The usage of Version Control Systems (VCS) continues to increase in organizations around the world. As the backbone of development workflows, these systems require proper planning and management. This is where IT departments play a crucial role in implementing the right setup and control mechanisms.
In this post we will be focusing on GitHub and taking a deep dive into Safe-Settings, a tool that allows us to set, manage, and control repository settings.
Safe-Setting is a Node.js-based application that sets 'policy as code' settings for GitHub repositories. This means that repository configurations are not just static settings; they're programmable, trackable, and version-controlled, just like your source code.
The settings, configured using YAML files, can be applied at an organization, sub-organization, or repository level, with more specific level settings taking precedence over the higher ones.
General repository settings like name, description, topics, features, and so on can be easily managed, leading to better identification and standardization of our GitHub Organizations and repositories. The consistency across repositories can enhance code readability and usability, saving developers' time and reducing the learning curve for new hires.
With Safe-Settings you can also automate the creation of the repositories using the repository level settings file. If your repository settings file includes the 'force_create: true' and 'auto_init: true', the repository will be automatically created and initialized, thereby streamlining and accelerating the setup process.
Branch merge strategy, protection rules, teams and collaborator permissions are also settings available to be configured through Safe-Settings. This allows us to add security and control to the repositories, ensuring that only authorized individuals can make changes, and reducing the risk of accidental or malicious alterations.
So, how does it work?
Safe-Settings can be deployed as Docker containers or to Kubernetes using helm. It also supports other platforms like Glitch and Heroku. The application communicates with GitHub using a GitHub App. Once the GitHub App is created, its 'app-id, private key, and webhook secret' need to be passed or configured in the Safe-Settings app. Additionally, a set of permissions and events need to be configured on the GitHub App settings page to allow the Safe-Settings to manage the repositories.
.
Once the communication and configuration are set, we can now define our settings files to start managing the repositories. The Safe-Settings app looks at the settings files configured in an 'Admin repository' within the organization it is installed on. A single application can be used on multiple organizations; However, an 'Admin repository' and respective settings files need to be defined in each organization.
Beside the GitHub events, the Safe-Settings can be configured to run at a desired time interval using a 'node_cron' schedule defined in the application. While this makes sense for the end state of your deployment, it is not mandatory. With the events and permissions set in the GitHub App, a change to a setting, a pull request, or the creation of a new repository, among other events, will send a webhook and trigger the application's execution. This gives us more control over when and how your settings are applied.
Conclusion
To sum it up, If you want to automate the creation of your GitHub repositories with configuration and security standards, and on a centralized management model, take a look at GitHub Safe-Settings. It is an easy to setup and configure tool for managing GitHub repository settings.
GitHub Safe-Settings official repository
TL;DR
Safe-Settings is a tool for managing GitHub repository settings. It allows you to programmatically set and control repository configurations using YAML files. You can manage general repository settings, automate repository creation, and configure branch merge strategy, protection rules, and permissions. Safe-Settings can be deployed as Docker containers or on platforms like Glitch and Heroku. It communicates with GitHub using a GitHub App and can be triggered by events or scheduled intervals. It provides an easy and centralized way to automate repository creation and manage GitHub settings.
Tags:
Platform EngineeringJune 27, 2023