repository-settings / app

Pull Requests for GitHub repository settings
https://github.com/apps/settings
ISC License
934 stars 180 forks source link
github-app probot-app

GitHub Repository Settings

This GitHub App syncs repository settings defined in .github/settings.yml to GitHub, enabling Pull Requests for repository settings.

Node CI Workflow Status Renovate

Table of Contents

Usage

Install

To gain the benefits of the Repository Settings app, it will need to installed as a GitHub App on your repositories. First, choose which approach to using the Repository Settings App is most appropriate for you:

Hosted GitHub.com App

A hosted version is provided for use with GitHub.com.

Install the app on your repositories or entire organization.

Powered by Vercel

Self-Hosted App

If you would prefer to self-host your own instance, see the documentation about self-hosting if you would like to run your own instance of this app.

Configuration

Now that you have the repository settings app installed for your repositories, see the documentation about configuration for details about updating your repository settings through pull-requests.

Security Implications

[!Caution] Note that this app inherently escalates anyone with push permissions to the admin role, since they can push config settings to the default branch, which will be synced. Use caution when merging PRs and adding collaborators.

One way to preserve admin/push permissions is to utilize the GitHub CodeOwners feature to set one or more administrative users as the code owner of the .github/settings.yml file, and turn on "require code owner review" for the default branch. This does have the side effect of requiring code owner review for the entire branch, but helps preserve permission levels.