Skip to content

Add GitHub's Safe-Settings app to manage policy as code #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
paddyroddy wants to merge 3 commits into from
Closed

Add GitHub's Safe-Settings app to manage policy as code #4

paddyroddy wants to merge 3 commits into from

Conversation

@paddyroddy
Copy link
Member

@paddyroddy paddyroddy commented Jan 6, 2025

This is copying the work across in the @UCL-MIRSG organisation here UCL-MIRSG/.github#141 relating to the deployment of the https://github.com/github/safe-settings app. I recently gave a brief overview of this in the DevOps Hour slides. I have created an app with the appropriate permissions, which will need to be installed organisation wide once this PR is merged.

Safe-Settings has a lot of possible options, so I've gone for as little inoffensive ones as possible. These are currently:

@paddyroddy paddyroddy added enhancement New feature or request safe-settings Related to github/safe-settings deployment renovate Related to Renovate config labels Jan 6, 2025
@paddyroddy paddyroddy self-assigned this Jan 6, 2025
paddyroddy
paddyroddy commented Jan 6, 2025
View reviewed changes
safe-settings/suborgs/rulesets.yaml
@@ -0,0 +1,19 @@
# https://github.com/github/safe-settings/blob/main-enterprise/docs/sample-settings/suborg.yml
Copy link
Member Author

@paddyroddy paddyroddy Jan 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The downside of the app is things are mutually exclusive. If we are to enable this, it would disable any current rulesets. I've left it here for demonstration purposes.

@paddyroddy
Copy link
Member Author

paddyroddy commented Jan 6, 2025

Failing because the app isn't currently installed

@paddyroddy paddyroddy requested a review from samcunliffe January 6, 2025 16:39
@samcunliffe samcunliffe changed the title Add Safe-Settings app to manage policy as code Add GitHub's Safe-Settings app to manage policy as code Jan 7, 2025
samcunliffe
samcunliffe requested changes Jan 7, 2025
View reviewed changes
Copy link
Collaborator

@samcunliffe samcunliffe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocking temporarily until we've resolved the discussion over in @UCL-ARC...

@samcunliffe samcunliffe requested a review from jonc125 January 7, 2025 09:34
samcunliffe
samcunliffe reviewed Jan 7, 2025
View reviewed changes
safe-settings/organisation.yaml
---
repository:
allow_auto_merge: true
allow_update_branch: true
Copy link
Collaborator

@samcunliffe samcunliffe Jan 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we switch this to false and block all pushes to all branches?!

Copy link
Member Author

@paddyroddy paddyroddy Jan 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is something to discuss in the meeting I proposed. These are not meant to be the be-all and end-all settings.

@paddyroddy paddyroddy mentioned this pull request Jan 7, 2025
Merged
@paddyroddy
Copy link
Member Author

paddyroddy commented Jan 7, 2025

Blocking temporarily until we've resolved the discussion over in @UCL-ARC...

Do we have to? This could be used as another positive use-case alongside @UCL-MIRSG. It is very possible the @UCL-ARC one is never merged.

@jonc125
Copy link
Collaborator

jonc125 commented Jan 7, 2025

RC teams are still actively using this org, more so than UCL-ARC in some ways!

@paddyroddy
Copy link
Member Author

paddyroddy commented Jan 7, 2025

RC teams are still actively using this org, more so than UCL-ARC in some ways!

Which is exactly what @samcunliffe is trying to prevent...

@samcunliffe
Copy link
Collaborator

samcunliffe commented Sep 11, 2025

UCL-ARC/.github#24 (comment)

@paddyroddy
Copy link
Member Author

paddyroddy commented Sep 30, 2025

UCL-ARC/.github#24 (comment)

This feels a bit lazy. It would have been nice to have official decline or whatever from @jonc125. It's not stalled on my end.

@jonc125
Copy link
Collaborator

jonc125 commented Sep 30, 2025

I've confirmed the direction being taken for UCL-ARC. It doesn't seem worth spending time on UCL-RITS given we're trying to retire it as an active org, in my opinion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@samcunliffe samcunliffe samcunliffe requested changes

@jonc125 jonc125 Awaiting requested review from jonc125

Assignees

@paddyroddy paddyroddy

Labels

enhancement New feature or request renovate Related to Renovate config safe-settings Related to github/safe-settings deployment

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@paddyroddy @jonc125 @samcunliffe