecated": true + }, + "squash_merge_commit_title": { + "type": "string", + "enum": [ + "PR_TITLE", + "COMMIT_OR_PR_TITLE" + ], + "description": "Required when using `squash_merge_commit_message`.\n\nThe default value for a squash merge commit title:\n\n- `PR_TITLE` - default to the pull request's title.\n- `COMMIT_OR_PR_TITLE` - default to the commit's title (if only one commit) or the pull request's title (when more than one commit)." + }, + "squash_merge_commit_message": { + "type": "string", + "enum": [ + "PR_BODY", + "COMMIT_MESSAGES", + "BLANK" + ], + "description": "The default value for a squash merge commit message:\n\n- `PR_BODY` - default to the pull request's body.\n- `COMMIT_MESSAGES` - default to the branch's commit messages.\n- `BLANK` - default to a blank commit message." + }, + "merge_commit_title": { + "type": "string", + "enum": [ + "PR_TITLE", + "MERGE_MESSAGE" + ], + "description": "Required when using `merge_commit_message`.\n\nThe default value for a merge commit title.\n\n- `PR_TITLE` - default to the pull request's title.\n- `MERGE_MESSAGE` - default to the classic title for a merge message (e.g., Merge pull request #123 from branch-name)." + }, + "merge_commit_message": { + "type": "string", + "enum": [ + "PR_BODY", + "PR_TITLE", + "BLANK" + ], + "description": "The default value for a merge commit message.\n\n- `PR_TITLE` - default to the pull request's title.\n- `PR_BODY` - default to the pull request's body.\n- `BLANK` - default to a blank commit message." + }, + "archived": { + "type": "boolean", + "description": "Whether to archive this repository. `false` will unarchive a previously archived repository.", + "default": false + }, + "allow_forking": { + "type": "boolean", + "description": "Either `true` to allow private forks, or `false` to prevent private forks.", + "default": false + }, + "web_commit_signoff_required": { + "type": "boolean", + "description": "Either `true` to require contributors to sign off on web-based commits, or `false` to not require contributors to sign off on web-based commits.", + "default": false + } + } + }, + { + "type": "object", + "properties": { + "auto_init": { + "description": "Create an initial commit with empty README. Keep this set to true in most cases since many of the policies below cannot be implemented on bare repos", + "type": "boolean" + }, + "gitignore_template": { + "description": "Desired language or platform [.gitignore template](https://github.com/github/gitignore) to apply. Use the name of the template without the extension. For example, 'Haskell'.", + "type": "string" + }, + "license_template": { + "description": "Choose an [open source license template](https://choosealicense.com/) that best suits your needs, and then use the [license keyword](https://help.github.com/articles/licensing-a-repository/#searching-github-by-license-type) as the `license_template` string. For example, 'mit' or 'mpl-2.0'.", + "type": "string" + }, + "topics": { + "description": "A list of topics to set on the repository", + "type": "array", + "items": { + "type": "string" + } + }, + "security": { + "description": "Settings for Code security and analysis", + "type": "object", + "properties": { + "enableVulnerabilityAlerts": { + "type": "boolean" + }, + "enableAutomatedSecurityFixes": { + "type": "boolean" + } + } + }, + "force_create": { + "description": "If true, create the repository if it does not already exist.", + "type": "boolean" + }, + "template": { + "description": "Name of a template repository to use when creating a new repository.", + "type": "string" + } + } + } + ] + }, + "LabelSettings": { + "description": "Labels: define labels for Issues and Pull Requests", + "type": "object", + "properties": { + "include": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "color": { + "description": "The hexadecimal color code for the label. If including a `#`, make sure to wrap it with quotes!", + "type": "string" + }, + "description": { + "type": "string" + }, + "oldname": { + "description": "Include the old name to rename an existing label", + "type": "string" + } + } + } + }, + "exclude": { + "description": "Ignore any labels matching these regexes (don't delete them)", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "CollaboratorSettings": { + "description": "A collaborator entry giving a specific user access to a repository.", + "allOf": [ + { + "type": "object", + "properties": { + "permission": { + "type": "string", + "description": "The permission to grant the collaborator. **Only valid on organization-owned repositories.** We accept the following permissions to be set: `pull`, `triage`, `push`, `maintain`, `admin` and you can also specify a custom repository role name, if the owning organization has defined any.", + "default": "push" + } + } + }, + { + "type": "object", + "properties": { + "username": { + "type": "string" + }, + "exclude": { + "description": "You can exclude a list of repos for this collaborator and all repos except these repos would have this collaborator", + "type": "array", + "items": { + "type": "string" + } + }, + "include": { + "description": "You can include a list of repos for this collaborator and only those repos would have this collaborator", + "type": "array", + "items": { + "type": "string" + } + } + } + } + ] + }, + "TeamSettings": { + "description": "A team entry", + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the team." + }, + "description": { + "type": "string", + "description": "The description of the team." + }, + "maintainers": { + "type": "array", + "description": "List GitHub usernames for organization members who will become team maintainers.", + "items": { + "type": "string" + } + }, + "repo_names": { + "type": "array", + "description": "The full name (e.g., \"organization-name/repository-name\") of repositories to add the team to.", + "items": { + "type": "string" + } + }, + "privacy": { + "type": "string", + "description": "The level of privacy this team should have. The options are: \n**For a non-nested team:** \n * `secret` - only visible to organization owners and members of this team. \n * `closed` - visible to all members of this organization. \nDefault: `secret` \n**For a parent or child team:** \n * `closed` - visible to all members of this organization. \nDefault for child team: `closed`", + "enum": [ + "secret", + "closed" + ] + }, + "notification_setting": { + "type": "string", + "description": "The notification setting the team has chosen. The options are: \n * `notifications_enabled` - team members receive notifications when the team is @mentioned. \n * `notifications_disabled` - no one receives notifications. \nDefault: `notifications_enabled`", + "enum": [ + "notifications_enabled", + "notifications_disabled" + ] + }, + "parent_team_id": { + "type": "integer", + "description": "The ID of a team to set as the parent team." + } + }, + "required": [ + "name" + ] + }, + "MilestoneSettings": { + "description": "A milestone entry", + "type": "object", + "properties": { + "title": { + "type": "string" + }, + "description": { + "type": "string" + }, + "state": { + "description": "The state of the milestone. Either `open` or `closed`", + "type": "string" + } + } + }, + "BranchSettings": { + "description": "A branch protection rule entry", + "type": "object", + "properties": { + "name": { + "description": "If the name of the branch value is specified as `default`, then the app will create a branch protection rule to apply against the default branch in the repo", + "type": "string" + }, + "protection": { + "type": "object", + "properties": { + "required_status_checks": { + "type": "object", + "description": "Require status checks to pass before merging. Set to `null` to disable.", + "nullable": true, + "properties": { + "strict": { + "type": "boolean", + "description": "Require branches to be up to date before merging." + }, + "contexts": { + "type": "array", + "deprecated": true, + "description": "**Closing down notice**: The list of status checks to require in order to merge into this branch. If any of these checks have recently been set by a particular GitHub App, they will be required to come from that app in future for the branch to merge. Use `checks` instead of `contexts` for more fine-grained control.", + "items": { + "type": "string" + } + }, + "checks": { + "type": "array", + "description": "The list of status checks to require in order to merge into this branch.", + "items": { + "type": "object", + "required": [ + "context" + ], + "properties": { + "context": { + "type": "string", + "description": "The name of the required check" + }, + "app_id": { + "type": "integer", + "description": "The ID of the GitHub App that must provide this check. Omit this field to automatically select the GitHub App that has recently provided this check, or any app if it was not set by a GitHub App. Pass -1 to explicitly allow any app to set the status." + } + } + } + } + }, + "required": [ + "strict", + "contexts" + ] + }, + "enforce_admins": { + "type": "boolean", + "description": "Enforce all configured restrictions for administrators. Set to `true` to enforce required status checks for repository administrators. Set to `null` to disable.", + "nullable": true + }, + "required_pull_request_reviews": { + "type": "object", + "description": "Require at least one approving review on a pull request, before merging. Set to `null` to disable.", + "nullable": true, + "properties": { + "dismissal_restrictions": { + "type": "object", + "description": "Specify which users, teams, and apps can dismiss pull request reviews. Pass an empty `dismissal_restrictions` object to disable. User and team `dismissal_restrictions` are only available for organization-owned repositories. Omit this parameter for personal repositories.", + "properties": { + "users": { + "type": "array", + "description": "The list of user `login`s with dismissal access", + "items": { + "type": "string" + } + }, + "teams": { + "type": "array", + "description": "The list of team `slug`s with dismissal access", + "items": { + "type": "string" + } + }, + "apps": { + "type": "array", + "description": "The list of app `slug`s with dismissal access", + "items": { + "type": "string" + } + } + } + }, + "dismiss_stale_reviews": { + "type": "boolean", + "description": "Set to `true` if you want to automatically dismiss approving reviews when someone pushes a new commit." + }, + "require_code_owner_reviews": { + "type": "boolean", + "description": "Blocks merging pull requests until [code owners](https://docs.github.com/articles/about-code-owners/) review them." + }, + "required_approving_review_count": { + "type": "integer", + "description": "Specify the number of reviewers required to approve pull requests. Use a number between 1 and 6 or 0 to not require reviewers." + }, + "require_last_push_approval": { + "type": "boolean", + "description": "Whether the most recent push must be approved by someone other than the person who pushed it. Default: `false`.", + "default": false + }, + "bypass_pull_request_allowances": { + "type": "object", + "description": "Allow specific users, teams, or apps to bypass pull request requirements.", + "properties": { + "users": { + "type": "array", + "description": "The list of user `login`s allowed to bypass pull request requirements.", + "items": { + "type": "string" + } + }, + "teams": { + "type": "array", + "description": "The list of team `slug`s allowed to bypass pull request requirements.", + "items": { + "type": "string" + } + }, + "apps": { + "type": "array", + "description": "The list of app `slug`s allowed to bypass pull request requirements.", + "items": { + "type": "string" + } + } + } + } + } + }, + "restrictions": { + "type": "object", + "description": "Restrict who can push to the protected branch. User, app, and team `restrictions` are only available for organization-owned repositories. Set to `null` to disable.", + "nullable": true, + "properties": { + "users": { + "type": "array", + "description": "The list of user `login`s with push access", + "items": { + "type": "string" + } + }, + "teams": { + "type": "array", + "description": "The list of team `slug`s with push access", + "items": { + "type": "string" + } + }, + "apps": { + "type": "array", + "description": "The list of app `slug`s with push access", + "items": { + "type": "string" + } + } + }, + "required": [ + "users", + "teams" + ] + }, + "required_linear_history": { + "type": "boolean", + "description": "Enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch. Set to `true` to enforce a linear commit history. Set to `false` to disable a linear commit Git history. Your repository must allow squash merging or rebase merging before you can enable a linear commit history. Default: `false`. For more information, see \"[Requiring a linear commit history](https://docs.github.com/github/administering-a-repository/requiring-a-linear-commit-history)\" in the GitHub Help documentation." + }, + "allow_force_pushes": { + "type": "boolean", + "description": "Permits force pushes to the protected branch by anyone with write access to the repository. Set to `true` to allow force pushes. Set to `false` or `null` to block force pushes. Default: `false`. For more information, see \"[Enabling force pushes to a protected branch](https://docs.github.com/github/administering-a-repository/enabling-force-pushes-to-a-protected-branch)\" in the GitHub Help documentation.\"", + "nullable": true + }, + "allow_deletions": { + "type": "boolean", + "description": "Allows deletion of the protected branch by anyone with write access to the repository. Set to `false` to prevent deletion of the protected branch. Default: `false`. For more information, see \"[Enabling force pushes to a protected branch](https://docs.github.com/github/administering-a-repository/enabling-force-pushes-to-a-protected-branch)\" in the GitHub Help documentation." + }, + "block_creations": { + "type": "boolean", + "description": "If set to `true`, the `restrictions` branch protection settings which limits who can push will also block pushes which create new branches, unless the push is initiated by a user, team, or app which has the ability to push. Set to `true` to restrict new branch creation. Default: `false`." + }, + "required_conversation_resolution": { + "type": "boolean", + "description": "Requires all conversations on code to be resolved before a pull request can be merged into a branch that matches this rule. Set to `false` to disable. Default: `false`." + }, + "lock_branch": { + "type": "boolean", + "description": "Whether to set the branch as read-only. If this is true, users will not be able to push to the branch. Default: `false`.", + "default": false + }, + "allow_fork_syncing": { + "type": "boolean", + "description": "Whether users can pull changes from upstream when the branch is locked. Set to `true` to allow fork syncing. Set to `false` to prevent fork syncing. Default: `false`.", + "default": false + } + }, + "required": [ + "required_status_checks", + "enforce_admins", + "required_pull_request_reviews", + "restrictions" + ] + } + } + }, + "AutolinkSettings": { + "description": "An autolink reference entry", + "type": "object", + "properties": { + "key_prefix": { + "type": "string", + "description": "This prefix appended by certain characters will generate a link any time it is found in an issue, pull request, or commit." + }, + "url_template": { + "type": "string", + "description": "The URL must contain `` for the reference number. `` matches different characters depending on the value of `is_alphanumeric`." + }, + "is_alphanumeric": { + "type": "boolean", + "default": true, + "description": "Whether this autolink reference matches alphanumeric characters. If true, the `` parameter of the `url_template` matches alphanumeric characters `A-Z` (case insensitive), `0-9`, and `-`. If false, this autolink reference only matches numeric characters." + } + }, + "required": [ + "key_prefix", + "url_template" + ] + }, + "ValidatorSettings": { + "description": "Repository name validation", + "type": "object", + "properties": { + "pattern": { + "type": "string" + } + } + }, + "RulesetSettings": { + "description": "A ruleset entry", + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the ruleset." + }, + "target": { + "type": "string", + "description": "The target of the ruleset", + "enum": [ + "branch", + "tag", + "push", + "repository" + ], + "default": "branch" + }, + "enforcement": { + "type": "string", + "description": "The enforcement level of the ruleset. `evaluate` allows admins to test rules before enforcing them. Admins can view insights on the Rule Insights page (`evaluate` is only available with GitHub Enterprise).", + "enum": [ + "disabled", + "active", + "evaluate" + ] + }, + "bypass_actors": { + "type": "array", + "description": "The actors that can bypass the rules in this ruleset", + "items": { + "title": "Repository Ruleset Bypass Actor", + "type": "object", + "description": "An actor that can bypass rules in a ruleset", + "required": [ + "actor_type" + ], + "properties": { + "actor_id": { + "type": "integer", + "nullable": true, + "description": "The ID of the actor that can bypass a ruleset. Required for `Integration`, `RepositoryRole`, and `Team` actor types. If `actor_type` is `OrganizationAdmin`, `actor_id` is ignored. If `actor_type` is `DeployKey`, this should be null. `OrganizationAdmin` is not applicable for personal repositories." + }, + "actor_type": { + "type": "string", + "enum": [ + "Integration", + "OrganizationAdmin", + "RepositoryRole", + "Team", + "DeployKey" + ], + "description": "The type of actor that can bypass a ruleset." + }, + "bypass_mode": { + "type": "string", + "description": "When the specified actor can bypass the ruleset. `pull_request` means that an actor can only bypass rules on pull requests. `pull_request` is not applicable for the `DeployKey` actor type. Also, `pull_request` is only applicable to branch rulesets. When `bypass_mode` is `exempt`, rules will not be run for that actor and a bypass audit entry will not be created.", + "enum": [ + "always", + "pull_request", + "exempt" + ], + "default": "always" + } + } + } + }, + "conditions": { + "title": "Organization ruleset conditions", + "type": "object", + "description": "Conditions for an organization ruleset.\nThe branch and tag rulesets conditions object should contain both `repository_name` and `ref_name` properties, or both `repository_id` and `ref_name` properties, or both `repository_property` and `ref_name` properties.\nThe push rulesets conditions object does not require the `ref_name` property.\nFor repository policy rulesets, the conditions object should only contain the `repository_name`, the `repository_id`, or the `repository_property`.", + "oneOf": [ + { + "type": "object", + "title": "repository_name_and_ref_name", + "description": "Conditions to target repositories by name and refs by name", + "allOf": [ + { + "title": "Repository ruleset conditions for ref names", + "type": "object", + "description": "Parameters for a repository ruleset ref name condition", + "properties": { + "ref_name": { + "type": "object", + "properties": { + "include": { + "type": "array", + "description": "Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.", + "items": { + "type": "string" + } + }, + "exclude": { + "type": "array", + "description": "Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.", + "items": { + "type": "string" + } + } + } + } + } + }, + { + "title": "Repository ruleset conditions for repository names", + "type": "object", + "description": "Parameters for a repository name condition", + "properties": { + "repository_name": { + "type": "object", + "properties": { + "include": { + "type": "array", + "description": "Array of repository names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~ALL` to include all repositories.", + "items": { + "type": "string" + } + }, + "exclude": { + "type": "array", + "description": "Array of repository names or patterns to exclude. The condition will not pass if any of these patterns match.", + "items": { + "type": "string" + } + }, + "protected": { + "type": "boolean", + "description": "Whether renaming of target repositories is prevented." + } + } + } + }, + "required": [ + "repository_name" + ] + } + ] + }, + { + "type": "object", + "title": "repository_id_and_ref_name", + "description": "Conditions to target repositories by id and refs by name", + "allOf": [ + { + "title": "Repository ruleset conditions for ref names", + "type": "object", + "description": "Parameters for a repository ruleset ref name condition", + "properties": { + "ref_name": { + "type": "object", + "properties": { + "include": { + "type": "array", + "description": "Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.", + "items": { + "type": "string" + } + }, + "exclude": { + "type": "array", + "description": "Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.", + "items": { + "type": "string" + } + } + } + } + } + }, + { + "title": "Repository ruleset conditions for repository IDs", + "type": "object", + "description": "Parameters for a repository ID condition", + "properties": { + "repository_id": { + "type": "object", + "properties": { + "repository_ids": { + "type": "array", + "description": "The repository IDs that the ruleset applies to. One of these IDs must match for the condition to pass.", + "items": { + "type": "integer" + } + } + } + } + }, + "required": [ + "repository_id" + ] + } + ] + }, + { + "type": "object", + "title": "repository_property_and_ref_name", + "description": "Conditions to target repositories by property and refs by name", + "allOf": [ + { + "title": "Repository ruleset conditions for ref names", + "type": "object", + "description": "Parameters for a repository ruleset ref name condition", + "properties": { + "ref_name": { + "type": "object", + "properties": { + "include": { + "type": "array", + "description": "Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.", + "items": { + "type": "string" + } + }, + "exclude": { + "type": "array", + "description": "Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.", + "items": { + "type": "string" + } + } + } + } + } + }, + { + "title": "Repository ruleset conditions for repository properties", + "type": "object", + "description": "Parameters for a repository property condition", + "properties": { + "repository_property": { + "type": "object", + "properties": { + "include": { + "type": "array", + "description": "The repository properties and values to include. All of these properties must match for the condition to pass.", + "items": { + "title": "Repository ruleset property targeting definition", + "type": "object", + "description": "Parameters for a targeting a repository property", + "properties": { + "name": { + "type": "string", + "description": "The name of the repository property to target" + }, + "property_values": { + "type": "array", + "description": "The values to match for the repository property", + "items": { + "type": "string" + } + }, + "source": { + "type": "string", + "description": "The source of the repository property. Defaults to 'custom' if not specified.", + "enum": [ + "custom", + "system" + ] + } + }, + "required": [ + "name", + "property_values" + ] + } + }, + "exclude": { + "type": "array", + "description": "The repository properties and values to exclude. The condition will not pass if any of these properties match.", + "items": { + "title": "Repository ruleset property targeting definition", + "type": "object", + "description": "Parameters for a targeting a repository property", + "properties": { + "name": { + "type": "string", + "description": "The name of the repository property to target" + }, + "property_values": { + "type": "array", + "description": "The values to match for the repository property", + "items": { + "type": "string" + } + }, + "source": { + "type": "string", + "description": "The source of the repository property. Defaults to 'custom' if not specified.", + "enum": [ + "custom", + "system" + ] + } + }, + "required": [ + "name", + "property_values" + ] + } + } + } + } + }, + "required": [ + "repository_property" + ] + } + ] + } + ] + }, + "rules": { + "type": "array", + "description": "An array of rules within the ruleset.", + "items": { + "title": "Repository Rule", + "type": "object", + "description": "A repository rule.", + "oneOf": [ + { + "title": "creation", + "description": "Only allow users with bypass permission to create matching refs.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "creation" + ] + } + } + }, + { + "title": "update", + "description": "Only allow users with bypass permission to update matching refs.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "update" + ] + }, + "parameters": { + "type": "object", + "properties": { + "update_allows_fetch_and_merge": { + "type": "boolean", + "description": "Branch can pull changes from its upstream repository" + } + }, + "required": [ + "update_allows_fetch_and_merge" + ] + } + } + }, + { + "title": "deletion", + "description": "Only allow users with bypass permissions to delete matching refs.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "deletion" + ] + } + } + }, + { + "title": "required_linear_history", + "description": "Prevent merge commits from being pushed to matching refs.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "required_linear_history" + ] + } + } + }, + { + "title": "required_deployments", + "description": "Choose which environments must be successfully deployed to before refs can be pushed into a ref that matches this rule.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "required_deployments" + ] + }, + "parameters": { + "type": "object", + "properties": { + "required_deployment_environments": { + "type": "array", + "description": "The environments that must be successfully deployed to before branches can be merged.", + "items": { + "type": "string" + } + } + }, + "required": [ + "required_deployment_environments" + ] + } + } + }, + { + "title": "required_signatures", + "description": "Commits pushed to matching refs must have verified signatures.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "required_signatures" + ] + } + } + }, + { + "title": "pull_request", + "description": "Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "pull_request" + ] + }, + "parameters": { + "type": "object", + "properties": { + "allowed_merge_methods": { + "type": "array", + "description": "Array of allowed merge methods. Allowed values include `merge`, `squash`, and `rebase`. At least one option must be enabled.", + "items": { + "type": "string", + "enum": [ + "merge", + "squash", + "rebase" + ] + } + }, + "dismiss_stale_reviews_on_push": { + "type": "boolean", + "description": "New, reviewable commits pushed will dismiss previous pull request review approvals." + }, + "require_code_owner_review": { + "type": "boolean", + "description": "Require an approving review in pull requests that modify files that have a designated code owner." + }, + "require_last_push_approval": { + "type": "boolean", + "description": "Whether the most recent reviewable push must be approved by someone other than the person who pushed it." + }, + "required_approving_review_count": { + "type": "integer", + "description": "The number of approving reviews that are required before a pull request can be merged.", + "minimum": 0, + "maximum": 10 + }, + "required_review_thread_resolution": { + "type": "boolean", + "description": "All conversations on code must be resolved before a pull request can be merged." + }, + "required_reviewers": { + "type": "array", + "description": "> [!NOTE]\n> `required_reviewers` is in beta and subject to change.\n\nA collection of reviewers and associated file patterns. Each reviewer has a list of file patterns which determine the files that reviewer is required to review.", + "items": { + "title": "RequiredReviewerConfiguration", + "description": "A reviewing team, and file patterns describing which files they must approve changes to.", + "type": "object", + "properties": { + "file_patterns": { + "type": "array", + "description": "Array of file patterns. Pull requests which change matching files must be approved by the specified team. File patterns use fnmatch syntax.", + "items": { + "type": "string" + } + }, + "minimum_approvals": { + "type": "integer", + "description": "Minimum number of approvals required from the specified team. If set to zero, the team will be added to the pull request but approval is optional." + }, + "reviewer": { + "title": "Reviewer", + "description": "A required reviewing team", + "type": "object", + "properties": { + "id": { + "type": "integer", + "description": "ID of the reviewer which must review changes to matching files." + }, + "type": { + "type": "string", + "description": "The type of the reviewer", + "enum": [ + "Team" + ] + } + }, + "required": [ + "id", + "type" + ] + } + }, + "required": [ + "file_patterns", + "minimum_approvals", + "reviewer" + ] + } + } + }, + "required": [ + "dismiss_stale_reviews_on_push", + "require_code_owner_review", + "require_last_push_approval", + "required_approving_review_count", + "required_review_thread_resolution" + ] + } + } + }, + { + "title": "required_status_checks", + "description": "Choose which status checks must pass before the ref is updated. When enabled, commits must first be pushed to another ref where the checks pass.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "required_status_checks" + ] + }, + "parameters": { + "type": "object", + "properties": { + "do_not_enforce_on_create": { + "type": "boolean", + "description": "Allow repositories and branches to be created if a check would otherwise prohibit it." + }, + "required_status_checks": { + "type": "array", + "description": "Status checks that are required.", + "items": { + "title": "StatusCheckConfiguration", + "description": "Required status check", + "type": "object", + "properties": { + "context": { + "type": "string", + "description": "The status check context name that must be present on the commit." + }, + "integration_id": { + "type": "integer", + "description": "The optional integration ID that this status check must originate from." + } + }, + "required": [ + "context" + ] + } + }, + "strict_required_status_checks_policy": { + "type": "boolean", + "description": "Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled." + } + }, + "required": [ + "required_status_checks", + "strict_required_status_checks_policy" + ] + } + } + }, + { + "title": "non_fast_forward", + "description": "Prevent users with push access from force pushing to refs.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "non_fast_forward" + ] + } + } + }, + { + "title": "commit_message_pattern", + "description": "Parameters to be used for the commit_message_pattern rule", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "commit_message_pattern" + ] + }, + "parameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "How this rule appears when configuring it." + }, + "negate": { + "type": "boolean", + "description": "If true, the rule will fail if the pattern matches." + }, + "operator": { + "type": "string", + "description": "The operator to use for matching.", + "enum": [ + "starts_with", + "ends_with", + "contains", + "regex" + ] + }, + "pattern": { + "type": "string", + "description": "The pattern to match with." + } + }, + "required": [ + "operator", + "pattern" + ] + } + } + }, + { + "title": "commit_author_email_pattern", + "description": "Parameters to be used for the commit_author_email_pattern rule", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "commit_author_email_pattern" + ] + }, + "parameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "How this rule appears when configuring it." + }, + "negate": { + "type": "boolean", + "description": "If true, the rule will fail if the pattern matches." + }, + "operator": { + "type": "string", + "description": "The operator to use for matching.", + "enum": [ + "starts_with", + "ends_with", + "contains", + "regex" + ] + }, + "pattern": { + "type": "string", + "description": "The pattern to match with." + } + }, + "required": [ + "operator", + "pattern" + ] + } + } + }, + { + "title": "committer_email_pattern", + "description": "Parameters to be used for the committer_email_pattern rule", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "committer_email_pattern" + ] + }, + "parameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "How this rule appears when configuring it." + }, + "negate": { + "type": "boolean", + "description": "If true, the rule will fail if the pattern matches." + }, + "operator": { + "type": "string", + "description": "The operator to use for matching.", + "enum": [ + "starts_with", + "ends_with", + "contains", + "regex" + ] + }, + "pattern": { + "type": "string", + "description": "The pattern to match with." + } + }, + "required": [ + "operator", + "pattern" + ] + } + } + }, + { + "title": "branch_name_pattern", + "description": "Parameters to be used for the branch_name_pattern rule", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "branch_name_pattern" + ] + }, + "parameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "How this rule appears when configuring it." + }, + "negate": { + "type": "boolean", + "description": "If true, the rule will fail if the pattern matches." + }, + "operator": { + "type": "string", + "description": "The operator to use for matching.", + "enum": [ + "starts_with", + "ends_with", + "contains", + "regex" + ] + }, + "pattern": { + "type": "string", + "description": "The pattern to match with." + } + }, + "required": [ + "operator", + "pattern" + ] + } + } + }, + { + "title": "tag_name_pattern", + "description": "Parameters to be used for the tag_name_pattern rule", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "tag_name_pattern" + ] + }, + "parameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "How this rule appears when configuring it." + }, + "negate": { + "type": "boolean", + "description": "If true, the rule will fail if the pattern matches." + }, + "operator": { + "type": "string", + "description": "The operator to use for matching.", + "enum": [ + "starts_with", + "ends_with", + "contains", + "regex" + ] + }, + "pattern": { + "type": "string", + "description": "The pattern to match with." + } + }, + "required": [ + "operator", + "pattern" + ] + } + } + }, + { + "title": "file_path_restriction", + "description": "Prevent commits that include changes in specified file and folder paths from being pushed to the commit graph. This includes absolute paths that contain file names.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "file_path_restriction" + ] + }, + "parameters": { + "type": "object", + "properties": { + "restricted_file_paths": { + "type": "array", + "description": "The file paths that are restricted from being pushed to the commit graph.", + "items": { + "type": "string" + } + } + }, + "required": [ + "restricted_file_paths" + ] + } + } + }, + { + "title": "max_file_path_length", + "description": "Prevent commits that include file paths that exceed the specified character limit from being pushed to the commit graph.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "max_file_path_length" + ] + }, + "parameters": { + "type": "object", + "properties": { + "max_file_path_length": { + "type": "integer", + "description": "The maximum amount of characters allowed in file paths.", + "minimum": 1, + "maximum": 32767 + } + }, + "required": [ + "max_file_path_length" + ] + } + } + }, + { + "title": "file_extension_restriction", + "description": "Prevent commits that include files with specified file extensions from being pushed to the commit graph.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "file_extension_restriction" + ] + }, + "parameters": { + "type": "object", + "properties": { + "restricted_file_extensions": { + "type": "array", + "description": "The file extensions that are restricted from being pushed to the commit graph.", + "items": { + "type": "string" + } + } + }, + "required": [ + "restricted_file_extensions" + ] + } + } + }, + { + "title": "max_file_size", + "description": "Prevent commits with individual files that exceed the specified limit from being pushed to the commit graph.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "max_file_size" + ] + }, + "parameters": { + "type": "object", + "properties": { + "max_file_size": { + "type": "integer", + "description": "The maximum file size allowed in megabytes. This limit does not apply to Git Large File Storage (Git LFS).", + "minimum": 1, + "maximum": 100 + } + }, + "required": [ + "max_file_size" + ] + } + } + }, + { + "title": "workflows", + "description": "Require all changes made to a targeted branch to pass the specified workflows before they can be merged.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "workflows" + ] + }, + "parameters": { + "type": "object", + "properties": { + "do_not_enforce_on_create": { + "type": "boolean", + "description": "Allow repositories and branches to be created if a check would otherwise prohibit it." + }, + "workflows": { + "type": "array", + "description": "Workflows that must pass for this rule to pass.", + "items": { + "title": "WorkflowFileReference", + "description": "A workflow that must run for this rule to pass", + "type": "object", + "properties": { + "path": { + "type": "string", + "description": "The path to the workflow file" + }, + "ref": { + "type": "string", + "description": "The ref (branch or tag) of the workflow file to use" + }, + "repository_id": { + "type": "integer", + "description": "The ID of the repository where the workflow is defined" + }, + "sha": { + "type": "string", + "description": "The commit SHA of the workflow file to use" + } + }, + "required": [ + "path", + "repository_id" + ] + } + } + }, + "required": [ + "workflows" + ] + } + } + }, + { + "title": "code_scanning", + "description": "Choose which tools must provide code scanning results before the reference is updated. When configured, code scanning must be enabled and have results for both the commit and the reference being updated.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "code_scanning" + ] + }, + "parameters": { + "type": "object", + "properties": { + "code_scanning_tools": { + "type": "array", + "description": "Tools that must provide code scanning results for this rule to pass.", + "items": { + "title": "CodeScanningTool", + "description": "A tool that must provide code scanning results for this rule to pass.", + "type": "object", + "properties": { + "alerts_threshold": { + "type": "string", + "description": "The severity level at which code scanning results that raise alerts block a reference update. For more information on alert severity levels, see \"[About code scanning alerts](https://docs.github.com/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels).\"", + "enum": [ + "none", + "errors", + "errors_and_warnings", + "all" + ] + }, + "security_alerts_threshold": { + "type": "string", + "description": "The severity level at which code scanning results that raise security alerts block a reference update. For more information on security severity levels, see \"[About code scanning alerts](https://docs.github.com/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels).\"", + "enum": [ + "none", + "critical", + "high_or_higher", + "medium_or_higher", + "all" + ] + }, + "tool": { + "type": "string", + "description": "The name of a code scanning tool" + } + }, + "required": [ + "alerts_threshold", + "security_alerts_threshold", + "tool" + ] + } + } + }, + "required": [ + "code_scanning_tools" + ] + } + } + }, + { + "title": "copilot_code_review", + "description": "Request Copilot code review for new pull requests automatically if the author has access to Copilot code review and their premium requests quota has not reached the limit.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "copilot_code_review" + ] + }, + "parameters": { + "type": "object", + "properties": { + "review_draft_pull_requests": { + "type": "boolean", + "description": "Copilot automatically reviews draft pull requests before they are marked as ready for review." + }, + "review_on_push": { + "type": "boolean", + "description": "Copilot automatically reviews each new push to the pull request." + } + } + } + } + } + ] + } + } + }, + "required": [ + "name", + "enforcement" + ] + }, + "EnvironmentsSettings": { + "description": "A deployment environment configuration entry", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "The name of the deployment environment", + "type": "string" + }, + "wait_timer": { + "description": "The amount of time to delay a job after the job is initially triggered (in minutes)", + "type": "integer" + }, + "reviewers": { + "description": "The people or teams that may review jobs that reference the environment", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of reviewer (`User` or `Team`)", + "type": "string" + }, + "id": { + "description": "The id of the user or team who can review the deployment", + "type": "integer" + } + } + } + }, + "deployment_branch_policy": { + "description": "The type of deployment branch policy for this environment", + "type": "object", + "properties": { + "protected_branches": { + "description": "Whether only protected branches can be deployed to this environment", + "type": "boolean" + }, + "custom_branch_policies": { + "description": "Whether only branches that match the specified name patterns can deploy to this environment", + "type": "boolean" + } + } + }, + "prevent_self_review": { + "description": "Whether or not a user who created the job is prevented from approving their own job", + "type": "boolean" + } + } + }, + "CustomPropertiesSettings": { + "description": "A custom property entry", + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, + "VariablesSettings": { + "description": "An Actions variable entry", + "type": "object", + "required": [ + "name", + "value" + ], + "properties": { + "name": { + "description": "The name of the variable", + "type": "string" + }, + "value": { + "description": "The value of the variable", + "type": "string" + }, + "visibility": { + "description": "The visibility of the variable. Can be `all`, `private`, or `selected`", + "type": "string", + "enum": [ + "all", + "private", + "selected" + ] + } + } + } + } +} \ No newline at end of file diff --git a/schema/dereferenced/settings.json b/schema/dereferenced/settings.json index df3d9231a..94f353549 100644 --- a/schema/dereferenced/settings.json +++ b/schema/dereferenced/settings.json @@ -96,6 +96,57 @@ "description": "Can be `enabled` or `disabled`." } } + }, + "secret_scanning_delegated_alert_dismissal": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning delegated alert dismissal for this repository.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_delegated_bypass": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning delegated bypass for this repository.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_delegated_bypass_options": { + "type": "object", + "description": "Feature options for secret scanning delegated bypass.\nThis object is only honored when `security_and_analysis.secret_scanning_delegated_bypass.status` is set to `enabled`.\nYou can send this object in the same request as `secret_scanning_delegated_bypass`, or update just the options in a separate request.", + "properties": { + "reviewers": { + "type": "array", + "description": "The bypass reviewers for secret scanning delegated bypass.\nIf you omit this field, the existing set of reviewers is unchanged.", + "items": { + "type": "object", + "required": [ + "reviewer_id", + "reviewer_type" + ], + "properties": { + "reviewer_id": { + "type": "integer", + "description": "The ID of the team or role selected as a bypass reviewer" + }, + "reviewer_type": { + "type": "string", + "description": "The type of the bypass reviewer", + "enum": [ + "TEAM", + "ROLE" + ] + } + } + } + } + } } } }, @@ -155,7 +206,7 @@ }, "use_squash_pr_title_as_default": { "type": "boolean", - "description": "Either `true` to allow squash-merge commits to use pull request title, or `false` to use commit message. **This property is closing down. Please use `squash_merge_commit_title` instead.**", + "description": "Either `true` to allow squash-merge commits to use pull request title, or `false` to use commit message. **This property is closing down. Please use `squash_merge_commit_title` instead.", "default": false, "deprecated": true }, @@ -386,15 +437,6 @@ "notifications_disabled" ] }, - "permission": { - "type": "string", - "description": "**Closing down notice**. The permission that new repositories will be added to the team with when none is specified.", - "enum": [ - "pull", - "push" - ], - "default": "pull" - }, "parent_team_id": { "type": "integer", "description": "The ID of a team to set as the parent team." diff --git a/schema/dereferenced/suborgs.json b/schema/dereferenced/suborgs.json new file mode 100644 index 000000000..11ba9ed2d --- /dev/null +++ b/schema/dereferenced/suborgs.json @@ -0,0 +1,2776 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "title": "Safe-settings suborg-level configuration", + "description": "Schema for .github/suborgs/*.yml — suborg-level safe-settings configuration. Defines which repos belong to the suborg and what settings to apply.", + "type": "object", + "properties": { + "suborgrepos": { + "type": "array", + "description": "Glob patterns matching repository names. Repos whose names match any pattern are included in this suborg.", + "items": { + "type": "string" + } + }, + "suborgteams": { + "type": "array", + "description": "Team slugs. Repos that belong to any of these teams are included in this suborg.", + "items": { + "type": "string" + } + }, + "suborgproperties": { + "type": "array", + "description": "Custom property filters. Repos with matching custom property values are included in this suborg.", + "items": { + "type": "object", + "properties": { + "property_name": { + "type": "string", + "description": "The name of the custom property" + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Accepted values for this property" + } + } + } + }, + "repositories": { + "description": "Repository settings. Use force_create to create the repository if it does not exist, and template to specify a template repository to use when creating it.", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the repository." + }, + "description": { + "type": "string", + "description": "A short description of the repository." + }, + "homepage": { + "type": "string", + "description": "A URL with more information about the repository." + }, + "private": { + "type": "boolean", + "description": "Either `true` to make the repository private or `false` to make it public. Default: `false`. \n**Note**: You will get a `422` error if the organization restricts [changing repository visibility](https://docs.github.com/articles/repository-permission-levels-for-an-organization#changing-the-visibility-of-repositories) to organization owners and a non-owner tries to change the value of private.", + "default": false + }, + "visibility": { + "type": "string", + "description": "The visibility of the repository.", + "enum": [ + "public", + "private" + ] + }, + "security_and_analysis": { + "type": "object", + "description": "Specify which security and analysis features to enable or disable for the repository.\n\nTo use this parameter, you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository. For more information, see \"[Managing security managers in your organization](https://docs.github.com/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization).\"\n\nFor example, to enable GitHub Advanced Security, use this data in the body of the `PATCH` request:\n`{ \"security_and_analysis\": {\"advanced_security\": { \"status\": \"enabled\" } } }`.\n\nYou can check which security and analysis features are currently enabled by using a `GET /repos/{owner}/{repo}` request.", + "nullable": true, + "properties": { + "advanced_security": { + "type": "object", + "description": "Use the `status` property to enable or disable GitHub Advanced Security for this repository.\nFor more information, see \"[About GitHub Advanced\nSecurity](/github/getting-started-with-github/learning-about-github/about-github-advanced-security).\"\n\nFor standalone Code Scanning or Secret Protection products, this parameter cannot be used.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "code_security": { + "type": "object", + "description": "Use the `status` property to enable or disable GitHub Code Security for this repository.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning for this repository. For more information, see \"[About secret scanning](/code-security/secret-security/about-secret-scanning).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_push_protection": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning push protection for this repository. For more information, see \"[Protecting pushes with secret scanning](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_ai_detection": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning AI detection for this repository. For more information, see \"[Responsible detection of generic secrets with AI](https://docs.github.com/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/responsible-ai-generic-secrets).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_non_provider_patterns": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning non-provider patterns for this repository. For more information, see \"[Supported secret scanning patterns](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_delegated_alert_dismissal": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning delegated alert dismissal for this repository.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_delegated_bypass": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning delegated bypass for this repository.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_delegated_bypass_options": { + "type": "object", + "description": "Feature options for secret scanning delegated bypass.\nThis object is only honored when `security_and_analysis.secret_scanning_delegated_bypass.status` is set to `enabled`.\nYou can send this object in the same request as `secret_scanning_delegated_bypass`, or update just the options in a separate request.", + "properties": { + "reviewers": { + "type": "array", + "description": "The bypass reviewers for secret scanning delegated bypass.\nIf you omit this field, the existing set of reviewers is unchanged.", + "items": { + "type": "object", + "required": [ + "reviewer_id", + "reviewer_type" + ], + "properties": { + "reviewer_id": { + "type": "integer", + "description": "The ID of the team or role selected as a bypass reviewer" + }, + "reviewer_type": { + "type": "string", + "description": "The type of the bypass reviewer", + "enum": [ + "TEAM", + "ROLE" + ] + } + } + } + } + } + } + } + }, + "has_issues": { + "type": "boolean", + "description": "Either `true` to enable issues for this repository or `false` to disable them.", + "default": true + }, + "has_projects": { + "type": "boolean", + "description": "Either `true` to enable projects for this repository or `false` to disable them. **Note:** If you're creating a repository in an organization that has disabled repository projects, the default is `false`, and if you pass `true`, the API returns an error.", + "default": true + }, + "has_wiki": { + "type": "boolean", + "description": "Either `true` to enable the wiki for this repository or `false` to disable it.", + "default": true + }, + "is_template": { + "type": "boolean", + "description": "Either `true` to make this repo available as a template repository or `false` to prevent it.", + "default": false + }, + "default_branch": { + "type": "string", + "description": "Updates the default branch for this repository." + }, + "allow_squash_merge": { + "type": "boolean", + "description": "Either `true` to allow squash-merging pull requests, or `false` to prevent squash-merging.", + "default": true + }, + "allow_merge_commit": { + "type": "boolean", + "description": "Either `true` to allow merging pull requests with a merge commit, or `false` to prevent merging pull requests with merge commits.", + "default": true + }, + "allow_rebase_merge": { + "type": "boolean", + "description": "Either `true` to allow rebase-merging pull requests, or `false` to prevent rebase-merging.", + "default": true + }, + "allow_auto_merge": { + "type": "boolean", + "description": "Either `true` to allow auto-merge on pull requests, or `false` to disallow auto-merge.", + "default": false + }, + "delete_branch_on_merge": { + "type": "boolean", + "description": "Either `true` to allow automatically deleting head branches when pull requests are merged, or `false` to prevent automatic deletion.", + "default": false + }, + "allow_update_branch": { + "type": "boolean", + "description": "Either `true` to always allow a pull request head branch that is behind its base branch to be updated even if it is not required to be up to date before merging, or false otherwise.", + "default": false + }, + "use_squash_pr_title_as_default": { + "type": "boolean", + "description": "Either `true` to allow squash-merge commits to use pull request title, or `false` to use commit message. **This property is closing down. Please use `squash_merge_commit_title` instead.", + "default": false, + "deprecated": true + }, + "squash_merge_commit_title": { + "type": "string", + "enum": [ + "PR_TITLE", + "COMMIT_OR_PR_TITLE" + ], + "description": "Required when using `squash_merge_commit_message`.\n\nThe default value for a squash merge commit title:\n\n- `PR_TITLE` - default to the pull request's title.\n- `COMMIT_OR_PR_TITLE` - default to the commit's title (if only one commit) or the pull request's title (when more than one commit)." + }, + "squash_merge_commit_message": { + "type": "string", + "enum": [ + "PR_BODY", + "COMMIT_MESSAGES", + "BLANK" + ], + "description": "The default value for a squash merge commit message:\n\n- `PR_BODY` - default to the pull request's body.\n- `COMMIT_MESSAGES` - default to the branch's commit messages.\n- `BLANK` - default to a blank commit message." + }, + "merge_commit_title": { + "type": "string", + "enum": [ + "PR_TITLE", + "MERGE_MESSAGE" + ], + "description": "Required when using `merge_commit_message`.\n\nThe default value for a merge commit title.\n\n- `PR_TITLE` - default to the pull request's title.\n- `MERGE_MESSAGE` - default to the classic title for a merge message (e.g., Merge pull request #123 from branch-name)." + }, + "merge_commit_message": { + "type": "string", + "enum": [ + "PR_BODY", + "PR_TITLE", + "BLANK" + ], + "description": "The default value for a merge commit message.\n\n- `PR_TITLE` - default to the pull request's title.\n- `PR_BODY` - default to the pull request's body.\n- `BLANK` - default to a blank commit message." + }, + "archived": { + "type": "boolean", + "description": "Whether to archive this repository. `false` will unarchive a previously archived repository.", + "default": false + }, + "allow_forking": { + "type": "boolean", + "description": "Either `true` to allow private forks, or `false` to prevent private forks.", + "default": false + }, + "web_commit_signoff_required": { + "type": "boolean", + "description": "Either `true` to require contributors to sign off on web-based commits, or `false` to not require contributors to sign off on web-based commits.", + "default": false + } + } + }, + { + "type": "object", + "properties": { + "auto_init": { + "description": "Create an initial commit with empty README. Keep this set to true in most cases since many of the policies below cannot be implemented on bare repos", + "type": "boolean" + }, + "gitignore_template": { + "description": "Desired language or platform [.gitignore template](https://github.com/github/gitignore) to apply. Use the name of the template without the extension. For example, 'Haskell'.", + "type": "string" + }, + "license_template": { + "description": "Choose an [open source license template](https://choosealicense.com/) that best suits your needs, and then use the [license keyword](https://help.github.com/articles/licensing-a-repository/#searching-github-by-license-type) as the `license_template` string. For example, 'mit' or 'mpl-2.0'.", + "type": "string" + }, + "topics": { + "description": "A list of topics to set on the repository", + "type": "array", + "items": { + "type": "string" + } + }, + "security": { + "description": "Settings for Code security and analysis", + "type": "object", + "properties": { + "enableVulnerabilityAlerts": { + "type": "boolean" + }, + "enableAutomatedSecurityFixes": { + "type": "boolean" + } + } + }, + "force_create": { + "description": "If true, create the repository if it does not already exist.", + "type": "boolean" + }, + "template": { + "description": "Name of a template repository to use when creating a new repository.", + "type": "string" + } + } + } + ] + }, + "labels": { + "description": "Labels: define labels for Issues and Pull Requests", + "type": "object", + "properties": { + "include": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "color": { + "description": "The hexadecimal color code for the label. If including a `#`, make sure to wrap it with quotes!", + "type": "string" + }, + "description": { + "type": "string" + }, + "oldname": { + "description": "Include the old name to rename an existing label", + "type": "string" + } + } + } + }, + "exclude": { + "description": "Ignore any labels matching these regexes (don't delete them)", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "collaborators": { + "description": "Collaborators: give specific users access to any repository.", + "type": "array", + "items": { + "description": "A collaborator entry giving a specific user access to a repository.", + "allOf": [ + { + "type": "object", + "properties": { + "permission": { + "type": "string", + "description": "The permission to grant the collaborator. **Only valid on organization-owned repositories.** We accept the following permissions to be set: `pull`, `triage`, `push`, `maintain`, `admin` and you can also specify a custom repository role name, if the owning organization has defined any.", + "default": "push" + } + } + }, + { + "type": "object", + "properties": { + "username": { + "type": "string" + }, + "exclude": { + "description": "You can exclude a list of repos for this collaborator and all repos except these repos would have this collaborator", + "type": "array", + "items": { + "type": "string" + } + }, + "include": { + "description": "You can include a list of repos for this collaborator and only those repos would have this collaborator", + "type": "array", + "items": { + "type": "string" + } + } + } + } + ] + } + }, + "teams": { + "description": "Teams", + "type": "array", + "items": { + "description": "A team entry", + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the team." + }, + "description": { + "type": "string", + "description": "The description of the team." + }, + "maintainers": { + "type": "array", + "description": "List GitHub usernames for organization members who will become team maintainers.", + "items": { + "type": "string" + } + }, + "repo_names": { + "type": "array", + "description": "The full name (e.g., \"organization-name/repository-name\") of repositories to add the team to.", + "items": { + "type": "string" + } + }, + "privacy": { + "type": "string", + "description": "The level of privacy this team should have. The options are: \n**For a non-nested team:** \n * `secret` - only visible to organization owners and members of this team. \n * `closed` - visible to all members of this organization. \nDefault: `secret` \n**For a parent or child team:** \n * `closed` - visible to all members of this organization. \nDefault for child team: `closed`", + "enum": [ + "secret", + "closed" + ] + }, + "notification_setting": { + "type": "string", + "description": "The notification setting the team has chosen. The options are: \n * `notifications_enabled` - team members receive notifications when the team is @mentioned. \n * `notifications_disabled` - no one receives notifications. \nDefault: `notifications_enabled`", + "enum": [ + "notifications_enabled", + "notifications_disabled" + ] + }, + "parent_team_id": { + "type": "integer", + "description": "The ID of a team to set as the parent team." + } + }, + "required": [ + "name" + ] + } + }, + "milestones": { + "description": "Milestones: define milestones for Issues and Pull Requests", + "type": "array", + "items": { + "description": "A milestone entry", + "type": "object", + "properties": { + "title": { + "type": "string" + }, + "description": { + "type": "string" + }, + "state": { + "description": "The state of the milestone. Either `open` or `closed`", + "type": "string" + } + } + } + }, + "branches": { + "description": "Branch protection rules", + "type": "array", + "items": { + "description": "A branch protection rule entry", + "type": "object", + "properties": { + "name": { + "description": "If the name of the branch value is specified as `default`, then the app will create a branch protection rule to apply against the default branch in the repo", + "type": "string" + }, + "protection": { + "type": "object", + "properties": { + "required_status_checks": { + "type": "object", + "description": "Require status checks to pass before merging. Set to `null` to disable.", + "nullable": true, + "properties": { + "strict": { + "type": "boolean", + "description": "Require branches to be up to date before merging." + }, + "contexts": { + "type": "array", + "deprecated": true, + "description": "**Closing down notice**: The list of status checks to require in order to merge into this branch. If any of these checks have recently been set by a particular GitHub App, they will be required to come from that app in future for the branch to merge. Use `checks` instead of `contexts` for more fine-grained control.", + "items": { + "type": "string" + } + }, + "checks": { + "type": "array", + "description": "The list of status checks to require in order to merge into this branch.", + "items": { + "type": "object", + "required": [ + "context" + ], + "properties": { + "context": { + "type": "string", + "description": "The name of the required check" + }, + "app_id": { + "type": "integer", + "description": "The ID of the GitHub App that must provide this check. Omit this field to automatically select the GitHub App that has recently provided this check, or any app if it was not set by a GitHub App. Pass -1 to explicitly allow any app to set the status." + } + } + } + } + }, + "required": [ + "strict", + "contexts" + ] + }, + "enforce_admins": { + "type": "boolean", + "description": "Enforce all configured restrictions for administrators. Set to `true` to enforce required status checks for repository administrators. Set to `null` to disable.", + "nullable": true + }, + "required_pull_request_reviews": { + "type": "object", + "description": "Require at least one approving review on a pull request, before merging. Set to `null` to disable.", + "nullable": true, + "properties": { + "dismissal_restrictions": { + "type": "object", + "description": "Specify which users, teams, and apps can dismiss pull request reviews. Pass an empty `dismissal_restrictions` object to disable. User and team `dismissal_restrictions` are only available for organization-owned repositories. Omit this parameter for personal repositories.", + "properties": { + "users": { + "type": "array", + "description": "The list of user `login`s with dismissal access", + "items": { + "type": "string" + } + }, + "teams": { + "type": "array", + "description": "The list of team `slug`s with dismissal access", + "items": { + "type": "string" + } + }, + "apps": { + "type": "array", + "description": "The list of app `slug`s with dismissal access", + "items": { + "type": "string" + } + } + } + }, + "dismiss_stale_reviews": { + "type": "boolean", + "description": "Set to `true` if you want to automatically dismiss approving reviews when someone pushes a new commit." + }, + "require_code_owner_reviews": { + "type": "boolean", + "description": "Blocks merging pull requests until [code owners](https://docs.github.com/articles/about-code-owners/) review them." + }, + "required_approving_review_count": { + "type": "integer", + "description": "Specify the number of reviewers required to approve pull requests. Use a number between 1 and 6 or 0 to not require reviewers." + }, + "require_last_push_approval": { + "type": "boolean", + "description": "Whether the most recent push must be approved by someone other than the person who pushed it. Default: `false`.", + "default": false + }, + "bypass_pull_request_allowances": { + "type": "object", + "description": "Allow specific users, teams, or apps to bypass pull request requirements.", + "properties": { + "users": { + "type": "array", + "description": "The list of user `login`s allowed to bypass pull request requirements.", + "items": { + "type": "string" + } + }, + "teams": { + "type": "array", + "description": "The list of team `slug`s allowed to bypass pull request requirements.", + "items": { + "type": "string" + } + }, + "apps": { + "type": "array", + "description": "The list of app `slug`s allowed to bypass pull request requirements.", + "items": { + "type": "string" + } + } + } + } + } + }, + "restrictions": { + "type": "object", + "description": "Restrict who can push to the protected branch. User, app, and team `restrictions` are only available for organization-owned repositories. Set to `null` to disable.", + "nullable": true, + "properties": { + "users": { + "type": "array", + "description": "The list of user `login`s with push access", + "items": { + "type": "string" + } + }, + "teams": { + "type": "array", + "description": "The list of team `slug`s with push access", + "items": { + "type": "string" + } + }, + "apps": { + "type": "array", + "description": "The list of app `slug`s with push access", + "items": { + "type": "string" + } + } + }, + "required": [ + "users", + "teams" + ] + }, + "required_linear_history": { + "type": "boolean", + "description": "Enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch. Set to `true` to enforce a linear commit history. Set to `false` to disable a linear commit Git history. Your repository must allow squash merging or rebase merging before you can enable a linear commit history. Default: `false`. For more information, see \"[Requiring a linear commit history](https://docs.github.com/github/administering-a-repository/requiring-a-linear-commit-history)\" in the GitHub Help documentation." + }, + "allow_force_pushes": { + "type": "boolean", + "description": "Permits force pushes to the protected branch by anyone with write access to the repository. Set to `true` to allow force pushes. Set to `false` or `null` to block force pushes. Default: `false`. For more information, see \"[Enabling force pushes to a protected branch](https://docs.github.com/github/administering-a-repository/enabling-force-pushes-to-a-protected-branch)\" in the GitHub Help documentation.\"", + "nullable": true + }, + "allow_deletions": { + "type": "boolean", + "description": "Allows deletion of the protected branch by anyone with write access to the repository. Set to `false` to prevent deletion of the protected branch. Default: `false`. For more information, see \"[Enabling force pushes to a protected branch](https://docs.github.com/github/administering-a-repository/enabling-force-pushes-to-a-protected-branch)\" in the GitHub Help documentation." + }, + "block_creations": { + "type": "boolean", + "description": "If set to `true`, the `restrictions` branch protection settings which limits who can push will also block pushes which create new branches, unless the push is initiated by a user, team, or app which has the ability to push. Set to `true` to restrict new branch creation. Default: `false`." + }, + "required_conversation_resolution": { + "type": "boolean", + "description": "Requires all conversations on code to be resolved before a pull request can be merged into a branch that matches this rule. Set to `false` to disable. Default: `false`." + }, + "lock_branch": { + "type": "boolean", + "description": "Whether to set the branch as read-only. If this is true, users will not be able to push to the branch. Default: `false`.", + "default": false + }, + "allow_fork_syncing": { + "type": "boolean", + "description": "Whether users can pull changes from upstream when the branch is locked. Set to `true` to allow fork syncing. Set to `false` to prevent fork syncing. Default: `false`.", + "default": false + } + }, + "required": [ + "required_status_checks", + "enforce_admins", + "required_pull_request_reviews", + "restrictions" + ] + } + } + } + }, + "autolinks": { + "description": "Autolinks", + "type": "array", + "items": { + "description": "An autolink reference entry", + "type": "object", + "properties": { + "key_prefix": { + "type": "string", + "description": "This prefix appended by certain characters will generate a link any time it is found in an issue, pull request, or commit." + }, + "url_template": { + "type": "string", + "description": "The URL must contain `` for the reference number. `` matches different characters depending on the value of `is_alphanumeric`." + }, + "is_alphanumeric": { + "type": "boolean", + "default": true, + "description": "Whether this autolink reference matches alphanumeric characters. If true, the `` parameter of the `url_template` matches alphanumeric characters `A-Z` (case insensitive), `0-9`, and `-`. If false, this autolink reference only matches numeric characters." + } + }, + "required": [ + "key_prefix", + "url_template" + ] + } + }, + "validator": { + "description": "Repository name validation", + "type": "object", + "properties": { + "pattern": { + "type": "string" + } + } + }, + "environments": { + "description": "Deployment environments", + "type": "array", + "items": { + "description": "A deployment environment configuration entry", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "The name of the deployment environment", + "type": "string" + }, + "wait_timer": { + "description": "The amount of time to delay a job after the job is initially triggered (in minutes)", + "type": "integer" + }, + "reviewers": { + "description": "The people or teams that may review jobs that reference the environment", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of reviewer (`User` or `Team`)", + "type": "string" + }, + "id": { + "description": "The id of the user or team who can review the deployment", + "type": "integer" + } + } + } + }, + "deployment_branch_policy": { + "description": "The type of deployment branch policy for this environment", + "type": "object", + "properties": { + "protected_branches": { + "description": "Whether only protected branches can be deployed to this environment", + "type": "boolean" + }, + "custom_branch_policies": { + "description": "Whether only branches that match the specified name patterns can deploy to this environment", + "type": "boolean" + } + } + }, + "prevent_self_review": { + "description": "Whether or not a user who created the job is prevented from approving their own job", + "type": "boolean" + } + } + } + }, + "custom_properties": { + "description": "Custom properties", + "type": "array", + "items": { + "description": "A custom property entry", + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "variables": { + "description": "Repository or org-level Actions variables", + "type": "array", + "items": { + "description": "An Actions variable entry", + "type": "object", + "required": [ + "name", + "value" + ], + "properties": { + "name": { + "description": "The name of the variable", + "type": "string" + }, + "value": { + "description": "The value of the variable", + "type": "string" + }, + "visibility": { + "description": "The visibility of the variable. Can be `all`, `private`, or `selected`", + "type": "string", + "enum": [ + "all", + "private", + "selected" + ] + } + } + } + } + }, + "$defs": { + "RepositorySettings": { + "description": "Repository settings. Use force_create to create the repository if it does not exist, and template to specify a template repository to use when creating it.", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the repository." + }, + "description": { + "type": "string", + "description": "A short description of the repository." + }, + "homepage": { + "type": "string", + "description": "A URL with more information about the repository." + }, + "private": { + "type": "boolean", + "description": "Either `true` to make the repository private or `false` to make it public. Default: `false`. \n**Note**: You will get a `422` error if the organization restricts [changing repository visibility](https://docs.github.com/articles/repository-permission-levels-for-an-organization#changing-the-visibility-of-repositories) to organization owners and a non-owner tries to change the value of private.", + "default": false + }, + "visibility": { + "type": "string", + "description": "The visibility of the repository.", + "enum": [ + "public", + "private" + ] + }, + "security_and_analysis": { + "type": "object", + "description": "Specify which security and analysis features to enable or disable for the repository.\n\nTo use this parameter, you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository. For more information, see \"[Managing security managers in your organization](https://docs.github.com/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization).\"\n\nFor example, to enable GitHub Advanced Security, use this data in the body of the `PATCH` request:\n`{ \"security_and_analysis\": {\"advanced_security\": { \"status\": \"enabled\" } } }`.\n\nYou can check which security and analysis features are currently enabled by using a `GET /repos/{owner}/{repo}` request.", + "nullable": true, + "properties": { + "advanced_security": { + "type": "object", + "description": "Use the `status` property to enable or disable GitHub Advanced Security for this repository.\nFor more information, see \"[About GitHub Advanced\nSecurity](/github/getting-started-with-github/learning-about-github/about-github-advanced-security).\"\n\nFor standalone Code Scanning or Secret Protection products, this parameter cannot be used.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "code_security": { + "type": "object", + "description": "Use the `status` property to enable or disable GitHub Code Security for this repository.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning for this repository. For more information, see \"[About secret scanning](/code-security/secret-security/about-secret-scanning).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_push_protection": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning push protection for this repository. For more information, see \"[Protecting pushes with secret scanning](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_ai_detection": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning AI detection for this repository. For more information, see \"[Responsible detection of generic secrets with AI](https://docs.github.com/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/responsible-ai-generic-secrets).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_non_provider_patterns": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning non-provider patterns for this repository. For more information, see \"[Supported secret scanning patterns](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_delegated_alert_dismissal": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning delegated alert dismissal for this repository.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_delegated_bypass": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning delegated bypass for this repository.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_delegated_bypass_options": { + "type": "object", + "description": "Feature options for secret scanning delegated bypass.\nThis object is only honored when `security_and_analysis.secret_scanning_delegated_bypass.status` is set to `enabled`.\nYou can send this object in the same request as `secret_scanning_delegated_bypass`, or update just the options in a separate request.", + "properties": { + "reviewers": { + "type": "array", + "description": "The bypass reviewers for secret scanning delegated bypass.\nIf you omit this field, the existing set of reviewers is unchanged.", + "items": { + "type": "object", + "required": [ + "reviewer_id", + "reviewer_type" + ], + "properties": { + "reviewer_id": { + "type": "integer", + "description": "The ID of the team or role selected as a bypass reviewer" + }, + "reviewer_type": { + "type": "string", + "description": "The type of the bypass reviewer", + "enum": [ + "TEAM", + "ROLE" + ] + } + } + } + } + } + } + } + }, + "has_issues": { + "type": "boolean", + "description": "Either `true` to enable issues for this repository or `false` to disable them.", + "default": true + }, + "has_projects": { + "type": "boolean", + "description": "Either `true` to enable projects for this repository or `false` to disable them. **Note:** If you're creating a repository in an organization that has disabled repository projects, the default is `false`, and if you pass `true`, the API returns an error.", + "default": true + }, + "has_wiki": { + "type": "boolean", + "description": "Either `true` to enable the wiki for this repository or `false` to disable it.", + "default": true + }, + "is_template": { + "type": "boolean", + "description": "Either `true` to make this repo available as a template repository or `false` to prevent it.", + "default": false + }, + "default_branch": { + "type": "string", + "description": "Updates the default branch for this repository." + }, + "allow_squash_merge": { + "type": "boolean", + "description": "Either `true` to allow squash-merging pull requests, or `false` to prevent squash-merging.", + "default": true + }, + "allow_merge_commit": { + "type": "boolean", + "description": "Either `true` to allow merging pull requests with a merge commit, or `false` to prevent merging pull requests with merge commits.", + "default": true + }, + "allow_rebase_merge": { + "type": "boolean", + "description": "Either `true` to allow rebase-merging pull requests, or `false` to prevent rebase-merging.", + "default": true + }, + "allow_auto_merge": { + "type": "boolean", + "description": "Either `true` to allow auto-merge on pull requests, or `false` to disallow auto-merge.", + "default": false + }, + "delete_branch_on_merge": { + "type": "boolean", + "description": "Either `true` to allow automatically deleting head branches when pull requests are merged, or `false` to prevent automatic deletion.", + "default": false + }, + "allow_update_branch": { + "type": "boolean", + "description": "Either `true` to always allow a pull request head branch that is behind its base branch to be updated even if it is not required to be up to date before merging, or false otherwise.", + "default": false + }, + "use_squash_pr_title_as_default": { + "type": "boolean", + "description": "Either `true` to allow squash-merge commits to use pull request title, or `false` to use commit message. **This property is closing down. Please use `squash_merge_commit_title` instead.", + "default": false, + "deprecated": true + }, + "squash_merge_commit_title": { + "type": "string", + "enum": [ + "PR_TITLE", + "COMMIT_OR_PR_TITLE" + ], + "description": "Required when using `squash_merge_commit_message`.\n\nThe default value for a squash merge commit title:\n\n- `PR_TITLE` - default to the pull request's title.\n- `COMMIT_OR_PR_TITLE` - default to the commit's title (if only one commit) or the pull request's title (when more than one commit)." + }, + "squash_merge_commit_message": { + "type": "string", + "enum": [ + "PR_BODY", + "COMMIT_MESSAGES", + "BLANK" + ], + "description": "The default value for a squash merge commit message:\n\n- `PR_BODY` - default to the pull request's body.\n- `COMMIT_MESSAGES` - default to the branch's commit messages.\n- `BLANK` - default to a blank commit message." + }, + "merge_commit_title": { + "type": "string", + "enum": [ + "PR_TITLE", + "MERGE_MESSAGE" + ], + "description": "Required when using `merge_commit_message`.\n\nThe default value for a merge commit title.\n\n- `PR_TITLE` - default to the pull request's title.\n- `MERGE_MESSAGE` - default to the classic title for a merge message (e.g., Merge pull request #123 from branch-name)." + }, + "merge_commit_message": { + "type": "string", + "enum": [ + "PR_BODY", + "PR_TITLE", + "BLANK" + ], + "description": "The default value for a merge commit message.\n\n- `PR_TITLE` - default to the pull request's title.\n- `PR_BODY` - default to the pull request's body.\n- `BLANK` - default to a blank commit message." + }, + "archived": { + "type": "boolean", + "description": "Whether to archive this repository. `false` will unarchive a previously archived repository.", + "default": false + }, + "allow_forking": { + "type": "boolean", + "description": "Either `true` to allow private forks, or `false` to prevent private forks.", + "default": false + }, + "web_commit_signoff_required": { + "type": "boolean", + "description": "Either `true` to require contributors to sign off on web-based commits, or `false` to not require contributors to sign off on web-based commits.", + "default": false + } + } + }, + { + "type": "object", + "properties": { + "auto_init": { + "description": "Create an initial commit with empty README. Keep this set to true in most cases since many of the policies below cannot be implemented on bare repos", + "type": "boolean" + }, + "gitignore_template": { + "description": "Desired language or platform [.gitignore template](https://github.com/github/gitignore) to apply. Use the name of the template without the extension. For example, 'Haskell'.", + "type": "string" + }, + "license_template": { + "description": "Choose an [open source license template](https://choosealicense.com/) that best suits your needs, and then use the [license keyword](https://help.github.com/articles/licensing-a-repository/#searching-github-by-license-type) as the `license_template` string. For example, 'mit' or 'mpl-2.0'.", + "type": "string" + }, + "topics": { + "description": "A list of topics to set on the repository", + "type": "array", + "items": { + "type": "string" + } + }, + "security": { + "description": "Settings for Code security and analysis", + "type": "object", + "properties": { + "enableVulnerabilityAlerts": { + "type": "boolean" + }, + "enableAutomatedSecurityFixes": { + "type": "boolean" + } + } + }, + "force_create": { + "description": "If true, create the repository if it does not already exist.", + "type": "boolean" + }, + "template": { + "description": "Name of a template repository to use when creating a new repository.", + "type": "string" + } + } + } + ] + }, + "LabelSettings": { + "description": "Labels: define labels for Issues and Pull Requests", + "type": "object", + "properties": { + "include": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "color": { + "description": "The hexadecimal color code for the label. If including a `#`, make sure to wrap it with quotes!", + "type": "string" + }, + "description": { + "type": "string" + }, + "oldname": { + "description": "Include the old name to rename an existing label", + "type": "string" + } + } + } + }, + "exclude": { + "description": "Ignore any labels matching these regexes (don't delete them)", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "CollaboratorSettings": { + "description": "A collaborator entry giving a specific user access to a repository.", + "allOf": [ + { + "type": "object", + "properties": { + "permission": { + "type": "string", + "description": "The permission to grant the collaborator. **Only valid on organization-owned repositories.** We accept the following permissions to be set: `pull`, `triage`, `push`, `maintain`, `admin` and you can also specify a custom repository role name, if the owning organization has defined any.", + "default": "push" + } + } + }, + { + "type": "object", + "properties": { + "username": { + "type": "string" + }, + "exclude": { + "description": "You can exclude a list of repos for this collaborator and all repos except these repos would have this collaborator", + "type": "array", + "items": { + "type": "string" + } + }, + "include": { + "description": "You can include a list of repos for this collaborator and only those repos would have this collaborator", + "type": "array", + "items": { + "type": "string" + } + } + } + } + ] + }, + "TeamSettings": { + "description": "A team entry", + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the team." + }, + "description": { + "type": "string", + "description": "The description of the team." + }, + "maintainers": { + "type": "array", + "description": "List GitHub usernames for organization members who will become team maintainers.", + "items": { + "type": "string" + } + }, + "repo_names": { + "type": "array", + "description": "The full name (e.g., \"organization-name/repository-name\") of repositories to add the team to.", + "items": { + "type": "string" + } + }, + "privacy": { + "type": "string", + "description": "The level of privacy this team should have. The options are: \n**For a non-nested team:** \n * `secret` - only visible to organization owners and members of this team. \n * `closed` - visible to all members of this organization. \nDefault: `secret` \n**For a parent or child team:** \n * `closed` - visible to all members of this organization. \nDefault for child team: `closed`", + "enum": [ + "secret", + "closed" + ] + }, + "notification_setting": { + "type": "string", + "description": "The notification setting the team has chosen. The options are: \n * `notifications_enabled` - team members receive notifications when the team is @mentioned. \n * `notifications_disabled` - no one receives notifications. \nDefault: `notifications_enabled`", + "enum": [ + "notifications_enabled", + "notifications_disabled" + ] + }, + "parent_team_id": { + "type": "integer", + "description": "The ID of a team to set as the parent team." + } + }, + "required": [ + "name" + ] + }, + "MilestoneSettings": { + "description": "A milestone entry", + "type": "object", + "properties": { + "title": { + "type": "string" + }, + "description": { + "type": "string" + }, + "state": { + "description": "The state of the milestone. Either `open` or `closed`", + "type": "string" + } + } + }, + "BranchSettings": { + "description": "A branch protection rule entry", + "type": "object", + "properties": { + "name": { + "description": "If the name of the branch value is specified as `default`, then the app will create a branch protection rule to apply against the default branch in the repo", + "type": "string" + }, + "protection": { + "type": "object", + "properties": { + "required_status_checks": { + "type": "object", + "description": "Require status checks to pass before merging. Set to `null` to disable.", + "nullable": true, + "properties": { + "strict": { + "type": "boolean", + "description": "Require branches to be up to date before merging." + }, + "contexts": { + "type": "array", + "deprecated": true, + "description": "**Closing down notice**: The list of status checks to require in order to merge into this branch. If any of these checks have recently been set by a particular GitHub App, they will be required to come from that app in future for the branch to merge. Use `checks` instead of `contexts` for more fine-grained control.", + "items": { + "type": "string" + } + }, + "checks": { + "type": "array", + "description": "The list of status checks to require in order to merge into this branch.", + "items": { + "type": "object", + "required": [ + "context" + ], + "properties": { + "context": { + "type": "string", + "description": "The name of the required check" + }, + "app_id": { + "type": "integer", + "description": "The ID of the GitHub App that must provide this check. Omit this field to automatically select the GitHub App that has recently provided this check, or any app if it was not set by a GitHub App. Pass -1 to explicitly allow any app to set the status." + } + } + } + } + }, + "required": [ + "strict", + "contexts" + ] + }, + "enforce_admins": { + "type": "boolean", + "description": "Enforce all configured restrictions for administrators. Set to `true` to enforce required status checks for repository administrators. Set to `null` to disable.", + "nullable": true + }, + "required_pull_request_reviews": { + "type": "object", + "description": "Require at least one approving review on a pull request, before merging. Set to `null` to disable.", + "nullable": true, + "properties": { + "dismissal_restrictions": { + "type": "object", + "description": "Specify which users, teams, and apps can dismiss pull request reviews. Pass an empty `dismissal_restrictions` object to disable. User and team `dismissal_restrictions` are only available for organization-owned repositories. Omit this parameter for personal repositories.", + "properties": { + "users": { + "type": "array", + "description": "The list of user `login`s with dismissal access", + "items": { + "type": "string" + } + }, + "teams": { + "type": "array", + "description": "The list of team `slug`s with dismissal access", + "items": { + "type": "string" + } + }, + "apps": { + "type": "array", + "description": "The list of app `slug`s with dismissal access", + "items": { + "type": "string" + } + } + } + }, + "dismiss_stale_reviews": { + "type": "boolean", + "description": "Set to `true` if you want to automatically dismiss approving reviews when someone pushes a new commit." + }, + "require_code_owner_reviews": { + "type": "boolean", + "description": "Blocks merging pull requests until [code owners](https://docs.github.com/articles/about-code-owners/) review them." + }, + "required_approving_review_count": { + "type": "integer", + "description": "Specify the number of reviewers required to approve pull requests. Use a number between 1 and 6 or 0 to not require reviewers." + }, + "require_last_push_approval": { + "type": "boolean", + "description": "Whether the most recent push must be approved by someone other than the person who pushed it. Default: `false`.", + "default": false + }, + "bypass_pull_request_allowances": { + "type": "object", + "description": "Allow specific users, teams, or apps to bypass pull request requirements.", + "properties": { + "users": { + "type": "array", + "description": "The list of user `login`s allowed to bypass pull request requirements.", + "items": { + "type": "string" + } + }, + "teams": { + "type": "array", + "description": "The list of team `slug`s allowed to bypass pull request requirements.", + "items": { + "type": "string" + } + }, + "apps": { + "type": "array", + "description": "The list of app `slug`s allowed to bypass pull request requirements.", + "items": { + "type": "string" + } + } + } + } + } + }, + "restrictions": { + "type": "object", + "description": "Restrict who can push to the protected branch. User, app, and team `restrictions` are only available for organization-owned repositories. Set to `null` to disable.", + "nullable": true, + "properties": { + "users": { + "type": "array", + "description": "The list of user `login`s with push access", + "items": { + "type": "string" + } + }, + "teams": { + "type": "array", + "description": "The list of team `slug`s with push access", + "items": { + "type": "string" + } + }, + "apps": { + "type": "array", + "description": "The list of app `slug`s with push access", + "items": { + "type": "string" + } + } + }, + "required": [ + "users", + "teams" + ] + }, + "required_linear_history": { + "type": "boolean", + "description": "Enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch. Set to `true` to enforce a linear commit history. Set to `false` to disable a linear commit Git history. Your repository must allow squash merging or rebase merging before you can enable a linear commit history. Default: `false`. For more information, see \"[Requiring a linear commit history](https://docs.github.com/github/administering-a-repository/requiring-a-linear-commit-history)\" in the GitHub Help documentation." + }, + "allow_force_pushes": { + "type": "boolean", + "description": "Permits force pushes to the protected branch by anyone with write access to the repository. Set to `true` to allow force pushes. Set to `false` or `null` to block force pushes. Default: `false`. For more information, see \"[Enabling force pushes to a protected branch](https://docs.github.com/github/administering-a-repository/enabling-force-pushes-to-a-protected-branch)\" in the GitHub Help documentation.\"", + "nullable": true + }, + "allow_deletions": { + "type": "boolean", + "description": "Allows deletion of the protected branch by anyone with write access to the repository. Set to `false` to prevent deletion of the protected branch. Default: `false`. For more information, see \"[Enabling force pushes to a protected branch](https://docs.github.com/github/administering-a-repository/enabling-force-pushes-to-a-protected-branch)\" in the GitHub Help documentation." + }, + "block_creations": { + "type": "boolean", + "description": "If set to `true`, the `restrictions` branch protection settings which limits who can push will also block pushes which create new branches, unless the push is initiated by a user, team, or app which has the ability to push. Set to `true` to restrict new branch creation. Default: `false`." + }, + "required_conversation_resolution": { + "type": "boolean", + "description": "Requires all conversations on code to be resolved before a pull request can be merged into a branch that matches this rule. Set to `false` to disable. Default: `false`." + }, + "lock_branch": { + "type": "boolean", + "description": "Whether to set the branch as read-only. If this is true, users will not be able to push to the branch. Default: `false`.", + "default": false + }, + "allow_fork_syncing": { + "type": "boolean", + "description": "Whether users can pull changes from upstream when the branch is locked. Set to `true` to allow fork syncing. Set to `false` to prevent fork syncing. Default: `false`.", + "default": false + } + }, + "required": [ + "required_status_checks", + "enforce_admins", + "required_pull_request_reviews", + "restrictions" + ] + } + } + }, + "AutolinkSettings": { + "description": "An autolink reference entry", + "type": "object", + "properties": { + "key_prefix": { + "type": "string", + "description": "This prefix appended by certain characters will generate a link any time it is found in an issue, pull request, or commit." + }, + "url_template": { + "type": "string", + "description": "The URL must contain `` for the reference number. `` matches different characters depending on the value of `is_alphanumeric`." + }, + "is_alphanumeric": { + "type": "boolean", + "default": true, + "description": "Whether this autolink reference matches alphanumeric characters. If true, the `` parameter of the `url_template` matches alphanumeric characters `A-Z` (case insensitive), `0-9`, and `-`. If false, this autolink reference only matches numeric characters." + } + }, + "required": [ + "key_prefix", + "url_template" + ] + }, + "ValidatorSettings": { + "description": "Repository name validation", + "type": "object", + "properties": { + "pattern": { + "type": "string" + } + } + }, + "RulesetSettings": { + "description": "A ruleset entry", + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the ruleset." + }, + "target": { + "type": "string", + "description": "The target of the ruleset", + "enum": [ + "branch", + "tag", + "push", + "repository" + ], + "default": "branch" + }, + "enforcement": { + "type": "string", + "description": "The enforcement level of the ruleset. `evaluate` allows admins to test rules before enforcing them. Admins can view insights on the Rule Insights page (`evaluate` is only available with GitHub Enterprise).", + "enum": [ + "disabled", + "active", + "evaluate" + ] + }, + "bypass_actors": { + "type": "array", + "description": "The actors that can bypass the rules in this ruleset", + "items": { + "title": "Repository Ruleset Bypass Actor", + "type": "object", + "description": "An actor that can bypass rules in a ruleset", + "required": [ + "actor_type" + ], + "properties": { + "actor_id": { + "type": "integer", + "nullable": true, + "description": "The ID of the actor that can bypass a ruleset. Required for `Integration`, `RepositoryRole`, and `Team` actor types. If `actor_type` is `OrganizationAdmin`, `actor_id` is ignored. If `actor_type` is `DeployKey`, this should be null. `OrganizationAdmin` is not applicable for personal repositories." + }, + "actor_type": { + "type": "string", + "enum": [ + "Integration", + "OrganizationAdmin", + "RepositoryRole", + "Team", + "DeployKey" + ], + "description": "The type of actor that can bypass a ruleset." + }, + "bypass_mode": { + "type": "string", + "description": "When the specified actor can bypass the ruleset. `pull_request` means that an actor can only bypass rules on pull requests. `pull_request` is not applicable for the `DeployKey` actor type. Also, `pull_request` is only applicable to branch rulesets. When `bypass_mode` is `exempt`, rules will not be run for that actor and a bypass audit entry will not be created.", + "enum": [ + "always", + "pull_request", + "exempt" + ], + "default": "always" + } + } + } + }, + "conditions": { + "title": "Organization ruleset conditions", + "type": "object", + "description": "Conditions for an organization ruleset.\nThe branch and tag rulesets conditions object should contain both `repository_name` and `ref_name` properties, or both `repository_id` and `ref_name` properties, or both `repository_property` and `ref_name` properties.\nThe push rulesets conditions object does not require the `ref_name` property.\nFor repository policy rulesets, the conditions object should only contain the `repository_name`, the `repository_id`, or the `repository_property`.", + "oneOf": [ + { + "type": "object", + "title": "repository_name_and_ref_name", + "description": "Conditions to target repositories by name and refs by name", + "allOf": [ + { + "title": "Repository ruleset conditions for ref names", + "type": "object", + "description": "Parameters for a repository ruleset ref name condition", + "properties": { + "ref_name": { + "type": "object", + "properties": { + "include": { + "type": "array", + "description": "Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.", + "items": { + "type": "string" + } + }, + "exclude": { + "type": "array", + "description": "Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.", + "items": { + "type": "string" + } + } + } + } + } + }, + { + "title": "Repository ruleset conditions for repository names", + "type": "object", + "description": "Parameters for a repository name condition", + "properties": { + "repository_name": { + "type": "object", + "properties": { + "include": { + "type": "array", + "description": "Array of repository names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~ALL` to include all repositories.", + "items": { + "type": "string" + } + }, + "exclude": { + "type": "array", + "description": "Array of repository names or patterns to exclude. The condition will not pass if any of these patterns match.", + "items": { + "type": "string" + } + }, + "protected": { + "type": "boolean", + "description": "Whether renaming of target repositories is prevented." + } + } + } + }, + "required": [ + "repository_name" + ] + } + ] + }, + { + "type": "object", + "title": "repository_id_and_ref_name", + "description": "Conditions to target repositories by id and refs by name", + "allOf": [ + { + "title": "Repository ruleset conditions for ref names", + "type": "object", + "description": "Parameters for a repository ruleset ref name condition", + "properties": { + "ref_name": { + "type": "object", + "properties": { + "include": { + "type": "array", + "description": "Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.", + "items": { + "type": "string" + } + }, + "exclude": { + "type": "array", + "description": "Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.", + "items": { + "type": "string" + } + } + } + } + } + }, + { + "title": "Repository ruleset conditions for repository IDs", + "type": "object", + "description": "Parameters for a repository ID condition", + "properties": { + "repository_id": { + "type": "object", + "properties": { + "repository_ids": { + "type": "array", + "description": "The repository IDs that the ruleset applies to. One of these IDs must match for the condition to pass.", + "items": { + "type": "integer" + } + } + } + } + }, + "required": [ + "repository_id" + ] + } + ] + }, + { + "type": "object", + "title": "repository_property_and_ref_name", + "description": "Conditions to target repositories by property and refs by name", + "allOf": [ + { + "title": "Repository ruleset conditions for ref names", + "type": "object", + "description": "Parameters for a repository ruleset ref name condition", + "properties": { + "ref_name": { + "type": "object", + "properties": { + "include": { + "type": "array", + "description": "Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.", + "items": { + "type": "string" + } + }, + "exclude": { + "type": "array", + "description": "Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.", + "items": { + "type": "string" + } + } + } + } + } + }, + { + "title": "Repository ruleset conditions for repository properties", + "type": "object", + "description": "Parameters for a repository property condition", + "properties": { + "repository_property": { + "type": "object", + "properties": { + "include": { + "type": "array", + "description": "The repository properties and values to include. All of these properties must match for the condition to pass.", + "items": { + "title": "Repository ruleset property targeting definition", + "type": "object", + "description": "Parameters for a targeting a repository property", + "properties": { + "name": { + "type": "string", + "description": "The name of the repository property to target" + }, + "property_values": { + "type": "array", + "description": "The values to match for the repository property", + "items": { + "type": "string" + } + }, + "source": { + "type": "string", + "description": "The source of the repository property. Defaults to 'custom' if not specified.", + "enum": [ + "custom", + "system" + ] + } + }, + "required": [ + "name", + "property_values" + ] + } + }, + "exclude": { + "type": "array", + "description": "The repository properties and values to exclude. The condition will not pass if any of these properties match.", + "items": { + "title": "Repository ruleset property targeting definition", + "type": "object", + "description": "Parameters for a targeting a repository property", + "properties": { + "name": { + "type": "string", + "description": "The name of the repository property to target" + }, + "property_values": { + "type": "array", + "description": "The values to match for the repository property", + "items": { + "type": "string" + } + }, + "source": { + "type": "string", + "description": "The source of the repository property. Defaults to 'custom' if not specified.", + "enum": [ + "custom", + "system" + ] + } + }, + "required": [ + "name", + "property_values" + ] + } + } + } + } + }, + "required": [ + "repository_property" + ] + } + ] + } + ] + }, + "rules": { + "type": "array", + "description": "An array of rules within the ruleset.", + "items": { + "title": "Repository Rule", + "type": "object", + "description": "A repository rule.", + "oneOf": [ + { + "title": "creation", + "description": "Only allow users with bypass permission to create matching refs.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "creation" + ] + } + } + }, + { + "title": "update", + "description": "Only allow users with bypass permission to update matching refs.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "update" + ] + }, + "parameters": { + "type": "object", + "properties": { + "update_allows_fetch_and_merge": { + "type": "boolean", + "description": "Branch can pull changes from its upstream repository" + } + }, + "required": [ + "update_allows_fetch_and_merge" + ] + } + } + }, + { + "title": "deletion", + "description": "Only allow users with bypass permissions to delete matching refs.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "deletion" + ] + } + } + }, + { + "title": "required_linear_history", + "description": "Prevent merge commits from being pushed to matching refs.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "required_linear_history" + ] + } + } + }, + { + "title": "required_deployments", + "description": "Choose which environments must be successfully deployed to before refs can be pushed into a ref that matches this rule.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "required_deployments" + ] + }, + "parameters": { + "type": "object", + "properties": { + "required_deployment_environments": { + "type": "array", + "description": "The environments that must be successfully deployed to before branches can be merged.", + "items": { + "type": "string" + } + } + }, + "required": [ + "required_deployment_environments" + ] + } + } + }, + { + "title": "required_signatures", + "description": "Commits pushed to matching refs must have verified signatures.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "required_signatures" + ] + } + } + }, + { + "title": "pull_request", + "description": "Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "pull_request" + ] + }, + "parameters": { + "type": "object", + "properties": { + "allowed_merge_methods": { + "type": "array", + "description": "Array of allowed merge methods. Allowed values include `merge`, `squash`, and `rebase`. At least one option must be enabled.", + "items": { + "type": "string", + "enum": [ + "merge", + "squash", + "rebase" + ] + } + }, + "dismiss_stale_reviews_on_push": { + "type": "boolean", + "description": "New, reviewable commits pushed will dismiss previous pull request review approvals." + }, + "require_code_owner_review": { + "type": "boolean", + "description": "Require an approving review in pull requests that modify files that have a designated code owner." + }, + "require_last_push_approval": { + "type": "boolean", + "description": "Whether the most recent reviewable push must be approved by someone other than the person who pushed it." + }, + "required_approving_review_count": { + "type": "integer", + "description": "The number of approving reviews that are required before a pull request can be merged.", + "minimum": 0, + "maximum": 10 + }, + "required_review_thread_resolution": { + "type": "boolean", + "description": "All conversations on code must be resolved before a pull request can be merged." + }, + "required_reviewers": { + "type": "array", + "description": "> [!NOTE]\n> `required_reviewers` is in beta and subject to change.\n\nA collection of reviewers and associated file patterns. Each reviewer has a list of file patterns which determine the files that reviewer is required to review.", + "items": { + "title": "RequiredReviewerConfiguration", + "description": "A reviewing team, and file patterns describing which files they must approve changes to.", + "type": "object", + "properties": { + "file_patterns": { + "type": "array", + "description": "Array of file patterns. Pull requests which change matching files must be approved by the specified team. File patterns use fnmatch syntax.", + "items": { + "type": "string" + } + }, + "minimum_approvals": { + "type": "integer", + "description": "Minimum number of approvals required from the specified team. If set to zero, the team will be added to the pull request but approval is optional." + }, + "reviewer": { + "title": "Reviewer", + "description": "A required reviewing team", + "type": "object", + "properties": { + "id": { + "type": "integer", + "description": "ID of the reviewer which must review changes to matching files." + }, + "type": { + "type": "string", + "description": "The type of the reviewer", + "enum": [ + "Team" + ] + } + }, + "required": [ + "id", + "type" + ] + } + }, + "required": [ + "file_patterns", + "minimum_approvals", + "reviewer" + ] + } + } + }, + "required": [ + "dismiss_stale_reviews_on_push", + "require_code_owner_review", + "require_last_push_approval", + "required_approving_review_count", + "required_review_thread_resolution" + ] + } + } + }, + { + "title": "required_status_checks", + "description": "Choose which status checks must pass before the ref is updated. When enabled, commits must first be pushed to another ref where the checks pass.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "required_status_checks" + ] + }, + "parameters": { + "type": "object", + "properties": { + "do_not_enforce_on_create": { + "type": "boolean", + "description": "Allow repositories and branches to be created if a check would otherwise prohibit it." + }, + "required_status_checks": { + "type": "array", + "description": "Status checks that are required.", + "items": { + "title": "StatusCheckConfiguration", + "description": "Required status check", + "type": "object", + "properties": { + "context": { + "type": "string", + "description": "The status check context name that must be present on the commit." + }, + "integration_id": { + "type": "integer", + "description": "The optional integration ID that this status check must originate from." + } + }, + "required": [ + "context" + ] + } + }, + "strict_required_status_checks_policy": { + "type": "boolean", + "description": "Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled." + } + }, + "required": [ + "required_status_checks", + "strict_required_status_checks_policy" + ] + } + } + }, + { + "title": "non_fast_forward", + "description": "Prevent users with push access from force pushing to refs.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "non_fast_forward" + ] + } + } + }, + { + "title": "commit_message_pattern", + "description": "Parameters to be used for the commit_message_pattern rule", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "commit_message_pattern" + ] + }, + "parameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "How this rule appears when configuring it." + }, + "negate": { + "type": "boolean", + "description": "If true, the rule will fail if the pattern matches." + }, + "operator": { + "type": "string", + "description": "The operator to use for matching.", + "enum": [ + "starts_with", + "ends_with", + "contains", + "regex" + ] + }, + "pattern": { + "type": "string", + "description": "The pattern to match with." + } + }, + "required": [ + "operator", + "pattern" + ] + } + } + }, + { + "title": "commit_author_email_pattern", + "description": "Parameters to be used for the commit_author_email_pattern rule", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "commit_author_email_pattern" + ] + }, + "parameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "How this rule appears when configuring it." + }, + "negate": { + "type": "boolean", + "description": "If true, the rule will fail if the pattern matches." + }, + "operator": { + "type": "string", + "description": "The operator to use for matching.", + "enum": [ + "starts_with", + "ends_with", + "contains", + "regex" + ] + }, + "pattern": { + "type": "string", + "description": "The pattern to match with." + } + }, + "required": [ + "operator", + "pattern" + ] + } + } + }, + { + "title": "committer_email_pattern", + "description": "Parameters to be used for the committer_email_pattern rule", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "committer_email_pattern" + ] + }, + "parameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "How this rule appears when configuring it." + }, + "negate": { + "type": "boolean", + "description": "If true, the rule will fail if the pattern matches." + }, + "operator": { + "type": "string", + "description": "The operator to use for matching.", + "enum": [ + "starts_with", + "ends_with", + "contains", + "regex" + ] + }, + "pattern": { + "type": "string", + "description": "The pattern to match with." + } + }, + "required": [ + "operator", + "pattern" + ] + } + } + }, + { + "title": "branch_name_pattern", + "description": "Parameters to be used for the branch_name_pattern rule", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "branch_name_pattern" + ] + }, + "parameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "How this rule appears when configuring it." + }, + "negate": { + "type": "boolean", + "description": "If true, the rule will fail if the pattern matches." + }, + "operator": { + "type": "string", + "description": "The operator to use for matching.", + "enum": [ + "starts_with", + "ends_with", + "contains", + "regex" + ] + }, + "pattern": { + "type": "string", + "description": "The pattern to match with." + } + }, + "required": [ + "operator", + "pattern" + ] + } + } + }, + { + "title": "tag_name_pattern", + "description": "Parameters to be used for the tag_name_pattern rule", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "tag_name_pattern" + ] + }, + "parameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "How this rule appears when configuring it." + }, + "negate": { + "type": "boolean", + "description": "If true, the rule will fail if the pattern matches." + }, + "operator": { + "type": "string", + "description": "The operator to use for matching.", + "enum": [ + "starts_with", + "ends_with", + "contains", + "regex" + ] + }, + "pattern": { + "type": "string", + "description": "The pattern to match with." + } + }, + "required": [ + "operator", + "pattern" + ] + } + } + }, + { + "title": "file_path_restriction", + "description": "Prevent commits that include changes in specified file and folder paths from being pushed to the commit graph. This includes absolute paths that contain file names.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "file_path_restriction" + ] + }, + "parameters": { + "type": "object", + "properties": { + "restricted_file_paths": { + "type": "array", + "description": "The file paths that are restricted from being pushed to the commit graph.", + "items": { + "type": "string" + } + } + }, + "required": [ + "restricted_file_paths" + ] + } + } + }, + { + "title": "max_file_path_length", + "description": "Prevent commits that include file paths that exceed the specified character limit from being pushed to the commit graph.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "max_file_path_length" + ] + }, + "parameters": { + "type": "object", + "properties": { + "max_file_path_length": { + "type": "integer", + "description": "The maximum amount of characters allowed in file paths.", + "minimum": 1, + "maximum": 32767 + } + }, + "required": [ + "max_file_path_length" + ] + } + } + }, + { + "title": "file_extension_restriction", + "description": "Prevent commits that include files with specified file extensions from being pushed to the commit graph.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "file_extension_restriction" + ] + }, + "parameters": { + "type": "object", + "properties": { + "restricted_file_extensions": { + "type": "array", + "description": "The file extensions that are restricted from being pushed to the commit graph.", + "items": { + "type": "string" + } + } + }, + "required": [ + "restricted_file_extensions" + ] + } + } + }, + { + "title": "max_file_size", + "description": "Prevent commits with individual files that exceed the specified limit from being pushed to the commit graph.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "max_file_size" + ] + }, + "parameters": { + "type": "object", + "properties": { + "max_file_size": { + "type": "integer", + "description": "The maximum file size allowed in megabytes. This limit does not apply to Git Large File Storage (Git LFS).", + "minimum": 1, + "maximum": 100 + } + }, + "required": [ + "max_file_size" + ] + } + } + }, + { + "title": "workflows", + "description": "Require all changes made to a targeted branch to pass the specified workflows before they can be merged.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "workflows" + ] + }, + "parameters": { + "type": "object", + "properties": { + "do_not_enforce_on_create": { + "type": "boolean", + "description": "Allow repositories and branches to be created if a check would otherwise prohibit it." + }, + "workflows": { + "type": "array", + "description": "Workflows that must pass for this rule to pass.", + "items": { + "title": "WorkflowFileReference", + "description": "A workflow that must run for this rule to pass", + "type": "object", + "properties": { + "path": { + "type": "string", + "description": "The path to the workflow file" + }, + "ref": { + "type": "string", + "description": "The ref (branch or tag) of the workflow file to use" + }, + "repository_id": { + "type": "integer", + "description": "The ID of the repository where the workflow is defined" + }, + "sha": { + "type": "string", + "description": "The commit SHA of the workflow file to use" + } + }, + "required": [ + "path", + "repository_id" + ] + } + } + }, + "required": [ + "workflows" + ] + } + } + }, + { + "title": "code_scanning", + "description": "Choose which tools must provide code scanning results before the reference is updated. When configured, code scanning must be enabled and have results for both the commit and the reference being updated.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "code_scanning" + ] + }, + "parameters": { + "type": "object", + "properties": { + "code_scanning_tools": { + "type": "array", + "description": "Tools that must provide code scanning results for this rule to pass.", + "items": { + "title": "CodeScanningTool", + "description": "A tool that must provide code scanning results for this rule to pass.", + "type": "object", + "properties": { + "alerts_threshold": { + "type": "string", + "description": "The severity level at which code scanning results that raise alerts block a reference update. For more information on alert severity levels, see \"[About code scanning alerts](https://docs.github.com/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels).\"", + "enum": [ + "none", + "errors", + "errors_and_warnings", + "all" + ] + }, + "security_alerts_threshold": { + "type": "string", + "description": "The severity level at which code scanning results that raise security alerts block a reference update. For more information on security severity levels, see \"[About code scanning alerts](https://docs.github.com/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels).\"", + "enum": [ + "none", + "critical", + "high_or_higher", + "medium_or_higher", + "all" + ] + }, + "tool": { + "type": "string", + "description": "The name of a code scanning tool" + } + }, + "required": [ + "alerts_threshold", + "security_alerts_threshold", + "tool" + ] + } + } + }, + "required": [ + "code_scanning_tools" + ] + } + } + }, + { + "title": "copilot_code_review", + "description": "Request Copilot code review for new pull requests automatically if the author has access to Copilot code review and their premium requests quota has not reached the limit.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "copilot_code_review" + ] + }, + "parameters": { + "type": "object", + "properties": { + "review_draft_pull_requests": { + "type": "boolean", + "description": "Copilot automatically reviews draft pull requests before they are marked as ready for review." + }, + "review_on_push": { + "type": "boolean", + "description": "Copilot automatically reviews each new push to the pull request." + } + } + } + } + } + ] + } + } + }, + "required": [ + "name", + "enforcement" + ] + }, + "EnvironmentsSettings": { + "description": "A deployment environment configuration entry", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "The name of the deployment environment", + "type": "string" + }, + "wait_timer": { + "description": "The amount of time to delay a job after the job is initially triggered (in minutes)", + "type": "integer" + }, + "reviewers": { + "description": "The people or teams that may review jobs that reference the environment", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of reviewer (`User` or `Team`)", + "type": "string" + }, + "id": { + "description": "The id of the user or team who can review the deployment", + "type": "integer" + } + } + } + }, + "deployment_branch_policy": { + "description": "The type of deployment branch policy for this environment", + "type": "object", + "properties": { + "protected_branches": { + "description": "Whether only protected branches can be deployed to this environment", + "type": "boolean" + }, + "custom_branch_policies": { + "description": "Whether only branches that match the specified name patterns can deploy to this environment", + "type": "boolean" + } + } + }, + "prevent_self_review": { + "description": "Whether or not a user who created the job is prevented from approving their own job", + "type": "boolean" + } + } + }, + "CustomPropertiesSettings": { + "description": "A custom property entry", + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, + "VariablesSettings": { + "description": "An Actions variable entry", + "type": "object", + "required": [ + "name", + "value" + ], + "properties": { + "name": { + "description": "The name of the variable", + "type": "string" + }, + "value": { + "description": "The value of the variable", + "type": "string" + }, + "visibility": { + "description": "The visibility of the variable. Can be `all`, `private`, or `selected`", + "type": "string", + "enum": [ + "all", + "private", + "selected" + ] + } + } + } + } +} \ No newline at end of file diff --git a/schema/repos.json b/schema/repos.json new file mode 100644 index 000000000..3a7c51301 --- /dev/null +++ b/schema/repos.json @@ -0,0 +1,324 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "title": "Safe-settings repo-level configuration", + "description": "Schema for .github/repos/{repo-name}.yml — repo-level safe-settings override configuration. Settings here are merged on top of org-level and suborg-level settings for the specific repository.", + "type": "object", + "properties": { + "repositories": { + "$ref": "#/$defs/RepositorySettings" + }, + "labels": { + "$ref": "#/$defs/LabelSettings" + }, + "collaborators": { + "description": "Collaborators: give specific users access to any repository.", + "type": "array", + "items": { + "$ref": "#/$defs/CollaboratorSettings" + } + }, + "teams": { + "description": "Teams", + "type": "array", + "items": { + "$ref": "#/$defs/TeamSettings" + } + }, + "milestones": { + "description": "Milestones: define milestones for Issues and Pull Requests", + "type": "array", + "items": { + "$ref": "#/$defs/MilestoneSettings" + } + }, + "branches": { + "description": "Branch protection rules", + "type": "array", + "items": { + "$ref": "#/$defs/BranchSettings" + } + }, + "autolinks": { + "description": "Autolinks", + "type": "array", + "items": { + "$ref": "#/$defs/AutolinkSettings" + } + }, + "validator": { + "$ref": "#/$defs/ValidatorSettings" + }, + "environments": { + "description": "Deployment environments", + "type": "array", + "items": { + "$ref": "#/$defs/EnvironmentsSettings" + } + }, + "custom_properties": { + "description": "Custom properties", + "type": "array", + "items": { + "$ref": "#/$defs/CustomPropertiesSettings" + } + }, + "variables": { + "description": "Repository or org-level Actions variables", + "type": "array", + "items": { + "$ref": "#/$defs/VariablesSettings" + } + } + }, + "$defs": { + "RepositorySettings": { + "description": "Repository settings", + "allOf": [ + { + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}/patch/requestBody/content/application~1json/schema" + }, + { + "type": "object", + "properties": { + "auto_init": { + "description": "Create an initial commit with empty README. Keep this set to true in most cases since many of the policies below cannot be implemented on bare repos", + "type": "boolean" + }, + "gitignore_template": { + "description": "Desired language or platform [.gitignore template](https://github.com/github/gitignore) to apply. Use the name of the template without the extension. For example, 'Haskell'.", + "type": "string" + }, + "license_template": { + "description": "Choose an [open source license template](https://choosealicense.com/) that best suits your needs, and then use the [license keyword](https://help.github.com/articles/licensing-a-repository/#searching-github-by-license-type) as the `license_template` string. For example, 'mit' or 'mpl-2.0'.", + "type": "string" + }, + "topics": { + "description": "A list of topics to set on the repository", + "type": "array", + "items": { + "type": "string" + } + }, + "security": { + "description": "Settings for Code security and analysis", + "type": "object", + "properties": { + "enableVulnerabilityAlerts": { + "type": "boolean" + }, + "enableAutomatedSecurityFixes": { + "type": "boolean" + } + } + }, + "force_create": { + "description": "If true, create the repository if it does not already exist.", + "type": "boolean" + }, + "template": { + "description": "Name of a template repository to use when creating a new repository.", + "type": "string" + } + } + } + ] + }, + "LabelSettings": { + "description": "Labels: define labels for Issues and Pull Requests", + "type": "object", + "properties": { + "include": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "color": { + "description": "The hexadecimal color code for the label. If including a `#`, make sure to wrap it with quotes!", + "type": "string" + }, + "description": { + "type": "string" + }, + "oldname": { + "description": "Include the old name to rename an existing label", + "type": "string" + } + } + } + }, + "exclude": { + "description": "Ignore any labels matching these regexes (don't delete them)", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "CollaboratorSettings": { + "description": "A collaborator entry giving a specific user access to a repository.", + "allOf": [ + { + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}~1collaborators~1{username}/put/requestBody/content/application~1json/schema" + }, + { + "type": "object", + "properties": { + "username": { + "type": "string" + }, + "exclude": { + "description": "You can exclude a list of repos for this collaborator and all repos except these repos would have this collaborator", + "type": "array", + "items": { + "type": "string" + } + }, + "include": { + "description": "You can include a list of repos for this collaborator and only those repos would have this collaborator", + "type": "array", + "items": { + "type": "string" + } + } + } + } + ] + }, + "TeamSettings": { + "description": "A team entry", + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1orgs~1{org}~1teams/post/requestBody/content/application~1json/schema" + }, + "MilestoneSettings": { + "description": "A milestone entry", + "type": "object", + "properties": { + "title": { + "type": "string" + }, + "description": { + "type": "string" + }, + "state": { + "description": "The state of the milestone. Either `open` or `closed`", + "type": "string" + } + } + }, + "BranchSettings": { + "description": "A branch protection rule entry", + "type": "object", + "properties": { + "name": { + "description": "If the name of the branch value is specified as `default`, then the app will create a branch protection rule to apply against the default branch in the repo", + "type": "string" + }, + "protection": { + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}~1branches~1{branch}~1protection/put/requestBody/content/application~1json/schema" + } + } + }, + "AutolinkSettings": { + "description": "An autolink reference entry", + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}~1autolinks/post/requestBody/content/application~1json/schema" + }, + "ValidatorSettings": { + "description": "Repository name validation", + "type": "object", + "properties": { + "pattern": { + "type": "string" + } + } + }, + "RulesetSettings": { + "description": "A ruleset entry", + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1orgs~1{org}~1rulesets/post/requestBody/content/application~1json/schema" + }, + "EnvironmentsSettings": { + "description": "A deployment environment configuration entry", + "type": "object", + "required": ["name"], + "properties": { + "name": { + "description": "The name of the deployment environment", + "type": "string" + }, + "wait_timer": { + "description": "The amount of time to delay a job after the job is initially triggered (in minutes)", + "type": "integer" + }, + "reviewers": { + "description": "The people or teams that may review jobs that reference the environment", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of reviewer (`User` or `Team`)", + "type": "string" + }, + "id": { + "description": "The id of the user or team who can review the deployment", + "type": "integer" + } + } + } + }, + "deployment_branch_policy": { + "description": "The type of deployment branch policy for this environment", + "type": "object", + "properties": { + "protected_branches": { + "description": "Whether only protected branches can be deployed to this environment", + "type": "boolean" + }, + "custom_branch_policies": { + "description": "Whether only branches that match the specified name patterns can deploy to this environment", + "type": "boolean" + } + } + }, + "prevent_self_review": { + "description": "Whether or not a user who created the job is prevented from approving their own job", + "type": "boolean" + } + } + }, + "CustomPropertiesSettings": { + "description": "A custom property entry", + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, + "VariablesSettings": { + "description": "An Actions variable entry", + "type": "object", + "required": ["name", "value"], + "properties": { + "name": { + "description": "The name of the variable", + "type": "string" + }, + "value": { + "description": "The value of the variable", + "type": "string" + }, + "visibility": { + "description": "The visibility of the variable. Can be `all`, `private`, or `selected`", + "type": "string", + "enum": ["all", "private", "selected"] + } + } + } + } +} diff --git a/schema/settings.json b/schema/settings.json index 8c8a53c81..a1d1c0672 100644 --- a/schema/settings.json +++ b/schema/settings.json @@ -1,8 +1,85 @@ { "$schema": "https://json-schema.org/draft/2020-12/schema", + "title": "Safe-settings org-level configuration", + "description": "Schema for .github/settings.yml — org-level safe-settings configuration", "type": "object", "properties": { "repositories": { + "$ref": "#/$defs/RepositorySettings" + }, + "labels": { + "$ref": "#/$defs/LabelSettings" + }, + "collaborators": { + "description": "Collaborators: give specific users access to any repository.", + "type": "array", + "items": { + "$ref": "#/$defs/CollaboratorSettings" + } + }, + "teams": { + "description": "Teams", + "type": "array", + "items": { + "$ref": "#/$defs/TeamSettings" + } + }, + "milestones": { + "description": "Milestones: define milestones for Issues and Pull Requests", + "type": "array", + "items": { + "$ref": "#/$defs/MilestoneSettings" + } + }, + "branches": { + "description": "Branch protection rules", + "type": "array", + "items": { + "$ref": "#/$defs/BranchSettings" + } + }, + "autolinks": { + "description": "Autolinks", + "type": "array", + "items": { + "$ref": "#/$defs/AutolinkSettings" + } + }, + "validator": { + "$ref": "#/$defs/ValidatorSettings" + }, + "rulesets": { + "description": "Rulesets. Org-level only — rulesets defined here apply to the organization and are NOT inherited by suborg or repo override files.", + "type": "array", + "items": { + "$ref": "#/$defs/RulesetSettings" + } + }, + "environments": { + "description": "Deployment environments", + "type": "array", + "items": { + "$ref": "#/$defs/EnvironmentsSettings" + } + }, + "custom_properties": { + "description": "Custom properties", + "type": "array", + "items": { + "$ref": "#/$defs/CustomPropertiesSettings" + } + }, + "variables": { + "description": "Repository or org-level Actions variables", + "type": "array", + "items": { + "$ref": "#/$defs/VariablesSettings" + } + } + }, + "$defs": { + "RepositorySettings": { + "description": "Repository settings", "allOf": [ { "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}/patch/requestBody/content/application~1json/schema" @@ -40,12 +117,20 @@ "type": "boolean" } } + }, + "force_create": { + "description": "Force create the repository even if it already exists", + "type": "boolean" + }, + "template": { + "description": "Name of a template repository to use when creating the repository", + "type": "string" } } } ] }, - "labels": { + "LabelSettings": { "description": "Labels: define labels for Issues and Pull Requests", "type": "object", "properties": { @@ -80,117 +165,167 @@ } } }, - "milestones": { - "description": "Milestones: define milestones for Issues and Pull Requests", - "type": "array", - "items": { - "type": "object", - "properties": { - "title": { - "type": "string" - }, - "description": { - "type": "string" - }, - "state": { - "description": "The state of the milestone. Either `open` or `closed`", - "type": "string" + "CollaboratorSettings": { + "description": "A collaborator entry giving a specific user access to a repository.", + "allOf": [ + { + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}~1collaborators~1{username}/put/requestBody/content/application~1json/schema" + }, + { + "type": "object", + "properties": { + "username": { + "type": "string" + }, + "exclude": { + "description": "You can exclude a list of repos for this collaborator and all repos except these repos would have this collaborator", + "type": "array", + "items": { + "type": "string" + } + }, + "include": { + "description": "You can include a list of repos for this collaborator and only those repos would have this collaborator", + "type": "array", + "items": { + "type": "string" + } + } } } + ] + }, + "TeamSettings": { + "description": "A team entry", + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1orgs~1{org}~1teams/post/requestBody/content/application~1json/schema" + }, + "MilestoneSettings": { + "description": "A milestone entry", + "type": "object", + "properties": { + "title": { + "type": "string" + }, + "description": { + "type": "string" + }, + "state": { + "description": "The state of the milestone. Either `open` or `closed`", + "type": "string" + } } }, - "collaborators": { - "description": "Collaborators: give specific users access to any repository.", - "type": "array", - "items": { - "allOf": [ - { - "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}~1collaborators~1{username}/put/requestBody/content/application~1json/schema" - }, - { + "BranchSettings": { + "description": "A branch protection rule entry", + "type": "object", + "properties": { + "name": { + "description": "If the name of the branch value is specified as `default`, then the app will create a branch protection rule to apply against the default branch in the repo", + "type": "string" + }, + "protection": { + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}~1branches~1{branch}~1protection/put/requestBody/content/application~1json/schema" + } + } + }, + "AutolinkSettings": { + "description": "An autolink reference entry", + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}~1autolinks/post/requestBody/content/application~1json/schema" + }, + "ValidatorSettings": { + "description": "Repository name validation", + "type": "object", + "properties": { + "pattern": { + "type": "string" + } + } + }, + "RulesetSettings": { + "description": "A ruleset entry", + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1orgs~1{org}~1rulesets/post/requestBody/content/application~1json/schema" + }, + "EnvironmentsSettings": { + "description": "A deployment environment configuration entry", + "type": "object", + "required": ["name"], + "properties": { + "name": { + "description": "The name of the deployment environment", + "type": "string" + }, + "wait_timer": { + "description": "The amount of time to delay a job after the job is initially triggered (in minutes)", + "type": "integer" + }, + "reviewers": { + "description": "The people or teams that may review jobs that reference the environment", + "type": "array", + "items": { "type": "object", "properties": { - "username": { + "type": { + "description": "The type of reviewer (`User` or `Team`)", "type": "string" }, - "exclude": { - "description": "You can exclude a list of repos for this collaborator and all repos except these repos would have this collaborator", - "type": "array", - "items": { - "type": "string" - } - }, - "include": { - "description": "You can include a list of repos for this collaborator and only those repos would have this collaborator", - "type": "array", - "items": { - "type": "string" - } + "id": { + "description": "The id of the user or team who can review the deployment", + "type": "integer" } } } - ] - } - }, - "teams": { - "description": "Teams", - "type": "array", - "items": { - "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1orgs~1{org}~1teams/post/requestBody/content/application~1json/schema" - } - }, - "branches": { - "description": "Branch protection rules", - "type": "array", - "items": { - "properties": { - "name": { - "description": "If the name of the branch value is specified as `default`, then the app will create a branch protection rule to apply against the default branch in the repo", - "type": "string" - }, - "protection": { - "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}~1branches~1{branch}~1protection/put/requestBody/content/application~1json/schema" + }, + "deployment_branch_policy": { + "description": "The type of deployment branch policy for this environment", + "type": "object", + "properties": { + "protected_branches": { + "description": "Whether only protected branches can be deployed to this environment", + "type": "boolean" + }, + "custom_branch_policies": { + "description": "Whether only branches that match the specified name patterns can deploy to this environment", + "type": "boolean" + } } + }, + "prevent_self_review": { + "description": "Whether or not a user who created the job is prevented from approving their own job", + "type": "boolean" } } }, - "custom_properties": { - "description": "Custom properties", - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } + "CustomPropertiesSettings": { + "description": "A custom property entry", + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" } } }, - "autolinks": { - "description": "Autolinks", - "type": "array", - "items": { - "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}~1autolinks/post/requestBody/content/application~1json/schema" - } - }, - "validator": { - "description": "Repository name validation", + "VariablesSettings": { + "description": "An Actions variable entry", "type": "object", + "required": ["name", "value"], "properties": { - "pattern": { + "name": { + "description": "The name of the variable", "type": "string" + }, + "value": { + "description": "The value of the variable", + "type": "string" + }, + "visibility": { + "description": "The visibility of the variable. Can be `all`, `private`, or `selected`", + "type": "string", + "enum": ["all", "private", "selected"] } } - }, - "rulesets": { - "description": "Rulesets", - "type": "array", - "items": { - "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1orgs~1{org}~1rulesets/post/requestBody/content/application~1json/schema" - } } } } diff --git a/schema/suborgs.json b/schema/suborgs.json new file mode 100644 index 000000000..3a3c79def --- /dev/null +++ b/schema/suborgs.json @@ -0,0 +1,358 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "title": "Safe-settings suborg-level configuration", + "description": "Schema for .github/suborgs/*.yml — suborg-level safe-settings configuration. Defines which repos belong to the suborg and what settings to apply.", + "type": "object", + "properties": { + "suborgrepos": { + "type": "array", + "description": "Glob patterns matching repository names. Repos whose names match any pattern are included in this suborg.", + "items": { + "type": "string" + } + }, + "suborgteams": { + "type": "array", + "description": "Team slugs. Repos that belong to any of these teams are included in this suborg.", + "items": { + "type": "string" + } + }, + "suborgproperties": { + "type": "array", + "description": "Custom property filters. Repos with matching custom property values are included in this suborg.", + "items": { + "type": "object", + "properties": { + "property_name": { + "type": "string", + "description": "The name of the custom property" + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Accepted values for this property" + } + } + } + }, + "repositories": { + "$ref": "#/$defs/RepositorySettings" + }, + "labels": { + "$ref": "#/$defs/LabelSettings" + }, + "collaborators": { + "description": "Collaborators: give specific users access to any repository.", + "type": "array", + "items": { + "$ref": "#/$defs/CollaboratorSettings" + } + }, + "teams": { + "description": "Teams", + "type": "array", + "items": { + "$ref": "#/$defs/TeamSettings" + } + }, + "milestones": { + "description": "Milestones: define milestones for Issues and Pull Requests", + "type": "array", + "items": { + "$ref": "#/$defs/MilestoneSettings" + } + }, + "branches": { + "description": "Branch protection rules", + "type": "array", + "items": { + "$ref": "#/$defs/BranchSettings" + } + }, + "autolinks": { + "description": "Autolinks", + "type": "array", + "items": { + "$ref": "#/$defs/AutolinkSettings" + } + }, + "validator": { + "$ref": "#/$defs/ValidatorSettings" + }, + "environments": { + "description": "Deployment environments", + "type": "array", + "items": { + "$ref": "#/$defs/EnvironmentsSettings" + } + }, + "custom_properties": { + "description": "Custom properties", + "type": "array", + "items": { + "$ref": "#/$defs/CustomPropertiesSettings" + } + }, + "variables": { + "description": "Repository or org-level Actions variables", + "type": "array", + "items": { + "$ref": "#/$defs/VariablesSettings" + } + } + }, + "$defs": { + "RepositorySettings": { + "description": "Repository settings. Use force_create to create the repository if it does not exist, and template to specify a template repository to use when creating it.", + "allOf": [ + { + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}/patch/requestBody/content/application~1json/schema" + }, + { + "type": "object", + "properties": { + "auto_init": { + "description": "Create an initial commit with empty README. Keep this set to true in most cases since many of the policies below cannot be implemented on bare repos", + "type": "boolean" + }, + "gitignore_template": { + "description": "Desired language or platform [.gitignore template](https://github.com/github/gitignore) to apply. Use the name of the template without the extension. For example, 'Haskell'.", + "type": "string" + }, + "license_template": { + "description": "Choose an [open source license template](https://choosealicense.com/) that best suits your needs, and then use the [license keyword](https://help.github.com/articles/licensing-a-repository/#searching-github-by-license-type) as the `license_template` string. For example, 'mit' or 'mpl-2.0'.", + "type": "string" + }, + "topics": { + "description": "A list of topics to set on the repository", + "type": "array", + "items": { + "type": "string" + } + }, + "security": { + "description": "Settings for Code security and analysis", + "type": "object", + "properties": { + "enableVulnerabilityAlerts": { + "type": "boolean" + }, + "enableAutomatedSecurityFixes": { + "type": "boolean" + } + } + }, + "force_create": { + "description": "If true, create the repository if it does not already exist.", + "type": "boolean" + }, + "template": { + "description": "Name of a template repository to use when creating a new repository.", + "type": "string" + } + } + } + ] + }, + "LabelSettings": { + "description": "Labels: define labels for Issues and Pull Requests", + "type": "object", + "properties": { + "include": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "color": { + "description": "The hexadecimal color code for the label. If including a `#`, make sure to wrap it with quotes!", + "type": "string" + }, + "description": { + "type": "string" + }, + "oldname": { + "description": "Include the old name to rename an existing label", + "type": "string" + } + } + } + }, + "exclude": { + "description": "Ignore any labels matching these regexes (don't delete them)", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "CollaboratorSettings": { + "description": "A collaborator entry giving a specific user access to a repository.", + "allOf": [ + { + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}~1collaborators~1{username}/put/requestBody/content/application~1json/schema" + }, + { + "type": "object", + "properties": { + "username": { + "type": "string" + }, + "exclude": { + "description": "You can exclude a list of repos for this collaborator and all repos except these repos would have this collaborator", + "type": "array", + "items": { + "type": "string" + } + }, + "include": { + "description": "You can include a list of repos for this collaborator and only those repos would have this collaborator", + "type": "array", + "items": { + "type": "string" + } + } + } + } + ] + }, + "TeamSettings": { + "description": "A team entry", + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1orgs~1{org}~1teams/post/requestBody/content/application~1json/schema" + }, + "MilestoneSettings": { + "description": "A milestone entry", + "type": "object", + "properties": { + "title": { + "type": "string" + }, + "description": { + "type": "string" + }, + "state": { + "description": "The state of the milestone. Either `open` or `closed`", + "type": "string" + } + } + }, + "BranchSettings": { + "description": "A branch protection rule entry", + "type": "object", + "properties": { + "name": { + "description": "If the name of the branch value is specified as `default`, then the app will create a branch protection rule to apply against the default branch in the repo", + "type": "string" + }, + "protection": { + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}~1branches~1{branch}~1protection/put/requestBody/content/application~1json/schema" + } + } + }, + "AutolinkSettings": { + "description": "An autolink reference entry", + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1repos~1{owner}~1{repo}~1autolinks/post/requestBody/content/application~1json/schema" + }, + "ValidatorSettings": { + "description": "Repository name validation", + "type": "object", + "properties": { + "pattern": { + "type": "string" + } + } + }, + "RulesetSettings": { + "description": "A ruleset entry", + "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1orgs~1{org}~1rulesets/post/requestBody/content/application~1json/schema" + }, + "EnvironmentsSettings": { + "description": "A deployment environment configuration entry", + "type": "object", + "required": ["name"], + "properties": { + "name": { + "description": "The name of the deployment environment", + "type": "string" + }, + "wait_timer": { + "description": "The amount of time to delay a job after the job is initially triggered (in minutes)", + "type": "integer" + }, + "reviewers": { + "description": "The people or teams that may review jobs that reference the environment", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of reviewer (`User` or `Team`)", + "type": "string" + }, + "id": { + "description": "The id of the user or team who can review the deployment", + "type": "integer" + } + } + } + }, + "deployment_branch_policy": { + "description": "The type of deployment branch policy for this environment", + "type": "object", + "properties": { + "protected_branches": { + "description": "Whether only protected branches can be deployed to this environment", + "type": "boolean" + }, + "custom_branch_policies": { + "description": "Whether only branches that match the specified name patterns can deploy to this environment", + "type": "boolean" + } + } + }, + "prevent_self_review": { + "description": "Whether or not a user who created the job is prevented from approving their own job", + "type": "boolean" + } + } + }, + "CustomPropertiesSettings": { + "description": "A custom property entry", + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, + "VariablesSettings": { + "description": "An Actions variable entry", + "type": "object", + "required": ["name", "value"], + "properties": { + "name": { + "description": "The name of the variable", + "type": "string" + }, + "value": { + "description": "The value of the variable", + "type": "string" + }, + "visibility": { + "description": "The visibility of the variable. Can be `all`, `private`, or `selected`", + "type": "string", + "enum": ["all", "private", "selected"] + } + } + } + } +} diff --git a/script/build-schema b/script/build-schema index 7611d089e..31bb38b82 100755 --- a/script/build-schema +++ b/script/build-schema @@ -1,13 +1,31 @@ #!/usr/bin/env node const $RefParser = require('@apidevtools/json-schema-ref-parser') -const fs = require('node:fs/promises'); +const fs = require('node:fs/promises') +const path = require('node:path') + +const schemas = [ + { src: 'schema/settings.json', dest: 'schema/dereferenced/settings.json' }, + { src: 'schema/suborgs.json', dest: 'schema/dereferenced/suborgs.json' }, + { src: 'schema/repos.json', dest: 'schema/dereferenced/repos.json' } +]; (async () => { - const schema = await fs.readFile('schema/settings.json', 'utf-8').then(JSON.parse) + await fs.mkdir('schema/dereferenced', { recursive: true }) - await $RefParser.dereference(schema) + let hasErrors = false + for (const { src, dest } of schemas) { + try { + const dereferenced = await $RefParser.dereference(path.resolve(src)) + await fs.writeFile(dest, JSON.stringify(dereferenced, null, 2)) + console.log(`Dereferenced ${src} → ${dest}`) + } catch (err) { + console.error(`Error dereferencing ${src}: ${err.message}`) + hasErrors = true + } + } - await fs.mkdir('schema/dereferenced', { recursive: true }) - await fs.writeFile('schema/dereferenced/settings.json', JSON.stringify(schema, null, 2)) + if (hasErrors) { + process.exit(1) + } })().catch(console.error) From 8a5f2ca8d34aa992522a9e43b3b35518c14d71a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Madis=20K=C3=B5osaar?= Date: Mon, 30 Mar 2026 11:07:44 +0300 Subject: [PATCH 6/7] chores: fix branches tests --- docs/sample-settings/sample-deployment-settings.yml | 8 ++++---- test/unit/lib/plugins/branches.test.js | 7 +++++++ 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/docs/sample-settings/sample-deployment-settings.yml b/docs/sample-settings/sample-deployment-settings.yml index 6164d4389..deccd8b44 100644 --- a/docs/sample-settings/sample-deployment-settings.yml +++ b/docs/sample-settings/sample-deployment-settings.yml @@ -27,10 +27,10 @@ overridevalidators: error: | `Branch protection required_approving_review_count cannot be overidden to a lower value` script: | - console.log(`baseConfig ${JSON.stringify(baseconfig)}`) - console.log(`overrideConfig ${JSON.stringify(overrideconfig)}`) - if (baseconfig.protection.required_pull_request_reviews.required_approving_review_count && overrideconfig.protection.required_pull_request_reviews.required_approving_review_count ) { - return overrideconfig.protection.required_pull_request_reviews.required_approving_review_count >= baseconfig.protection.required_pull_request_reviews.required_approving_review_count + const baseCount = baseconfig?.protection?.required_pull_request_reviews?.required_approving_review_count + const overrideCount = overrideconfig?.protection?.required_pull_request_reviews?.required_approving_review_count + if (baseCount && overrideCount) { + return overrideCount >= baseCount } return true - plugin: labels diff --git a/test/unit/lib/plugins/branches.test.js b/test/unit/lib/plugins/branches.test.js index 450ec9939..8b9c61786 100644 --- a/test/unit/lib/plugins/branches.test.js +++ b/test/unit/lib/plugins/branches.test.js @@ -67,6 +67,7 @@ describe('Branches', () => { required_pull_request_reviews: { require_code_owner_reviews: true }, + restrictions: null, headers: { accept: 'application/vnd.github.hellcat-preview+json,application/vnd.github.luke-cage-preview+json,application/vnd.github.zzzax-preview+json' } }) }) @@ -190,6 +191,8 @@ describe('Branches', () => { strict: true, contexts: [] }, + enforce_admins: null, + restrictions: null, headers: { accept: 'application/vnd.github.hellcat-preview+json,application/vnd.github.luke-cage-preview+json,application/vnd.github.zzzax-preview+json' } }) }) @@ -229,6 +232,8 @@ describe('Branches', () => { strict: true, contexts: ['check-1', 'check-2'] }, + enforce_admins: null, + restrictions: null, headers: { accept: 'application/vnd.github.hellcat-preview+json,application/vnd.github.luke-cage-preview+json,application/vnd.github.zzzax-preview+json' } }) }) @@ -267,6 +272,8 @@ describe('Branches', () => { repo: 'test', branch: 'other', enforce_admins: false, + required_status_checks: null, + restrictions: null, headers: { accept: 'application/vnd.github.hellcat-preview+json,application/vnd.github.luke-cage-preview+json,application/vnd.github.zzzax-preview+json' } }) }) From 1c081a1fa202c09c24a48c6c3754e88690bd8501 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Madis=20K=C3=B5osaar?= Date: Tue, 7 Apr 2026 14:10:19 +0300 Subject: [PATCH 7/7] fix(build-schema): enhance schema dereferencing with GitHub API spec --- lib/plugins/branches.js | 27 +- lib/plugins/rulesets.js | 2 +- schema/dereferenced/repos.json | 18 + schema/dereferenced/settings.json | 2118 +++++++++++++++++++++++- schema/dereferenced/suborgs.json | 18 + script/build-schema | 41 +- test/unit/lib/plugins/branches.test.js | 100 +- 7 files changed, 2269 insertions(+), 55 deletions(-) diff --git a/lib/plugins/branches.js b/lib/plugins/branches.js index 710b5578e..d60a20cc3 100644 --- a/lib/plugins/branches.js +++ b/lib/plugins/branches.js @@ -64,7 +64,7 @@ module.exports = class Branches extends ErrorStash { const params = Object.assign({}, p) return this.github.rest.repos.getBranchProtection(params).then((result) => { const mergeDeep = new MergeDeep(this.log, this.github, ignorableFields) - const changes = mergeDeep.compareDeep({ branch: { protection: this.reformatAndReturnBranchProtection(result.data) } }, { branch: { protection: Overrides.removeOverrides(overrides, branch.protection, result.data) } }) + const changes = mergeDeep.compareDeep({ branch: { protection: this.reformatAndReturnBranchProtection(structuredClone(result.data)) } }, { branch: { protection: Overrides.removeOverrides(overrides, branch.protection, result.data) } }) const results = { msg: `Followings changes will be applied to the branch protection for ${params.branch.name} branch`, additions: changes.additions, modifications: changes.modifications, deletions: changes.deletions } this.log.debug(`Result of compareDeep = ${results}`) @@ -81,7 +81,7 @@ module.exports = class Branches extends ErrorStash { resArray.push(new NopCommand(this.constructor.name, this.repo, null, results)) } - Object.assign(params, requiredBranchProtectionDefaults, branch.protection, { headers: previewHeaders }) + Object.assign(params, requiredBranchProtectionDefaults, this.reformatAndReturnBranchProtection(structuredClone(result.data)), Overrides.removeOverrides(overrides, branch.protection, result.data), { headers: previewHeaders }) if (this.nop) { resArray.push(new NopCommand(this.constructor.name, this.repo, this.github.rest.repos.updateBranchProtection.endpoint(params), 'Add Branch Protection')) @@ -131,6 +131,29 @@ module.exports = class Branches extends ErrorStash { protection.required_linear_history = protection.required_linear_history && protection.required_linear_history.enabled protection.enforce_admins = protection.enforce_admins && protection.enforce_admins.enabled protection.required_signatures = protection.required_signatures && protection.required_signatures.enabled + protection.allow_force_pushes = protection.allow_force_pushes && protection.allow_force_pushes.enabled + protection.block_creations = protection.block_creations && protection.block_creations.enabled + protection.lock_branch = protection.lock_branch && protection.lock_branch.enabled + protection.allow_fork_syncing = protection.allow_fork_syncing && protection.allow_fork_syncing.enabled + if (protection.restrictions) { + delete protection.restrictions.url + protection.restrictions.users = Array.isArray(protection.restrictions.users) + ? protection.restrictions.users.map(user => user.login || user) + : [] + protection.restrictions.teams = Array.isArray(protection.restrictions.teams) + ? protection.restrictions.teams.map(team => team.slug || team) + : [] + protection.restrictions.apps = Array.isArray(protection.restrictions.apps) + ? protection.restrictions.apps.map(app => app.slug || app) + : [] + } + if (protection.required_status_checks) { + delete protection.required_status_checks.url + delete protection.required_status_checks.contexts_url + if (Array.isArray(protection.required_status_checks.contexts) && protection.required_status_checks.contexts.length === 0) { + delete protection.required_status_checks.contexts + } + } if (protection.required_pull_request_reviews && !protection.required_pull_request_reviews.bypass_pull_request_allowances) { protection.required_pull_request_reviews.bypass_pull_request_allowances = { apps: [], teams: [], users: [] } } diff --git a/lib/plugins/rulesets.js b/lib/plugins/rulesets.js index ad9a21f05..db9056221 100644 --- a/lib/plugins/rulesets.js +++ b/lib/plugins/rulesets.js @@ -7,7 +7,7 @@ const overrides = { 'required_status_checks': { 'action': 'delete', 'parents': 3, - 'type': 'dict' + 'type': 'array' }, } diff --git a/schema/dereferenced/repos.json b/schema/dereferenced/repos.json index 355285e29..9213456a0 100644 --- a/schema/dereferenced/repos.json +++ b/schema/dereferenced/repos.json @@ -145,6 +145,15 @@ "TEAM", "ROLE" ] + }, + "mode": { + "type": "string", + "description": "The bypass mode for the reviewer", + "enum": [ + "ALWAYS", + "EXEMPT" + ], + "default": "ALWAYS" } } } @@ -957,6 +966,15 @@ "TEAM", "ROLE" ] + }, + "mode": { + "type": "string", + "description": "The bypass mode for the reviewer", + "enum": [ + "ALWAYS", + "EXEMPT" + ], + "default": "ALWAYS" } } } diff --git a/schema/dereferenced/settings.json b/schema/dereferenced/settings.json index 94f353549..5f743c4fe 100644 --- a/schema/dereferenced/settings.json +++ b/schema/dereferenced/settings.json @@ -1,8 +1,11 @@ { "$schema": "https://json-schema.org/draft/2020-12/schema", + "title": "Safe-settings org-level configuration", + "description": "Schema for .github/settings.yml — org-level safe-settings configuration", "type": "object", "properties": { "repositories": { + "description": "Repository settings", "allOf": [ { "type": "object", @@ -142,6 +145,15 @@ "TEAM", "ROLE" ] + }, + "mode": { + "type": "string", + "description": "The bypass mode for the reviewer", + "enum": [ + "ALWAYS", + "EXEMPT" + ], + "default": "ALWAYS" } } } @@ -294,6 +306,14 @@ "type": "boolean" } } + }, + "force_create": { + "description": "Force create the repository even if it already exists", + "type": "boolean" + }, + "template": { + "description": "Name of a template repository to use when creating the repository", + "type": "string" } } } @@ -334,29 +354,11 @@ } } }, - "milestones": { - "description": "Milestones: define milestones for Issues and Pull Requests", - "type": "array", - "items": { - "type": "object", - "properties": { - "title": { - "type": "string" - }, - "description": { - "type": "string" - }, - "state": { - "description": "The state of the milestone. Either `open` or `closed`", - "type": "string" - } - } - } - }, "collaborators": { "description": "Collaborators: give specific users access to any repository.", "type": "array", "items": { + "description": "A collaborator entry giving a specific user access to a repository.", "allOf": [ { "type": "object", @@ -397,6 +399,7 @@ "description": "Teams", "type": "array", "items": { + "description": "A team entry", "type": "object", "properties": { "name": { @@ -447,10 +450,32 @@ ] } }, + "milestones": { + "description": "Milestones: define milestones for Issues and Pull Requests", + "type": "array", + "items": { + "description": "A milestone entry", + "type": "object", + "properties": { + "title": { + "type": "string" + }, + "description": { + "type": "string" + }, + "state": { + "description": "The state of the milestone. Either `open` or `closed`", + "type": "string" + } + } + } + }, "branches": { "description": "Branch protection rules", "type": "array", "items": { + "description": "A branch protection rule entry", + "type": "object", "properties": { "name": { "description": "If the name of the branch value is specified as `default`, then the app will create a branch protection rule to apply against the default branch in the repo", @@ -659,25 +684,11 @@ } } }, - "custom_properties": { - "description": "Custom properties", - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - } - } - }, "autolinks": { "description": "Autolinks", "type": "array", "items": { + "description": "An autolink reference entry", "type": "object", "properties": { "key_prefix": { @@ -710,9 +721,10 @@ } }, "rulesets": { - "description": "Rulesets", + "description": "Rulesets. Org-level only — rulesets defined here apply to the organization and are NOT inherited by suborg or repo override files.", "type": "array", "items": { + "description": "A ruleset entry", "type": "object", "properties": { "name": { @@ -1855,6 +1867,2042 @@ "enforcement" ] } + }, + "environments": { + "description": "Deployment environments", + "type": "array", + "items": { + "description": "A deployment environment configuration entry", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "The name of the deployment environment", + "type": "string" + }, + "wait_timer": { + "description": "The amount of time to delay a job after the job is initially triggered (in minutes)", + "type": "integer" + }, + "reviewers": { + "description": "The people or teams that may review jobs that reference the environment", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of reviewer (`User` or `Team`)", + "type": "string" + }, + "id": { + "description": "The id of the user or team who can review the deployment", + "type": "integer" + } + } + } + }, + "deployment_branch_policy": { + "description": "The type of deployment branch policy for this environment", + "type": "object", + "properties": { + "protected_branches": { + "description": "Whether only protected branches can be deployed to this environment", + "type": "boolean" + }, + "custom_branch_policies": { + "description": "Whether only branches that match the specified name patterns can deploy to this environment", + "type": "boolean" + } + } + }, + "prevent_self_review": { + "description": "Whether or not a user who created the job is prevented from approving their own job", + "type": "boolean" + } + } + } + }, + "custom_properties": { + "description": "Custom properties", + "type": "array", + "items": { + "description": "A custom property entry", + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + }, + "variables": { + "description": "Repository or org-level Actions variables", + "type": "array", + "items": { + "description": "An Actions variable entry", + "type": "object", + "required": [ + "name", + "value" + ], + "properties": { + "name": { + "description": "The name of the variable", + "type": "string" + }, + "value": { + "description": "The value of the variable", + "type": "string" + }, + "visibility": { + "description": "The visibility of the variable. Can be `all`, `private`, or `selected`", + "type": "string", + "enum": [ + "all", + "private", + "selected" + ] + } + } + } + } + }, + "$defs": { + "RepositorySettings": { + "description": "Repository settings", + "allOf": [ + { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the repository." + }, + "description": { + "type": "string", + "description": "A short description of the repository." + }, + "homepage": { + "type": "string", + "description": "A URL with more information about the repository." + }, + "private": { + "type": "boolean", + "description": "Either `true` to make the repository private or `false` to make it public. Default: `false`. \n**Note**: You will get a `422` error if the organization restricts [changing repository visibility](https://docs.github.com/articles/repository-permission-levels-for-an-organization#changing-the-visibility-of-repositories) to organization owners and a non-owner tries to change the value of private.", + "default": false + }, + "visibility": { + "type": "string", + "description": "The visibility of the repository.", + "enum": [ + "public", + "private" + ] + }, + "security_and_analysis": { + "type": "object", + "description": "Specify which security and analysis features to enable or disable for the repository.\n\nTo use this parameter, you must have admin permissions for the repository or be an owner or security manager for the organization that owns the repository. For more information, see \"[Managing security managers in your organization](https://docs.github.com/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization).\"\n\nFor example, to enable GitHub Advanced Security, use this data in the body of the `PATCH` request:\n`{ \"security_and_analysis\": {\"advanced_security\": { \"status\": \"enabled\" } } }`.\n\nYou can check which security and analysis features are currently enabled by using a `GET /repos/{owner}/{repo}` request.", + "nullable": true, + "properties": { + "advanced_security": { + "type": "object", + "description": "Use the `status` property to enable or disable GitHub Advanced Security for this repository.\nFor more information, see \"[About GitHub Advanced\nSecurity](/github/getting-started-with-github/learning-about-github/about-github-advanced-security).\"\n\nFor standalone Code Scanning or Secret Protection products, this parameter cannot be used.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "code_security": { + "type": "object", + "description": "Use the `status` property to enable or disable GitHub Code Security for this repository.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning for this repository. For more information, see \"[About secret scanning](/code-security/secret-security/about-secret-scanning).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_push_protection": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning push protection for this repository. For more information, see \"[Protecting pushes with secret scanning](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_ai_detection": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning AI detection for this repository. For more information, see \"[Responsible detection of generic secrets with AI](https://docs.github.com/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/generic-secret-detection/responsible-ai-generic-secrets).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_non_provider_patterns": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning non-provider patterns for this repository. For more information, see \"[Supported secret scanning patterns](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).\"", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_delegated_alert_dismissal": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning delegated alert dismissal for this repository.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_delegated_bypass": { + "type": "object", + "description": "Use the `status` property to enable or disable secret scanning delegated bypass for this repository.", + "properties": { + "status": { + "type": "string", + "description": "Can be `enabled` or `disabled`." + } + } + }, + "secret_scanning_delegated_bypass_options": { + "type": "object", + "description": "Feature options for secret scanning delegated bypass.\nThis object is only honored when `security_and_analysis.secret_scanning_delegated_bypass.status` is set to `enabled`.\nYou can send this object in the same request as `secret_scanning_delegated_bypass`, or update just the options in a separate request.", + "properties": { + "reviewers": { + "type": "array", + "description": "The bypass reviewers for secret scanning delegated bypass.\nIf you omit this field, the existing set of reviewers is unchanged.", + "items": { + "type": "object", + "required": [ + "reviewer_id", + "reviewer_type" + ], + "properties": { + "reviewer_id": { + "type": "integer", + "description": "The ID of the team or role selected as a bypass reviewer" + }, + "reviewer_type": { + "type": "string", + "description": "The type of the bypass reviewer", + "enum": [ + "TEAM", + "ROLE" + ] + }, + "mode": { + "type": "string", + "description": "The bypass mode for the reviewer", + "enum": [ + "ALWAYS", + "EXEMPT" + ], + "default": "ALWAYS" + } + } + } + } + } + } + } + }, + "has_issues": { + "type": "boolean", + "description": "Either `true` to enable issues for this repository or `false` to disable them.", + "default": true + }, + "has_projects": { + "type": "boolean", + "description": "Either `true` to enable projects for this repository or `false` to disable them. **Note:** If you're creating a repository in an organization that has disabled repository projects, the default is `false`, and if you pass `true`, the API returns an error.", + "default": true + }, + "has_wiki": { + "type": "boolean", + "description": "Either `true` to enable the wiki for this repository or `false` to disable it.", + "default": true + }, + "is_template": { + "type": "boolean", + "description": "Either `true` to make this repo available as a template repository or `false` to prevent it.", + "default": false + }, + "default_branch": { + "type": "string", + "description": "Updates the default branch for this repository." + }, + "allow_squash_merge": { + "type": "boolean", + "description": "Either `true` to allow squash-merging pull requests, or `false` to prevent squash-merging.", + "default": true + }, + "allow_merge_commit": { + "type": "boolean", + "description": "Either `true` to allow merging pull requests with a merge commit, or `false` to prevent merging pull requests with merge commits.", + "default": true + }, + "allow_rebase_merge": { + "type": "boolean", + "description": "Either `true` to allow rebase-merging pull requests, or `false` to prevent rebase-merging.", + "default": true + }, + "allow_auto_merge": { + "type": "boolean", + "description": "Either `true` to allow auto-merge on pull requests, or `false` to disallow auto-merge.", + "default": false + }, + "delete_branch_on_merge": { + "type": "boolean", + "description": "Either `true` to allow automatically deleting head branches when pull requests are merged, or `false` to prevent automatic deletion.", + "default": false + }, + "allow_update_branch": { + "type": "boolean", + "description": "Either `true` to always allow a pull request head branch that is behind its base branch to be updated even if it is not required to be up to date before merging, or false otherwise.", + "default": false + }, + "use_squash_pr_title_as_default": { + "type": "boolean", + "description": "Either `true` to allow squash-merge commits to use pull request title, or `false` to use commit message. **This property is closing down. Please use `squash_merge_commit_title` instead.", + "default": false, + "deprecated": true + }, + "squash_merge_commit_title": { + "type": "string", + "enum": [ + "PR_TITLE", + "COMMIT_OR_PR_TITLE" + ], + "description": "Required when using `squash_merge_commit_message`.\n\nThe default value for a squash merge commit title:\n\n- `PR_TITLE` - default to the pull request's title.\n- `COMMIT_OR_PR_TITLE` - default to the commit's title (if only one commit) or the pull request's title (when more than one commit)." + }, + "squash_merge_commit_message": { + "type": "string", + "enum": [ + "PR_BODY", + "COMMIT_MESSAGES", + "BLANK" + ], + "description": "The default value for a squash merge commit message:\n\n- `PR_BODY` - default to the pull request's body.\n- `COMMIT_MESSAGES` - default to the branch's commit messages.\n- `BLANK` - default to a blank commit message." + }, + "merge_commit_title": { + "type": "string", + "enum": [ + "PR_TITLE", + "MERGE_MESSAGE" + ], + "description": "Required when using `merge_commit_message`.\n\nThe default value for a merge commit title.\n\n- `PR_TITLE` - default to the pull request's title.\n- `MERGE_MESSAGE` - default to the classic title for a merge message (e.g., Merge pull request #123 from branch-name)." + }, + "merge_commit_message": { + "type": "string", + "enum": [ + "PR_BODY", + "PR_TITLE", + "BLANK" + ], + "description": "The default value for a merge commit message.\n\n- `PR_TITLE` - default to the pull request's title.\n- `PR_BODY` - default to the pull request's body.\n- `BLANK` - default to a blank commit message." + }, + "archived": { + "type": "boolean", + "description": "Whether to archive this repository. `false` will unarchive a previously archived repository.", + "default": false + }, + "allow_forking": { + "type": "boolean", + "description": "Either `true` to allow private forks, or `false` to prevent private forks.", + "default": false + }, + "web_commit_signoff_required": { + "type": "boolean", + "description": "Either `true` to require contributors to sign off on web-based commits, or `false` to not require contributors to sign off on web-based commits.", + "default": false + } + } + }, + { + "type": "object", + "properties": { + "auto_init": { + "description": "Create an initial commit with empty README. Keep this set to true in most cases since many of the policies below cannot be implemented on bare repos", + "type": "boolean" + }, + "gitignore_template": { + "description": "Desired language or platform [.gitignore template](https://github.com/github/gitignore) to apply. Use the name of the template without the extension. For example, 'Haskell'.", + "type": "string" + }, + "license_template": { + "description": "Choose an [open source license template](https://choosealicense.com/) that best suits your needs, and then use the [license keyword](https://help.github.com/articles/licensing-a-repository/#searching-github-by-license-type) as the `license_template` string. For example, 'mit' or 'mpl-2.0'.", + "type": "string" + }, + "topics": { + "description": "A list of topics to set on the repository", + "type": "array", + "items": { + "type": "string" + } + }, + "security": { + "description": "Settings for Code security and analysis", + "type": "object", + "properties": { + "enableVulnerabilityAlerts": { + "type": "boolean" + }, + "enableAutomatedSecurityFixes": { + "type": "boolean" + } + } + }, + "force_create": { + "description": "Force create the repository even if it already exists", + "type": "boolean" + }, + "template": { + "description": "Name of a template repository to use when creating the repository", + "type": "string" + } + } + } + ] + }, + "LabelSettings": { + "description": "Labels: define labels for Issues and Pull Requests", + "type": "object", + "properties": { + "include": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "color": { + "description": "The hexadecimal color code for the label. If including a `#`, make sure to wrap it with quotes!", + "type": "string" + }, + "description": { + "type": "string" + }, + "oldname": { + "description": "Include the old name to rename an existing label", + "type": "string" + } + } + } + }, + "exclude": { + "description": "Ignore any labels matching these regexes (don't delete them)", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "CollaboratorSettings": { + "description": "A collaborator entry giving a specific user access to a repository.", + "allOf": [ + { + "type": "object", + "properties": { + "permission": { + "type": "string", + "description": "The permission to grant the collaborator. **Only valid on organization-owned repositories.** We accept the following permissions to be set: `pull`, `triage`, `push`, `maintain`, `admin` and you can also specify a custom repository role name, if the owning organization has defined any.", + "default": "push" + } + } + }, + { + "type": "object", + "properties": { + "username": { + "type": "string" + }, + "exclude": { + "description": "You can exclude a list of repos for this collaborator and all repos except these repos would have this collaborator", + "type": "array", + "items": { + "type": "string" + } + }, + "include": { + "description": "You can include a list of repos for this collaborator and only those repos would have this collaborator", + "type": "array", + "items": { + "type": "string" + } + } + } + } + ] + }, + "TeamSettings": { + "description": "A team entry", + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the team." + }, + "description": { + "type": "string", + "description": "The description of the team." + }, + "maintainers": { + "type": "array", + "description": "List GitHub usernames for organization members who will become team maintainers.", + "items": { + "type": "string" + } + }, + "repo_names": { + "type": "array", + "description": "The full name (e.g., \"organization-name/repository-name\") of repositories to add the team to.", + "items": { + "type": "string" + } + }, + "privacy": { + "type": "string", + "description": "The level of privacy this team should have. The options are: \n**For a non-nested team:** \n * `secret` - only visible to organization owners and members of this team. \n * `closed` - visible to all members of this organization. \nDefault: `secret` \n**For a parent or child team:** \n * `closed` - visible to all members of this organization. \nDefault for child team: `closed`", + "enum": [ + "secret", + "closed" + ] + }, + "notification_setting": { + "type": "string", + "description": "The notification setting the team has chosen. The options are: \n * `notifications_enabled` - team members receive notifications when the team is @mentioned. \n * `notifications_disabled` - no one receives notifications. \nDefault: `notifications_enabled`", + "enum": [ + "notifications_enabled", + "notifications_disabled" + ] + }, + "parent_team_id": { + "type": "integer", + "description": "The ID of a team to set as the parent team." + } + }, + "required": [ + "name" + ] + }, + "MilestoneSettings": { + "description": "A milestone entry", + "type": "object", + "properties": { + "title": { + "type": "string" + }, + "description": { + "type": "string" + }, + "state": { + "description": "The state of the milestone. Either `open` or `closed`", + "type": "string" + } + } + }, + "BranchSettings": { + "description": "A branch protection rule entry", + "type": "object", + "properties": { + "name": { + "description": "If the name of the branch value is specified as `default`, then the app will create a branch protection rule to apply against the default branch in the repo", + "type": "string" + }, + "protection": { + "type": "object", + "properties": { + "required_status_checks": { + "type": "object", + "description": "Require status checks to pass before merging. Set to `null` to disable.", + "nullable": true, + "properties": { + "strict": { + "type": "boolean", + "description": "Require branches to be up to date before merging." + }, + "contexts": { + "type": "array", + "deprecated": true, + "description": "**Closing down notice**: The list of status checks to require in order to merge into this branch. If any of these checks have recently been set by a particular GitHub App, they will be required to come from that app in future for the branch to merge. Use `checks` instead of `contexts` for more fine-grained control.", + "items": { + "type": "string" + } + }, + "checks": { + "type": "array", + "description": "The list of status checks to require in order to merge into this branch.", + "items": { + "type": "object", + "required": [ + "context" + ], + "properties": { + "context": { + "type": "string", + "description": "The name of the required check" + }, + "app_id": { + "type": "integer", + "description": "The ID of the GitHub App that must provide this check. Omit this field to automatically select the GitHub App that has recently provided this check, or any app if it was not set by a GitHub App. Pass -1 to explicitly allow any app to set the status." + } + } + } + } + }, + "required": [ + "strict", + "contexts" + ] + }, + "enforce_admins": { + "type": "boolean", + "description": "Enforce all configured restrictions for administrators. Set to `true` to enforce required status checks for repository administrators. Set to `null` to disable.", + "nullable": true + }, + "required_pull_request_reviews": { + "type": "object", + "description": "Require at least one approving review on a pull request, before merging. Set to `null` to disable.", + "nullable": true, + "properties": { + "dismissal_restrictions": { + "type": "object", + "description": "Specify which users, teams, and apps can dismiss pull request reviews. Pass an empty `dismissal_restrictions` object to disable. User and team `dismissal_restrictions` are only available for organization-owned repositories. Omit this parameter for personal repositories.", + "properties": { + "users": { + "type": "array", + "description": "The list of user `login`s with dismissal access", + "items": { + "type": "string" + } + }, + "teams": { + "type": "array", + "description": "The list of team `slug`s with dismissal access", + "items": { + "type": "string" + } + }, + "apps": { + "type": "array", + "description": "The list of app `slug`s with dismissal access", + "items": { + "type": "string" + } + } + } + }, + "dismiss_stale_reviews": { + "type": "boolean", + "description": "Set to `true` if you want to automatically dismiss approving reviews when someone pushes a new commit." + }, + "require_code_owner_reviews": { + "type": "boolean", + "description": "Blocks merging pull requests until [code owners](https://docs.github.com/articles/about-code-owners/) review them." + }, + "required_approving_review_count": { + "type": "integer", + "description": "Specify the number of reviewers required to approve pull requests. Use a number between 1 and 6 or 0 to not require reviewers." + }, + "require_last_push_approval": { + "type": "boolean", + "description": "Whether the most recent push must be approved by someone other than the person who pushed it. Default: `false`.", + "default": false + }, + "bypass_pull_request_allowances": { + "type": "object", + "description": "Allow specific users, teams, or apps to bypass pull request requirements.", + "properties": { + "users": { + "type": "array", + "description": "The list of user `login`s allowed to bypass pull request requirements.", + "items": { + "type": "string" + } + }, + "teams": { + "type": "array", + "description": "The list of team `slug`s allowed to bypass pull request requirements.", + "items": { + "type": "string" + } + }, + "apps": { + "type": "array", + "description": "The list of app `slug`s allowed to bypass pull request requirements.", + "items": { + "type": "string" + } + } + } + } + } + }, + "restrictions": { + "type": "object", + "description": "Restrict who can push to the protected branch. User, app, and team `restrictions` are only available for organization-owned repositories. Set to `null` to disable.", + "nullable": true, + "properties": { + "users": { + "type": "array", + "description": "The list of user `login`s with push access", + "items": { + "type": "string" + } + }, + "teams": { + "type": "array", + "description": "The list of team `slug`s with push access", + "items": { + "type": "string" + } + }, + "apps": { + "type": "array", + "description": "The list of app `slug`s with push access", + "items": { + "type": "string" + } + } + }, + "required": [ + "users", + "teams" + ] + }, + "required_linear_history": { + "type": "boolean", + "description": "Enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch. Set to `true` to enforce a linear commit history. Set to `false` to disable a linear commit Git history. Your repository must allow squash merging or rebase merging before you can enable a linear commit history. Default: `false`. For more information, see \"[Requiring a linear commit history](https://docs.github.com/github/administering-a-repository/requiring-a-linear-commit-history)\" in the GitHub Help documentation." + }, + "allow_force_pushes": { + "type": "boolean", + "description": "Permits force pushes to the protected branch by anyone with write access to the repository. Set to `true` to allow force pushes. Set to `false` or `null` to block force pushes. Default: `false`. For more information, see \"[Enabling force pushes to a protected branch](https://docs.github.com/github/administering-a-repository/enabling-force-pushes-to-a-protected-branch)\" in the GitHub Help documentation.\"", + "nullable": true + }, + "allow_deletions": { + "type": "boolean", + "description": "Allows deletion of the protected branch by anyone with write access to the repository. Set to `false` to prevent deletion of the protected branch. Default: `false`. For more information, see \"[Enabling force pushes to a protected branch](https://docs.github.com/github/administering-a-repository/enabling-force-pushes-to-a-protected-branch)\" in the GitHub Help documentation." + }, + "block_creations": { + "type": "boolean", + "description": "If set to `true`, the `restrictions` branch protection settings which limits who can push will also block pushes which create new branches, unless the push is initiated by a user, team, or app which has the ability to push. Set to `true` to restrict new branch creation. Default: `false`." + }, + "required_conversation_resolution": { + "type": "boolean", + "description": "Requires all conversations on code to be resolved before a pull request can be merged into a branch that matches this rule. Set to `false` to disable. Default: `false`." + }, + "lock_branch": { + "type": "boolean", + "description": "Whether to set the branch as read-only. If this is true, users will not be able to push to the branch. Default: `false`.", + "default": false + }, + "allow_fork_syncing": { + "type": "boolean", + "description": "Whether users can pull changes from upstream when the branch is locked. Set to `true` to allow fork syncing. Set to `false` to prevent fork syncing. Default: `false`.", + "default": false + } + }, + "required": [ + "required_status_checks", + "enforce_admins", + "required_pull_request_reviews", + "restrictions" + ] + } + } + }, + "AutolinkSettings": { + "description": "An autolink reference entry", + "type": "object", + "properties": { + "key_prefix": { + "type": "string", + "description": "This prefix appended by certain characters will generate a link any time it is found in an issue, pull request, or commit." + }, + "url_template": { + "type": "string", + "description": "The URL must contain `` for the reference number. `` matches different characters depending on the value of `is_alphanumeric`." + }, + "is_alphanumeric": { + "type": "boolean", + "default": true, + "description": "Whether this autolink reference matches alphanumeric characters. If true, the `` parameter of the `url_template` matches alphanumeric characters `A-Z` (case insensitive), `0-9`, and `-`. If false, this autolink reference only matches numeric characters." + } + }, + "required": [ + "key_prefix", + "url_template" + ] + }, + "ValidatorSettings": { + "description": "Repository name validation", + "type": "object", + "properties": { + "pattern": { + "type": "string" + } + } + }, + "RulesetSettings": { + "description": "A ruleset entry", + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the ruleset." + }, + "target": { + "type": "string", + "description": "The target of the ruleset", + "enum": [ + "branch", + "tag", + "push", + "repository" + ], + "default": "branch" + }, + "enforcement": { + "type": "string", + "description": "The enforcement level of the ruleset. `evaluate` allows admins to test rules before enforcing them. Admins can view insights on the Rule Insights page (`evaluate` is only available with GitHub Enterprise).", + "enum": [ + "disabled", + "active", + "evaluate" + ] + }, + "bypass_actors": { + "type": "array", + "description": "The actors that can bypass the rules in this ruleset", + "items": { + "title": "Repository Ruleset Bypass Actor", + "type": "object", + "description": "An actor that can bypass rules in a ruleset", + "required": [ + "actor_type" + ], + "properties": { + "actor_id": { + "type": "integer", + "nullable": true, + "description": "The ID of the actor that can bypass a ruleset. Required for `Integration`, `RepositoryRole`, and `Team` actor types. If `actor_type` is `OrganizationAdmin`, `actor_id` is ignored. If `actor_type` is `DeployKey`, this should be null. `OrganizationAdmin` is not applicable for personal repositories." + }, + "actor_type": { + "type": "string", + "enum": [ + "Integration", + "OrganizationAdmin", + "RepositoryRole", + "Team", + "DeployKey" + ], + "description": "The type of actor that can bypass a ruleset." + }, + "bypass_mode": { + "type": "string", + "description": "When the specified actor can bypass the ruleset. `pull_request` means that an actor can only bypass rules on pull requests. `pull_request` is not applicable for the `DeployKey` actor type. Also, `pull_request` is only applicable to branch rulesets. When `bypass_mode` is `exempt`, rules will not be run for that actor and a bypass audit entry will not be created.", + "enum": [ + "always", + "pull_request", + "exempt" + ], + "default": "always" + } + } + } + }, + "conditions": { + "title": "Organization ruleset conditions", + "type": "object", + "description": "Conditions for an organization ruleset.\nThe branch and tag rulesets conditions object should contain both `repository_name` and `ref_name` properties, or both `repository_id` and `ref_name` properties, or both `repository_property` and `ref_name` properties.\nThe push rulesets conditions object does not require the `ref_name` property.\nFor repository policy rulesets, the conditions object should only contain the `repository_name`, the `repository_id`, or the `repository_property`.", + "oneOf": [ + { + "type": "object", + "title": "repository_name_and_ref_name", + "description": "Conditions to target repositories by name and refs by name", + "allOf": [ + { + "title": "Repository ruleset conditions for ref names", + "type": "object", + "description": "Parameters for a repository ruleset ref name condition", + "properties": { + "ref_name": { + "type": "object", + "properties": { + "include": { + "type": "array", + "description": "Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.", + "items": { + "type": "string" + } + }, + "exclude": { + "type": "array", + "description": "Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.", + "items": { + "type": "string" + } + } + } + } + } + }, + { + "title": "Repository ruleset conditions for repository names", + "type": "object", + "description": "Parameters for a repository name condition", + "properties": { + "repository_name": { + "type": "object", + "properties": { + "include": { + "type": "array", + "description": "Array of repository names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~ALL` to include all repositories.", + "items": { + "type": "string" + } + }, + "exclude": { + "type": "array", + "description": "Array of repository names or patterns to exclude. The condition will not pass if any of these patterns match.", + "items": { + "type": "string" + } + }, + "protected": { + "type": "boolean", + "description": "Whether renaming of target repositories is prevented." + } + } + } + }, + "required": [ + "repository_name" + ] + } + ] + }, + { + "type": "object", + "title": "repository_id_and_ref_name", + "description": "Conditions to target repositories by id and refs by name", + "allOf": [ + { + "title": "Repository ruleset conditions for ref names", + "type": "object", + "description": "Parameters for a repository ruleset ref name condition", + "properties": { + "ref_name": { + "type": "object", + "properties": { + "include": { + "type": "array", + "description": "Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.", + "items": { + "type": "string" + } + }, + "exclude": { + "type": "array", + "description": "Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.", + "items": { + "type": "string" + } + } + } + } + } + }, + { + "title": "Repository ruleset conditions for repository IDs", + "type": "object", + "description": "Parameters for a repository ID condition", + "properties": { + "repository_id": { + "type": "object", + "properties": { + "repository_ids": { + "type": "array", + "description": "The repository IDs that the ruleset applies to. One of these IDs must match for the condition to pass.", + "items": { + "type": "integer" + } + } + } + } + }, + "required": [ + "repository_id" + ] + } + ] + }, + { + "type": "object", + "title": "repository_property_and_ref_name", + "description": "Conditions to target repositories by property and refs by name", + "allOf": [ + { + "title": "Repository ruleset conditions for ref names", + "type": "object", + "description": "Parameters for a repository ruleset ref name condition", + "properties": { + "ref_name": { + "type": "object", + "properties": { + "include": { + "type": "array", + "description": "Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches.", + "items": { + "type": "string" + } + }, + "exclude": { + "type": "array", + "description": "Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match.", + "items": { + "type": "string" + } + } + } + } + } + }, + { + "title": "Repository ruleset conditions for repository properties", + "type": "object", + "description": "Parameters for a repository property condition", + "properties": { + "repository_property": { + "type": "object", + "properties": { + "include": { + "type": "array", + "description": "The repository properties and values to include. All of these properties must match for the condition to pass.", + "items": { + "title": "Repository ruleset property targeting definition", + "type": "object", + "description": "Parameters for a targeting a repository property", + "properties": { + "name": { + "type": "string", + "description": "The name of the repository property to target" + }, + "property_values": { + "type": "array", + "description": "The values to match for the repository property", + "items": { + "type": "string" + } + }, + "source": { + "type": "string", + "description": "The source of the repository property. Defaults to 'custom' if not specified.", + "enum": [ + "custom", + "system" + ] + } + }, + "required": [ + "name", + "property_values" + ] + } + }, + "exclude": { + "type": "array", + "description": "The repository properties and values to exclude. The condition will not pass if any of these properties match.", + "items": { + "title": "Repository ruleset property targeting definition", + "type": "object", + "description": "Parameters for a targeting a repository property", + "properties": { + "name": { + "type": "string", + "description": "The name of the repository property to target" + }, + "property_values": { + "type": "array", + "description": "The values to match for the repository property", + "items": { + "type": "string" + } + }, + "source": { + "type": "string", + "description": "The source of the repository property. Defaults to 'custom' if not specified.", + "enum": [ + "custom", + "system" + ] + } + }, + "required": [ + "name", + "property_values" + ] + } + } + } + } + }, + "required": [ + "repository_property" + ] + } + ] + } + ] + }, + "rules": { + "type": "array", + "description": "An array of rules within the ruleset.", + "items": { + "title": "Repository Rule", + "type": "object", + "description": "A repository rule.", + "oneOf": [ + { + "title": "creation", + "description": "Only allow users with bypass permission to create matching refs.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "creation" + ] + } + } + }, + { + "title": "update", + "description": "Only allow users with bypass permission to update matching refs.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "update" + ] + }, + "parameters": { + "type": "object", + "properties": { + "update_allows_fetch_and_merge": { + "type": "boolean", + "description": "Branch can pull changes from its upstream repository" + } + }, + "required": [ + "update_allows_fetch_and_merge" + ] + } + } + }, + { + "title": "deletion", + "description": "Only allow users with bypass permissions to delete matching refs.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "deletion" + ] + } + } + }, + { + "title": "required_linear_history", + "description": "Prevent merge commits from being pushed to matching refs.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "required_linear_history" + ] + } + } + }, + { + "title": "required_deployments", + "description": "Choose which environments must be successfully deployed to before refs can be pushed into a ref that matches this rule.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "required_deployments" + ] + }, + "parameters": { + "type": "object", + "properties": { + "required_deployment_environments": { + "type": "array", + "description": "The environments that must be successfully deployed to before branches can be merged.", + "items": { + "type": "string" + } + } + }, + "required": [ + "required_deployment_environments" + ] + } + } + }, + { + "title": "required_signatures", + "description": "Commits pushed to matching refs must have verified signatures.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "required_signatures" + ] + } + } + }, + { + "title": "pull_request", + "description": "Require all commits be made to a non-target branch and submitted via a pull request before they can be merged.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "pull_request" + ] + }, + "parameters": { + "type": "object", + "properties": { + "allowed_merge_methods": { + "type": "array", + "description": "Array of allowed merge methods. Allowed values include `merge`, `squash`, and `rebase`. At least one option must be enabled.", + "items": { + "type": "string", + "enum": [ + "merge", + "squash", + "rebase" + ] + } + }, + "dismiss_stale_reviews_on_push": { + "type": "boolean", + "description": "New, reviewable commits pushed will dismiss previous pull request review approvals." + }, + "require_code_owner_review": { + "type": "boolean", + "description": "Require an approving review in pull requests that modify files that have a designated code owner." + }, + "require_last_push_approval": { + "type": "boolean", + "description": "Whether the most recent reviewable push must be approved by someone other than the person who pushed it." + }, + "required_approving_review_count": { + "type": "integer", + "description": "The number of approving reviews that are required before a pull request can be merged.", + "minimum": 0, + "maximum": 10 + }, + "required_review_thread_resolution": { + "type": "boolean", + "description": "All conversations on code must be resolved before a pull request can be merged." + }, + "required_reviewers": { + "type": "array", + "description": "> [!NOTE]\n> `required_reviewers` is in beta and subject to change.\n\nA collection of reviewers and associated file patterns. Each reviewer has a list of file patterns which determine the files that reviewer is required to review.", + "items": { + "title": "RequiredReviewerConfiguration", + "description": "A reviewing team, and file patterns describing which files they must approve changes to.", + "type": "object", + "properties": { + "file_patterns": { + "type": "array", + "description": "Array of file patterns. Pull requests which change matching files must be approved by the specified team. File patterns use fnmatch syntax.", + "items": { + "type": "string" + } + }, + "minimum_approvals": { + "type": "integer", + "description": "Minimum number of approvals required from the specified team. If set to zero, the team will be added to the pull request but approval is optional." + }, + "reviewer": { + "title": "Reviewer", + "description": "A required reviewing team", + "type": "object", + "properties": { + "id": { + "type": "integer", + "description": "ID of the reviewer which must review changes to matching files." + }, + "type": { + "type": "string", + "description": "The type of the reviewer", + "enum": [ + "Team" + ] + } + }, + "required": [ + "id", + "type" + ] + } + }, + "required": [ + "file_patterns", + "minimum_approvals", + "reviewer" + ] + } + } + }, + "required": [ + "dismiss_stale_reviews_on_push", + "require_code_owner_review", + "require_last_push_approval", + "required_approving_review_count", + "required_review_thread_resolution" + ] + } + } + }, + { + "title": "required_status_checks", + "description": "Choose which status checks must pass before the ref is updated. When enabled, commits must first be pushed to another ref where the checks pass.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "required_status_checks" + ] + }, + "parameters": { + "type": "object", + "properties": { + "do_not_enforce_on_create": { + "type": "boolean", + "description": "Allow repositories and branches to be created if a check would otherwise prohibit it." + }, + "required_status_checks": { + "type": "array", + "description": "Status checks that are required.", + "items": { + "title": "StatusCheckConfiguration", + "description": "Required status check", + "type": "object", + "properties": { + "context": { + "type": "string", + "description": "The status check context name that must be present on the commit." + }, + "integration_id": { + "type": "integer", + "description": "The optional integration ID that this status check must originate from." + } + }, + "required": [ + "context" + ] + } + }, + "strict_required_status_checks_policy": { + "type": "boolean", + "description": "Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled." + } + }, + "required": [ + "required_status_checks", + "strict_required_status_checks_policy" + ] + } + } + }, + { + "title": "non_fast_forward", + "description": "Prevent users with push access from force pushing to refs.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "non_fast_forward" + ] + } + } + }, + { + "title": "commit_message_pattern", + "description": "Parameters to be used for the commit_message_pattern rule", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "commit_message_pattern" + ] + }, + "parameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "How this rule appears when configuring it." + }, + "negate": { + "type": "boolean", + "description": "If true, the rule will fail if the pattern matches." + }, + "operator": { + "type": "string", + "description": "The operator to use for matching.", + "enum": [ + "starts_with", + "ends_with", + "contains", + "regex" + ] + }, + "pattern": { + "type": "string", + "description": "The pattern to match with." + } + }, + "required": [ + "operator", + "pattern" + ] + } + } + }, + { + "title": "commit_author_email_pattern", + "description": "Parameters to be used for the commit_author_email_pattern rule", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "commit_author_email_pattern" + ] + }, + "parameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "How this rule appears when configuring it." + }, + "negate": { + "type": "boolean", + "description": "If true, the rule will fail if the pattern matches." + }, + "operator": { + "type": "string", + "description": "The operator to use for matching.", + "enum": [ + "starts_with", + "ends_with", + "contains", + "regex" + ] + }, + "pattern": { + "type": "string", + "description": "The pattern to match with." + } + }, + "required": [ + "operator", + "pattern" + ] + } + } + }, + { + "title": "committer_email_pattern", + "description": "Parameters to be used for the committer_email_pattern rule", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "committer_email_pattern" + ] + }, + "parameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "How this rule appears when configuring it." + }, + "negate": { + "type": "boolean", + "description": "If true, the rule will fail if the pattern matches." + }, + "operator": { + "type": "string", + "description": "The operator to use for matching.", + "enum": [ + "starts_with", + "ends_with", + "contains", + "regex" + ] + }, + "pattern": { + "type": "string", + "description": "The pattern to match with." + } + }, + "required": [ + "operator", + "pattern" + ] + } + } + }, + { + "title": "branch_name_pattern", + "description": "Parameters to be used for the branch_name_pattern rule", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "branch_name_pattern" + ] + }, + "parameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "How this rule appears when configuring it." + }, + "negate": { + "type": "boolean", + "description": "If true, the rule will fail if the pattern matches." + }, + "operator": { + "type": "string", + "description": "The operator to use for matching.", + "enum": [ + "starts_with", + "ends_with", + "contains", + "regex" + ] + }, + "pattern": { + "type": "string", + "description": "The pattern to match with." + } + }, + "required": [ + "operator", + "pattern" + ] + } + } + }, + { + "title": "tag_name_pattern", + "description": "Parameters to be used for the tag_name_pattern rule", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "tag_name_pattern" + ] + }, + "parameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "How this rule appears when configuring it." + }, + "negate": { + "type": "boolean", + "description": "If true, the rule will fail if the pattern matches." + }, + "operator": { + "type": "string", + "description": "The operator to use for matching.", + "enum": [ + "starts_with", + "ends_with", + "contains", + "regex" + ] + }, + "pattern": { + "type": "string", + "description": "The pattern to match with." + } + }, + "required": [ + "operator", + "pattern" + ] + } + } + }, + { + "title": "file_path_restriction", + "description": "Prevent commits that include changes in specified file and folder paths from being pushed to the commit graph. This includes absolute paths that contain file names.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "file_path_restriction" + ] + }, + "parameters": { + "type": "object", + "properties": { + "restricted_file_paths": { + "type": "array", + "description": "The file paths that are restricted from being pushed to the commit graph.", + "items": { + "type": "string" + } + } + }, + "required": [ + "restricted_file_paths" + ] + } + } + }, + { + "title": "max_file_path_length", + "description": "Prevent commits that include file paths that exceed the specified character limit from being pushed to the commit graph.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "max_file_path_length" + ] + }, + "parameters": { + "type": "object", + "properties": { + "max_file_path_length": { + "type": "integer", + "description": "The maximum amount of characters allowed in file paths.", + "minimum": 1, + "maximum": 32767 + } + }, + "required": [ + "max_file_path_length" + ] + } + } + }, + { + "title": "file_extension_restriction", + "description": "Prevent commits that include files with specified file extensions from being pushed to the commit graph.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "file_extension_restriction" + ] + }, + "parameters": { + "type": "object", + "properties": { + "restricted_file_extensions": { + "type": "array", + "description": "The file extensions that are restricted from being pushed to the commit graph.", + "items": { + "type": "string" + } + } + }, + "required": [ + "restricted_file_extensions" + ] + } + } + }, + { + "title": "max_file_size", + "description": "Prevent commits with individual files that exceed the specified limit from being pushed to the commit graph.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "max_file_size" + ] + }, + "parameters": { + "type": "object", + "properties": { + "max_file_size": { + "type": "integer", + "description": "The maximum file size allowed in megabytes. This limit does not apply to Git Large File Storage (Git LFS).", + "minimum": 1, + "maximum": 100 + } + }, + "required": [ + "max_file_size" + ] + } + } + }, + { + "title": "workflows", + "description": "Require all changes made to a targeted branch to pass the specified workflows before they can be merged.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "workflows" + ] + }, + "parameters": { + "type": "object", + "properties": { + "do_not_enforce_on_create": { + "type": "boolean", + "description": "Allow repositories and branches to be created if a check would otherwise prohibit it." + }, + "workflows": { + "type": "array", + "description": "Workflows that must pass for this rule to pass.", + "items": { + "title": "WorkflowFileReference", + "description": "A workflow that must run for this rule to pass", + "type": "object", + "properties": { + "path": { + "type": "string", + "description": "The path to the workflow file" + }, + "ref": { + "type": "string", + "description": "The ref (branch or tag) of the workflow file to use" + }, + "repository_id": { + "type": "integer", + "description": "The ID of the repository where the workflow is defined" + }, + "sha": { + "type": "string", + "description": "The commit SHA of the workflow file to use" + } + }, + "required": [ + "path", + "repository_id" + ] + } + } + }, + "required": [ + "workflows" + ] + } + } + }, + { + "title": "code_scanning", + "description": "Choose which tools must provide code scanning results before the reference is updated. When configured, code scanning must be enabled and have results for both the commit and the reference being updated.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "code_scanning" + ] + }, + "parameters": { + "type": "object", + "properties": { + "code_scanning_tools": { + "type": "array", + "description": "Tools that must provide code scanning results for this rule to pass.", + "items": { + "title": "CodeScanningTool", + "description": "A tool that must provide code scanning results for this rule to pass.", + "type": "object", + "properties": { + "alerts_threshold": { + "type": "string", + "description": "The severity level at which code scanning results that raise alerts block a reference update. For more information on alert severity levels, see \"[About code scanning alerts](https://docs.github.com/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels).\"", + "enum": [ + "none", + "errors", + "errors_and_warnings", + "all" + ] + }, + "security_alerts_threshold": { + "type": "string", + "description": "The severity level at which code scanning results that raise security alerts block a reference update. For more information on security severity levels, see \"[About code scanning alerts](https://docs.github.com/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels).\"", + "enum": [ + "none", + "critical", + "high_or_higher", + "medium_or_higher", + "all" + ] + }, + "tool": { + "type": "string", + "description": "The name of a code scanning tool" + } + }, + "required": [ + "alerts_threshold", + "security_alerts_threshold", + "tool" + ] + } + } + }, + "required": [ + "code_scanning_tools" + ] + } + } + }, + { + "title": "copilot_code_review", + "description": "Request Copilot code review for new pull requests automatically if the author has access to Copilot code review and their premium requests quota has not reached the limit.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "copilot_code_review" + ] + }, + "parameters": { + "type": "object", + "properties": { + "review_draft_pull_requests": { + "type": "boolean", + "description": "Copilot automatically reviews draft pull requests before they are marked as ready for review." + }, + "review_on_push": { + "type": "boolean", + "description": "Copilot automatically reviews each new push to the pull request." + } + } + } + } + } + ] + } + } + }, + "required": [ + "name", + "enforcement" + ] + }, + "EnvironmentsSettings": { + "description": "A deployment environment configuration entry", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "The name of the deployment environment", + "type": "string" + }, + "wait_timer": { + "description": "The amount of time to delay a job after the job is initially triggered (in minutes)", + "type": "integer" + }, + "reviewers": { + "description": "The people or teams that may review jobs that reference the environment", + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "description": "The type of reviewer (`User` or `Team`)", + "type": "string" + }, + "id": { + "description": "The id of the user or team who can review the deployment", + "type": "integer" + } + } + } + }, + "deployment_branch_policy": { + "description": "The type of deployment branch policy for this environment", + "type": "object", + "properties": { + "protected_branches": { + "description": "Whether only protected branches can be deployed to this environment", + "type": "boolean" + }, + "custom_branch_policies": { + "description": "Whether only branches that match the specified name patterns can deploy to this environment", + "type": "boolean" + } + } + }, + "prevent_self_review": { + "description": "Whether or not a user who created the job is prevented from approving their own job", + "type": "boolean" + } + } + }, + "CustomPropertiesSettings": { + "description": "A custom property entry", + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, + "VariablesSettings": { + "description": "An Actions variable entry", + "type": "object", + "required": [ + "name", + "value" + ], + "properties": { + "name": { + "description": "The name of the variable", + "type": "string" + }, + "value": { + "description": "The value of the variable", + "type": "string" + }, + "visibility": { + "description": "The visibility of the variable. Can be `all`, `private`, or `selected`", + "type": "string", + "enum": [ + "all", + "private", + "selected" + ] + } + } } } } \ No newline at end of file diff --git a/schema/dereferenced/suborgs.json b/schema/dereferenced/suborgs.json index 11ba9ed2d..0267bf7a8 100644 --- a/schema/dereferenced/suborgs.json +++ b/schema/dereferenced/suborgs.json @@ -179,6 +179,15 @@ "TEAM", "ROLE" ] + }, + "mode": { + "type": "string", + "description": "The bypass mode for the reviewer", + "enum": [ + "ALWAYS", + "EXEMPT" + ], + "default": "ALWAYS" } } } @@ -991,6 +1000,15 @@ "TEAM", "ROLE" ] + }, + "mode": { + "type": "string", + "description": "The bypass mode for the reviewer", + "enum": [ + "ALWAYS", + "EXEMPT" + ], + "default": "ALWAYS" } } } diff --git a/script/build-schema b/script/build-schema index 31bb38b82..62cd32cef 100755 --- a/script/build-schema +++ b/script/build-schema @@ -6,17 +6,44 @@ const path = require('node:path') const schemas = [ { src: 'schema/settings.json', dest: 'schema/dereferenced/settings.json' }, - { src: 'schema/suborgs.json', dest: 'schema/dereferenced/suborgs.json' }, - { src: 'schema/repos.json', dest: 'schema/dereferenced/repos.json' } -]; + { src: 'schema/suborgs.json', dest: 'schema/dereferenced/suborgs.json' }, + { src: 'schema/repos.json', dest: 'schema/dereferenced/repos.json' } +] -(async () => { +;(async () => { await fs.mkdir('schema/dereferenced', { recursive: true }) + // Find the GitHub API spec URL from the schema files. + // The URL in the schema files is the single source of truth for which version is used. + const specUrlPattern = /(https:\/\/raw\.githubusercontent\.com\/github\/rest-api-description[^#"]+api\.github\.com[^#"]*\.json)/ + let specUrl + for (const { src } of schemas) { + const match = (await fs.readFile(src, 'utf8')).match(specUrlPattern) + if (match) { specUrl = match[1]; break } + } + + if (!specUrl) { + console.error('Could not find GitHub API spec URL in schema files.') + process.exit(1) + } + + // Pre-dereference the spec so all internal $refs (e.g. #/components/schemas/...) + // are resolved before it is used as an external reference target. + console.log(`Fetching ${specUrl} ...`) + const resolvedSpec = await $RefParser.dereference(specUrl) + + const githubApiResolver = { + order: 1, + canRead: /\/descriptions\/api\.github\.com\/api\.github\.com/, + read: () => resolvedSpec + } + let hasErrors = false for (const { src, dest } of schemas) { try { - const dereferenced = await $RefParser.dereference(path.resolve(src)) + const dereferenced = await $RefParser.dereference(path.resolve(src), { + resolve: { githubApi: githubApiResolver } + }) await fs.writeFile(dest, JSON.stringify(dereferenced, null, 2)) console.log(`Dereferenced ${src} → ${dest}`) } catch (err) { @@ -25,7 +52,5 @@ const schemas = [ } } - if (hasErrors) { - process.exit(1) - } + if (hasErrors) process.exit(1) })().catch(console.error) diff --git a/test/unit/lib/plugins/branches.test.js b/test/unit/lib/plugins/branches.test.js index 8b9c61786..49549cc87 100644 --- a/test/unit/lib/plugins/branches.test.js +++ b/test/unit/lib/plugins/branches.test.js @@ -183,7 +183,8 @@ describe('Branches', () => { ) return plugin.sync().then(() => { - expect(github.rest.repos.updateBranchProtection).toHaveBeenCalledWith({ + + expect(github.rest.repos.updateBranchProtection).toHaveBeenCalledWith(expect.objectContaining({ owner: 'bkeepers', repo: 'test', branch: 'main', @@ -191,10 +192,92 @@ describe('Branches', () => { strict: true, contexts: [] }, - enforce_admins: null, + // Existing enforce_admins should be preserved from GitHub + enforce_admins: false, restrictions: null, headers: { accept: 'application/vnd.github.hellcat-preview+json,application/vnd.github.luke-cage-preview+json,application/vnd.github.zzzax-preview+json' } + })) + }) + }) + }) + + describe('when existing protection has restrictions', () => { + it('preserves restrictions from GitHub when config omits them', () => { + github.rest.repos.getBranchProtection = jest.fn().mockResolvedValue({ + data: { + enforce_admins: { enabled: true }, + required_status_checks: { + strict: false, + contexts: ['ci-check'], + checks: [] + }, + restrictions: { + url: 'https://api.github.com/...', + users: [{ login: 'user1' }, { login: 'user2' }], + teams: [{ slug: 'team-a' }], + apps: [{ slug: 'app-bot' }] + } + } + }) + + // Config only specifies enforce_admins, omits restrictions + const plugin = configure([{ + name: 'main', + protection: { + enforce_admins: false + } + }]) + + return plugin.sync().then(() => { + expect(github.rest.repos.updateBranchProtection).toHaveBeenCalledWith( + expect.objectContaining({ + owner: 'bkeepers', + repo: 'test', + branch: 'main', + enforce_admins: false, + // Existing restrictions should be preserved from GitHub + restrictions: { + users: ['user1', 'user2'], + teams: ['team-a'], + apps: ['app-bot'] + }, + // Existing required_status_checks should be preserved from GitHub + required_status_checks: { + strict: false, + contexts: ['ci-check'], + checks: [] + } + }) + ) + }) + }) + + it('normalizes restrictions and defaults missing arrays when preserving from GitHub', () => { + github.rest.repos.getBranchProtection = jest.fn().mockResolvedValue({ + data: { + enforce_admins: { enabled: true }, + restrictions: { + url: 'https://api.github.com/...', + users: [{ login: 'user1' }] + } + } + }) + + const plugin = configure([{ + name: 'main', + protection: { + enforce_admins: false + } + }]) + + return plugin.sync().then(() => { + const payload = github.rest.repos.updateBranchProtection.mock.calls[0][0] + expect(payload.restrictions).toEqual({ + users: ['user1'], + teams: [], + apps: [] }) + expect(payload.restrictions.url).toBeUndefined() }) }) }) @@ -204,10 +287,8 @@ describe('Branches', () => { github.rest.repos.getBranchProtection = jest.fn().mockResolvedValue({ data: { enforce_admins: { enabled: false }, - protection: { - required_status_checks: { - contexts: ['check-1', 'check-2'] - } + required_status_checks: { + contexts: ['check-1', 'check-2'] } } }) @@ -224,7 +305,8 @@ describe('Branches', () => { ) return plugin.sync().then(() => { - expect(github.rest.repos.updateBranchProtection).toHaveBeenCalledWith({ + + expect(github.rest.repos.updateBranchProtection).toHaveBeenCalledWith(expect.objectContaining({ owner: 'bkeepers', repo: 'test', branch: 'main', @@ -232,10 +314,10 @@ describe('Branches', () => { strict: true, contexts: ['check-1', 'check-2'] }, - enforce_admins: null, + enforce_admins: false, restrictions: null, headers: { accept: 'application/vnd.github.hellcat-preview+json,application/vnd.github.luke-cage-preview+json,application/vnd.github.zzzax-preview+json' } - }) + })) }) }) })