reposets Configuration
Configuration for the reposets CLI tool for syncing GitHub repository settings
| Type | object |
|---|---|
| File match |
reposets.config.toml
reposets.config.json
|
| Schema URL | https://catalog.lintel.tools/schemas/schemastore/reposets-configuration/latest.json |
| Source | https://raw.githubusercontent.com/spencerbeggs/reposets/main/package/schemas/reposets.config.schema.json |
Validate with Lintel
npx @lintel/lintel checkConfiguration for syncing GitHub repository settings, secrets, variables, rulesets, and deployment environments
Properties
Named groups of repositories with their settings, secrets, variables, rulesets, and environment assignments
Default GitHub user or organization for all groups. Can be overridden per group.
Named groups of GitHub repository settings to apply
Named groups of secrets. Each group is one kind: file, value, or resolved.
Named groups of variables. Each group is one kind: file, value, or resolved.
Named rulesets defining branch and tag protection rules
Named deployment environment configurations
Definitions
Controls output verbosity: silent (none), info (summaries), verbose (per-operation), debug (with sources)
GitHub repository settings to apply. Known fields are typed; additional fields are passed through to the API.
Whether the repository is a template that can be used to generate new repositories
Enable the wiki feature for the repository
Enable the issues feature for the repository
Enable the projects feature for the repository
Enable the discussions feature for the repository
Display a Sponsor button for the repository (synced via GraphQL)
Enable the pull requests feature for the repository (synced via GraphQL)
Allow forking of the repository
Allow merge commits when merging pull requests
Allow squash merging when merging pull requests
Allow rebase merging when merging pull requests
Allow pull requests to be automatically merged once all requirements are met
Show the update branch button on pull requests
Default title for squash merge commits: PR_TITLE uses the pull request title, COMMIT_OR_PR_TITLE uses the commit message if only one commit, otherwise the PR title
Default message body for squash merge commits: PR_BODY uses the pull request body, COMMIT_MESSAGES concatenates all commit messages, BLANK leaves it empty
Default title for merge commits: PR_TITLE uses the pull request title, MERGE_MESSAGE uses the classic merge message
Default message body for merge commits: PR_BODY uses the pull request body, PR_TITLE uses the PR title, BLANK leaves it empty
Automatically delete head branches after pull requests are merged
Require contributors to sign off on web-based commits
A group of secrets. Must be exactly one kind: file, value, or resolved.
A group of variables. Must be exactly one kind: file, value, or resolved.
A set of rules to apply when specified conditions are met
A ruleset that applies to branches
The name of the ruleset (used for matching when creating or updating)
disabled = off, active = enforced, evaluate = test mode (GitHub Enterprise only)
This ruleset applies to branches
Conditions that determine when the ruleset applies
1 nested properties
Conditions for matching ref names (branches or tags)
2 nested properties
Ref name patterns to include. Accepts ~DEFAULT_BRANCH, ~ALL, or glob patterns.
Ref name patterns to exclude
When true, adds a creation rule
When true, adds an update rule with update_allows_fetch_and_merge: true
When true, adds a deletion rule
When true, adds a required_linear_history rule
When true, adds a required_signatures rule
When true, adds a non_fast_forward rule
Deployment environments that must succeed; converts to required_deployments rule
Shorthand for specifying ref_name conditions: 'default', 'all', or custom patterns
Simplified status checks configuration
4 nested properties
Status checks that must pass
PRs must be tested with the latest code
When false, allows branch creation even if checks would prohibit it
Default integration ID applied to all checks that do not specify one
Commit message pattern rules
Commit author email pattern rules
Committer email pattern rules
Simplified pull request configuration (branch rulesets only)
7 nested properties
Dismiss previous approvals when new commits are pushed
Require review from code owners for files they own
Most recent push must be approved by someone other than the pusher
All review conversations must be resolved before merging
Allowed merge methods. At least one must be enabled.
Teams that must approve specific file patterns
Merge queue configuration
7 nested properties
an integer
Whether all commits or only the head commit must pass checks
an integer
an integer
Merge method for queued PRs
an integer
an integer
Copilot code review configuration
2 nested properties
Review draft PRs before they are marked ready
Review each new push to the PR
Code scanning tool requirements
Required workflow configuration
2 nested properties
Workflows that must pass for this rule
Enforce workflows when a branch is created (false = skip on creation)
Branch name pattern rules
Conditions that determine when the ruleset applies
Conditions for matching ref names (branches or tags)
2 nested properties
Ref name patterns to include. Accepts ~DEFAULT_BRANCH, ~ALL, or glob patterns.
Ref name patterns to exclude
Conditions for matching ref names (branches or tags)
Ref name patterns to include. Accepts ~DEFAULT_BRANCH, ~ALL, or glob patterns.
Ref name patterns to exclude
An actor that can bypass rules in a ruleset
The type of actor that can bypass a ruleset
The ID of the actor, or a { resolved } reference to a credential label.
When the specified actor can bypass the ruleset
an integer
A reference to a credential-resolved value
Reference to a named value in the active credential profile's resolve section
Shorthand for specifying ref_name conditions: 'default', 'all', or custom patterns
An include or exclude pattern for ref matching
Simplified status checks configuration
Status checks that must pass
PRs must be tested with the latest code
When false, allows branch creation even if checks would prohibit it
Default integration ID applied to all checks that do not specify one
A pattern matching rule with operator, pattern, and optional name/negate
The operator to use for matching
The pattern to match
Display name for this pattern rule
If true, the rule fails when the pattern matches
Simplified pull request configuration (branch rulesets only)
Dismiss previous approvals when new commits are pushed
Require review from code owners for files they own
Most recent push must be approved by someone other than the pusher
All review conversations must be resolved before merging
Allowed merge methods. At least one must be enabled.
Teams that must approve specific file patterns
Merge queue configuration
an integer
Whether all commits or only the head commit must pass checks
an integer
an integer
Merge method for queued PRs
an integer
an integer
Copilot code review configuration
Review draft PRs before they are marked ready
Review each new push to the PR
A code scanning tool with alert thresholds
Name of the code scanning tool
Severity level at which alerts block updates
Severity level at which security alerts block updates
Required workflow configuration
Workflows that must pass for this rule
Enforce workflows when a branch is created (false = skip on creation)
A ruleset that applies to tags
The name of the ruleset (used for matching when creating or updating)
disabled = off, active = enforced, evaluate = test mode (GitHub Enterprise only)
This ruleset applies to tags
Conditions that determine when the ruleset applies
1 nested properties
Conditions for matching ref names (branches or tags)
2 nested properties
Ref name patterns to include. Accepts ~DEFAULT_BRANCH, ~ALL, or glob patterns.
Ref name patterns to exclude
When true, adds a creation rule
When true, adds an update rule with update_allows_fetch_and_merge: true
When true, adds a deletion rule
When true, adds a required_linear_history rule
When true, adds a required_signatures rule
When true, adds a non_fast_forward rule
Deployment environments that must succeed; converts to required_deployments rule
Shorthand for specifying ref_name conditions: 'default', 'all', or custom patterns
Simplified status checks configuration
4 nested properties
Status checks that must pass
PRs must be tested with the latest code
When false, allows branch creation even if checks would prohibit it
Default integration ID applied to all checks that do not specify one
Commit message pattern rules
Commit author email pattern rules
Committer email pattern rules
Tag name pattern rules
Configuration for a GitHub deployment environment
an integer
Prevent the user who triggered the deployment from approving it
Users or teams required to approve deployments to this environment
Controls which branches can deploy. Use "all", "protected", or a list of custom policies.
A user or team required to review deployments
Whether the reviewer is an individual user or a team
The numeric GitHub ID of the user or team
Controls which branches can deploy. Use "all", "protected", or a list of custom policies.
A custom branch or tag pattern that deployments are allowed from
The name pattern (branch name, tag name, or glob) to allow deployments from
Whether this policy matches branches or tags. Defaults to "branch".
A named group of repositories with their resource assignments
List of repository names (without owner prefix) to sync in this group
GitHub user or organization that owns these repos. Overrides the top-level owner.
Name of the credential profile to use. If only one profile exists, it is used automatically.
Names of settings groups to apply to these repos
Names of environment definitions to create/update for these repos
Assign secret groups to GitHub secret scopes (actions, dependabot, codespaces, environments)
4 nested properties
Secret groups to sync as GitHub Actions repository secrets
Secret groups to sync as Dependabot secrets
Secret groups to sync as Codespaces secrets
Map of environment names to secret group references
Assign variable groups to GitHub variable scopes (actions, environments)
2 nested properties
Variable groups to sync as GitHub Actions repository variables
Map of environment names to variable group references
Names of rulesets to apply to these repos
Controls deletion of resources not declared in config. All disabled by default.
4 nested properties
Delete repository rulesets not declared in any referenced ruleset group
Assign secret groups to GitHub secret scopes (actions, dependabot, codespaces, environments)
Secret groups to sync as GitHub Actions repository secrets
Secret groups to sync as Dependabot secrets
Secret groups to sync as Codespaces secrets
Map of environment names to secret group references
Assign variable groups to GitHub variable scopes (actions, environments)
Variable groups to sync as GitHub Actions repository variables
Map of environment names to variable group references
Controls deletion of resources not declared in config. All disabled by default.
Delete repository rulesets not declared in any referenced ruleset group
Controls deletion of secrets by scope (Actions, Dependabot, Codespaces, environments).
Delete Actions secrets not declared in any referenced secret group
Delete Dependabot secrets not declared in any referenced secret group
Delete Codespaces secrets not declared in any referenced secret group
Delete environment secrets not declared in any referenced secret group
Controls cleanup for a single resource scope. false disables cleanup, true enables full cleanup, or specify names to preserve.
Controls deletion of variables by scope (Actions, environments).
Delete Actions variables not declared in any referenced variable group
Delete environment variables not declared in any referenced variable group