|
1 | 1 | # Safe-Settings |
2 | 2 |
|
3 | | -[Safe-Settings](https://github.com/github/safe-settings) is a way to manage |
4 | | -policy-as-code and apply repository settings across the organisation. A |
5 | | -[GitHub App](https://github.com/apps/rits-safe-settings) has been set up which |
6 | | -the [GitHub Action](../.github/workflows/safe-settings.yaml) uses to apply the |
7 | | -settings on a cron schedule. The settings here are a reduced set used in the |
8 | | -[https://github.com/UCL-MIRSG/.github repository](https://github.com/UCL-MIRSG/.github/tree/main/safe-settings). |
9 | | - |
10 | | -## Configuration Files |
11 | | - |
12 | | -There are four types of settings that can be applied: |
13 | | - |
14 | | -- [Deployment](https://github.com/github/safe-settings/blob/main-enterprise/docs/sample-settings/sample-deployment-settings.yml) |
15 | | - which defines deployment and runtime settings. |
16 | | -- [Organisation](https://github.com/github/safe-settings/blob/main-enterprise/docs/sample-settings/settings.yml) |
17 | | - which can be used to define org-level settings. |
18 | | -- [Repository](https://github.com/github/safe-settings/blob/main-enterprise/docs/sample-settings/repo.yml) |
19 | | - which can be used to define repo-level settings. |
20 | | -- [Suborganisation](https://github.com/github/safe-settings/blob/main-enterprise/docs/sample-settings/suborg.yml) |
21 | | - which can be used to define suborganisation-level settings. |
22 | | - |
23 | | -Beyond these example configurations one can read more about potential settings |
24 | | -to apply in the |
25 | | -[documentation](https://github.com/github/safe-settings/tree/main-enterprise/docs/github-settings). |
26 | | -The precedence order for configuration is `repository` > `suborganisation` > |
27 | | -`organisation`. |
28 | | - |
29 | | -## The Settings in This Repository |
30 | | - |
31 | | -### Deployment |
32 | | - |
33 | | -The [deployment settings](deployment.yaml) are used to exclude archived |
34 | | -repositories from the Safe-Settings app. This is because these repositories are |
35 | | -read-only and hence cannot be modified. Rather than having the GitHub Action |
36 | | -fail on these repositories, they are excluded from the run. |
37 | | - |
38 | | -### Organisation |
39 | | - |
40 | | -The [organisation settings](organisation.yaml) are used to define general |
41 | | -repository settings for all repositories across the organisation. These settings |
42 | | -are applied to all repositories unless the precedence order is overridden by the |
43 | | -suborganisation settings (or repository settings). |
44 | | - |
45 | | -### Suborganisation |
46 | | - |
47 | | -The [suborganisation settings](suborgs/rulesets.yaml) are being used to define |
48 | | -[rulesets](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets) |
49 | | -for all repositories across the organisation. The `rulesets` available in the |
50 | | -organisation settings are defined for the organisation itself rather than |
51 | | -individual repositories, so they cannot be set via organisation settings. This |
52 | | -hack is done through |
53 | | - |
54 | | -```yaml |
55 | | -suborgrepos: |
56 | | - - "*" |
57 | | -``` |
58 | | -
|
59 | | -at the top of the file. Further explanation can be found in the |
60 | | -[Safe-Settings issues](https://github.com/github/safe-settings/issues/553#issuecomment-2552578978). |
| 3 | +See instructions on the [UCL-MIRSG |
| 4 | +repository](https://github.com/UCL-MIRSG/.github/blob/main/safe-settings/README.md). |
0 commit comments