-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathaction.yml
More file actions
242 lines (225 loc) · 9.46 KB
/
Copy pathaction.yml
File metadata and controls
242 lines (225 loc) · 9.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
name: 'Bulk GitHub Organization Settings Sync'
description: 'Bulk configure GitHub organization settings across multiple orgs'
branding:
icon: 'settings'
color: 'blue'
inputs:
# === Authentication ===
github-token:
description: 'GitHub token for API access (requires admin:org scope)'
required: true
github-api-url:
description: 'GitHub API URL (e.g., https://api.github.com for GitHub.com or https://ghes.domain.com/api/v3 for GHES). Instance URL is auto-derived.'
required: false
default: '${{ github.api_url }}'
# === Organization Selection ===
organizations:
description: 'Comma-separated list of organization names'
required: false
organizations-file:
description: 'Path to YAML file containing organization settings configuration (orgs.yml)'
required: false
# === Custom Properties ===
custom-properties-file:
description: 'Path to a YAML file defining custom property schemas to sync to target organizations'
required: false
delete-unmanaged-properties:
description: 'Delete custom properties not defined in the configuration file'
required: false
default: 'false'
# === Issue Types ===
issue-types-file:
description: 'Path to a YAML file defining issue type definitions to sync to target organizations'
required: false
delete-unmanaged-issue-types:
description: 'Delete issue types not defined in the configuration file'
required: false
default: 'false'
# === Issue Fields ===
issue-fields-file:
description: 'Path to a YAML file defining issue field definitions to sync to target organizations'
required: false
delete-unmanaged-issue-fields:
description: 'Delete issue fields not defined in the configuration file'
required: false
default: 'false'
# === Organization Profile ===
org-name:
description: 'Organization display name'
required: false
org-description:
description: 'Organization description (max 160 chars)'
required: false
org-company:
description: 'Company name'
required: false
org-location:
description: 'Location'
required: false
org-email:
description: 'Publicly visible email'
required: false
org-twitter-username:
description: 'Twitter/X username'
required: false
org-url:
description: 'Website URL'
required: false
org-blog:
description: 'Blog/website URL (deprecated: use org-url)'
required: false
# === Member Privileges ===
default-repository-permission:
description: 'Default permission level for org members on new repositories: read, write, admin, or none'
required: false
members-can-create-repositories:
description: 'Whether non-admin organization members can create repositories'
required: false
members-can-create-public-repositories:
description: 'Whether members can create public repositories'
required: false
members-can-create-private-repositories:
description: 'Whether members can create private repositories'
required: false
members-can-create-internal-repositories:
description: 'Whether members can create internal repositories (GHEC/GHES only)'
required: false
members-can-fork-private-repositories:
description: 'Whether members can fork private repositories'
required: false
web-commit-signoff-required:
description: 'Whether contributors must sign off on commits made through the web interface'
required: false
members-can-create-pages:
description: 'Whether members can create GitHub Pages sites'
required: false
members-can-create-public-pages:
description: 'Whether members can create public GitHub Pages sites'
required: false
members-can-create-private-pages:
description: 'Whether members can create private GitHub Pages sites'
required: false
members-can-invite-outside-collaborators:
description: 'Whether members can invite outside collaborators'
required: false
members-can-create-teams:
description: 'Whether members can create teams'
required: false
members-can-delete-repositories:
description: 'Whether members can delete repositories'
required: false
members-can-change-repo-visibility:
description: 'Whether members can change repository visibility'
required: false
members-can-delete-issues:
description: 'Whether members can delete issues'
required: false
default-repository-branch:
description: 'Default branch name for new repositories created in the organization'
required: false
deploy-keys-enabled-for-repositories:
description: 'Whether deploy keys can be added to repositories'
required: false
readers-can-create-discussions:
description: 'Whether users with read access can create discussions'
required: false
members-can-view-dependency-insights:
description: 'Whether members can view dependency insights'
required: false
display-commenter-full-name-setting-enabled:
description: 'Whether to display commenter full name in issues and PRs'
required: false
# === Organization Role Team Assignments ===
organization-role-team-assignments-file:
description: 'Path to a YAML file defining organization role team assignments to sync'
required: false
# === Custom Roles (GHEC only) ===
custom-org-roles-file:
description: 'Path to a YAML file defining custom organization role definitions to sync (requires GitHub Enterprise Cloud)'
required: false
delete-unmanaged-org-roles:
description: 'Delete custom organization roles not defined in the configuration file'
required: false
default: 'false'
custom-repo-roles-file:
description: 'Path to a YAML file defining custom repository role definitions to sync (requires GitHub Enterprise Cloud)'
required: false
delete-unmanaged-repo-roles:
description: 'Delete custom repository roles not defined in the configuration file'
required: false
default: 'false'
# === .github / .github-private Repository Sync ===
dot-github-source-dir:
description: 'Path to a local directory whose contents should be synced to the .github repository in each target organization (creates a PR with changes)'
required: false
dot-github-private-source-dir:
description: 'Path to a local directory whose contents should be synced to the .github-private repository in each target organization (creates a PR with changes)'
required: false
create-missing-dot-github-repos:
description: 'Whether to create missing .github / .github-private repositories before syncing (only applies to repos with a configured source-dir). Requires administration: write on the GitHub App at the org level.'
required: false
default: 'false'
dot-github-repo-visibility:
description: 'Visibility to use when creating the .github repository: public, private, or internal. EMU and restricted-GHEC orgs should set this to internal.'
required: false
default: 'public'
dot-github-private-repo-visibility:
description: 'Visibility to use when creating the .github-private repository: public, private, or internal.'
required: false
default: 'private'
# === Rulesets ===
rulesets-file:
description: 'Comma-separated paths to JSON files, each containing a single organization ruleset configuration to sync'
required: false
delete-unmanaged-rulesets:
description: 'Delete all other rulesets besides those being synced'
required: false
default: 'false'
# === Code Security Configurations ===
code-security-configurations-file:
description: 'Path to a YAML file defining code security configurations to sync to target organizations'
required: false
delete-unmanaged-code-security-configurations:
description: 'Delete code security configurations not defined in the configuration file'
required: false
default: 'false'
# === Actions Policy ===
actions-policy-allowed-actions:
description: 'Allowed GitHub Actions policy: all, local_only, or selected'
required: false
actions-policy-github-owned-allowed:
description: 'Whether GitHub-owned actions are allowed (only when allowed-actions is selected)'
required: false
actions-policy-verified-allowed:
description: 'Whether actions from GitHub Marketplace verified creators are allowed (only when allowed-actions is selected)'
required: false
actions-allow-list-file:
description: 'Path to a YAML file defining allowed actions/reusable workflow patterns (only when allowed-actions is selected)'
required: false
actions-policy-default-workflow-permissions:
description: 'Default GITHUB_TOKEN permissions for workflows: read or write'
required: false
actions-policy-actions-can-approve-pull-request-reviews:
description: 'Whether GitHub Actions can approve pull request reviews'
required: false
# === Execution Options ===
dry-run:
description: 'Preview changes without applying them (logs what would be changed)'
required: false
default: 'false'
outputs:
updated-organizations:
description: 'Number of organizations successfully processed (changed + unchanged)'
changed-organizations:
description: 'Number of organizations with reportable changes (or would have in dry-run mode)'
unchanged-organizations:
description: 'Number of organizations with no reportable changes'
failed-organizations:
description: 'Number of organizations that failed to update'
warning-organizations:
description: 'Number of organizations that emitted warnings'
results:
description: 'JSON array of update results for each organization'
runs:
using: 'node24'
main: 'dist/index.js'