[org]
name = "my-github-org"
[security]
secret_scanning = true
secret_scanning_ai_detection = true
push_protection = true
dependabot_alerts = true
dependabot_security_updates = true
[templates]
branch = "chore/ward-setup"
reviewers = ["alice", "bob"]
commit_message_prefix = "chore: "
[templates.registries.gradle-artifactory]
type = "maven-repository"
url = "https://your-artifactory.example.com/artifactory/maven"
[branch_protection]
enabled = true
required_approvals = 1
dismiss_stale_reviews = true
require_code_owner_reviews = false
require_status_checks = true
strict_status_checks = false
enforce_admins = false
required_linear_history = false
allow_force_pushes = false
allow_deletions = false
[rulesets.branch_protection]
enabled = true
enforcement = "active"
required_approvals = 1
dismiss_stale_reviews = true
require_code_owner_reviews = false
required_status_checks = ["ci"]
require_linear_history = false
block_force_pushes = true
block_deletions = true
[[systems]]
id = "backend"
name = "Backend Services"
exclude = ["operations?", "workflows", "system"]
teams = [
{ slug = "developers", permission = "push" },
{ slug = "devops", permission = "admin" },
]
[[systems]]
id = "frontend"
name = "Frontend Apps"
exclude = ["operations?", "workflows"]
[[systems]]
id = "platform"
name = "Platform & Infra"
exclude = ["operations?", "workflows"]
[[policies]]
name = "no-public-repos"
rule = "visibility != 'public'"
severity = "error"
[[policies]]
name = "require-secret-scanning"
rule = "security.secret_scanning"
severity = "error"
[[policies]]
name = "minimum-approvers"
rule = "branch_protection.required_approvals >= 1"
severity = "warning"