Environments configured at suborg cause error in repository configuration in .github/repos

Problem Description

When creating a specific repository yaml file for a repo in ./github/repos that has environments provisioned at the suborg level, an error appears for the repository with the message below.

Error HttpError: Resource not accessible by integration in Environments for repo: {"owner":"rbc-internal","repo":"0Z50_backend"} entries [{"name":"development","wait_timer":0,"prevent_self_review":true,"reviewers":[{"type":"Team","id":566}],"deployment_branch_policy":{"protected_branches":true,"custom_branch_policies":false}},{"name":"qa","wait_timer":0,"prevent_self_review":true,"reviewers":[{"type":"Team","id":567}],"deployment_branch_policy":{"protected_branches":true,"custom_branch_policies":false}},{"name":"production","wait_timer":0,"prevent_self_review":true,"reviewers":[{"type":"Team","id":568}],"deployment_branch_policy":{"protected_branches":true,"custom_branch_policies":false}}]

The yaml definition used for ./github/suborgs/XXXX.yaml is:

suborgrepos:
  - XXXX*

suborgteams:
  - APP_XXXX_DevUser
  - APP_XXXX_QAUser
  - APP_XXXX_ProdUser
  - APP_XXXX_ReadUser
  - APP_XXXX_DevAdminUser

repository:
  auto_init: true
  topics:
    - XXXX
  private: false
  visibility: public
  has_issues: true
  has_projects: true
  has_wiki: true
  default_branch: main
  gitignore_template: node
  license_template: mit
  allow_squash_merge: true
  allow_merge_commit: true
  allow_rebase_merge: true
  allow_auto_merge: true
  delete_branch_on_merge: true
  allow_update_branch: true

labels:
  - name: XXXX
    color: CC0000
    description: Appcode associated with the repositories.
  - name: bug
    color: CC0000
    description: An issue with the system
  - name: feature
    color: '#336699'
    description: New functionality.

teams:
  - name: APP_XXXX_DevUser
    permission: dev_user
  - name: APP_XXXX_QAUser
    permission: push
  - name: APP_XXXX_ProdUser
    permission: admin
  - name: APP_XXXX_ReadUser
    permission: push
  - name: APP_XXXX_DevAdminUser
    permission: admin

environments:
  - name: development
    wait_timer: 0
    prevent_self_review: true
    reviewers:
      - type: Team
        id: 1914
    deployment_branch_policy:
      protected_branches: true
      custom_branch_policies: false
  - name: qa
    wait_timer: 0
    prevent_self_review: true
    reviewers:
      - type: Team
        id: 1915
    deployment_branch_policy:
      protected_branches: true
      custom_branch_policies: false
  - name: production
    wait_timer: 0
    prevent_self_review: true
    reviewers:
      - type: Team
        id: 1916
    deployment_branch_policy:
      protected_branches: true
      custom_branch_policies: false

branches:
  - name: default
    protection:
      required_pull_request_reviews:
        required_approving_review_count: 2
        dismiss_stale_reviews: true
        require_code_owner_reviews: true
        require_last_push_approval: true
        bypass_pull_request_allowances:
          apps: []
          users: []
          teams: []
        dismissal_restrictions:
          users: []
          teams: [APP_XXXX_DevUser]
      required_status_checks:
        strict: true
        contexts: []
      enforce_admins: true
      restrictions:
        apps: []
        users: []
        teams: []

The yaml definition I used for ./github/repos/XXXX_backend.yml is:

repository: 
  name: XXXX_backend
  topics:
    - XXXX
  visibility: private

If I add the environments explicitly to the ./github/repos/XXXX_backend.yml file the same error persists.

If I remove the environments section in .github/suborgs/XXXX.yml suborg and in .github/repos/XXXX_backend.yml, safe-settings succeeds for both the suborg configurations and specific repository override definition in .github/repos/XXXX_backend.yml.

If the environments block is referenced in the suborg yaml, it will always error when a specific repository yaml file is added to to ./github/repos folder for that specific repo override in ./github/repos. The error appears when the suborg also matches the specific repo override file in ./github/repos.

If the suborg yaml for XXXX* does not have an environments block declared, the file in ./github/repos folder will succeed for that suborg.

What is actually happening

safe-settings returns an error when there are environments configured at the suborg level.

What is the expected behavior

The suborg should provision most of the configuration for the repositories and for this use case, we only want to override repository visibility on a few repositories.

Error output, if available

Error HttpError: Resource not accessible by integration in Environments for repo: {"owner":"rbc-internal","repo":"0Z50_backend"} entries [{"name":"development","wait_timer":0,"prevent_self_review":true,"reviewers":[{"type":"Team","id":566}],"deployment_branch_policy":{"protected_branches":true,"custom_branch_policies":false}},{"name":"qa","wait_timer":0,"prevent_self_review":true,"reviewers":[{"type":"Team","id":567}],"deployment_branch_policy":{"protected_branches":true,"custom_branch_policies":false}},{"name":"production","wait_timer":0,"prevent_self_review":true,"reviewers":[{"type":"Team","id":568}],"deployment_branch_policy":{"protected_branches":true,"custom_branch_policies":false}}]

Context

Are you using the hosted instance of probot/settings or running your own?

Running safe settings on AKS with ingress for webhook.

If running your own instance, are you using it with github.com or GitHub Enterprise?

GitHub Enterprise

Version of probot/settings

Running Probot v12.3.3 (Node.js: v16.20.2)

Version of GitHub Enterprise

GitHub Enterprise Server 3.11

github / safe-settings