Skip to content

4. teams.md

Latest commit

 

History

History
65 lines (52 loc) · 3.24 KB

4. teams.md

File metadata and controls

65 lines (52 loc) · 3.24 KB

Configuring team permissions

If your organizations default to push/write permissions, it is still required that a team have access to the repository explicitly in order for CODEOWNERS to recognize the team as a valid owner. To add teams with custom permissions, use the collaborators endpoint.

Note

This section can be applied to repos/<file>.yml or suborgs/<file>.yml. It will most commonly appear in the individual repos though.

Example team definition

# These settings are synced to GitHub by https://github.com/github/safe-settings
teams:
  - name: JusticeLeague
    permission: maintain
  - name: Avengers
    permission: maintain

Team API Spec

Tip

GitHub's API documentation defines these inputs and types:

  1. Add or update team repository permissions

namestring${\text{\color{orange}Required}}$

The slug of the team name.

 
teams:
  - name: JusticeLeague
    permission: maintain
...

permissionstring

The permission to grant the team on this repository. We accept the following permissions to be set: pull, triage, push, maintain, admin and you can also specify a custom repository role name, if the owning organization has defined any. If no permission is specified, the team's permission attribute will be used to determine what permission to grant the team on this repository.

Default: push

 
teams:
  - name: SuperFriends
    permission: maintain

external_groupstring

Optional. The display name of an external IdP group (as listed under your organization's external groups) to link to the team. safe-settings looks up the group's id by display name via GET /orgs/{org}/external-groups and links the team via PATCH /orgs/{org}/teams/{team_slug}/external-groups. The link is reconciled on every sync and is idempotent (it skips the PATCH when the team is already linked to the same group). The external-groups list is fetched at most once per org per sync, only when at least one team entry uses this property. If the named group does not exist for the org, an error is logged and the team-repo association still applies.

 
teams:
  - name: expert-services-developers
    permission: push
    external_group: "Engineering - Expert Services"