Build software better, together (original) (raw)

A GitHub Probot App that monitors and prevents Public Repositories from being created in an organization.

Features

• Can convert newly created Public Repos to Private
• Can also be enabled for repos that switch visibility from private to public
  • Not enabled by default it is possible to restrict visibility changes to org owners directly in GitHub.
• Will create an issue in the repo explaining the action
• Monitor only mode will not change the repo visibility but will still create an issue
• Can set configuration parameters by using YAML file set in a specific repo for the entire org
• Can exclude certain repos
• Can set a list of users/groups to cc on every issue created

Get Started

1. Configure the GitHub App
2. [Recommended] Create repo named org-settings and in it a file .github/prevent-public-repos.yml as described in the How it Works section to configure settings (and override defaults)
3. It will then prevent public repos from being created

How it Works

By default when a new repository is created with Public visibility, an Issue will be created in the repository warning that it is Public to the internet [Monitor-Only mode is enabled].

A .github/prevent-public-repos.yml file is recommended to override the default settings created in Repository org-settings. This repository will contain global settings for the organization.

Configuration for Prevent-Public-Repos

Turn on Monitor Mode. In this mode the repo visibility is not modified and only an Issue is created

monitorOnly: true

Enables detection of repos that change visibility from private to public (not just newly created ones)

enablePrivateToPublic: false

Issue Title when repo is privatized

privatizedIssueTitle: '[CRITICAL] Public Repositories are Disabled for this Org'

Issue Body when repo is privatized

privatizedIssueBody: 'NOTE: Public Repos are disabled for this organization! Repository was automatically converted to a Private Repo. Please contact an admin to override.'

Issue Title when monitor mode is enabled

monitorIssueTitle: '[CRITICAL] Public Repository Created'

Issue Body when monitor mode is enable

monitorIssueBody: 'Please note that this repository is publicly visible to the internet!'

Users/Groups that should be cc'ed on the issue. Should be users/groups separated by a space.

ccList: '@user123 @user456'

Repos to exclude in detection. Should be a List of Strings.

excludeRepos: ['repo1', 'repo2']

When setting up this Probot App you can also set a number of Environment Variables