GitHub Organization Management Repository for StarlightRetail
This repository serves as the cornerstone for managing GitHub automation and governance within the StarlightRetail organization. It centralizes workflows and processes critical to ensuring a secure, compliant, and efficient setup for all repositories under the organization's ownership.
Key functionalities include enforcing repository visibility policies, maintaining a sanitized public-facing organization profile, and automating governance tasks to align with security and compliance best practices. These workflows simplify administrative overhead, improve organizational security posture, and ensure consistency across the GitHub presence of StarlightRetail.
- Repository Visibility Hardening: Automatically converts public repositories to private while preserving controlled public content in
STARLIGHTRETAIL/.github. - Organization Profile Management: Maintains the public-facing profile content in a separate repository (
STARLIGHTRETAIL/.github) for sanitized visibility. - CI/CD Integration: Streamlined workflows utilizing GitHub Actions for automation and governance.
- Secure Access Management: Utilizes organization secrets and scoped Personal Access Tokens for privileged operations.
| Technology | Purpose |
|---|---|
| GitHub Actions | Core automation platform for workflows and governance |
| YAML | Workflow definitions for CI/CD automations |
| Markdown | Documentation and public-facing profile content |
The repository is designed for seamless operation within the StarlightRetail organization. Below are the steps to run the hardening workflows effectively:
- GitHub Access:
- Ensure you are part of the StarlightRetail organization.
- Have adequate permissions to execute workflows (e.g., Org Admin).
- Organization Personal Access Token:
- Store an
ORG_ADMIN_PATsecret in this repository with the following scopes:admin:orgrepo
- Store an
Clone the repository using Git:
git clone https://github.com/STARLIGHTRETAIL/github.git
cd githubNo additional dependencies are required to execute workflows, as the repository utilizes native GitHub Actions functionality.
The layout is oriented around workflows and organization governance:
.github/ # GitHub meta-workflows and governance operations
├── workflows/ # CI/CD automation using GitHub Actions
│ ├── copilot-setup-steps.yml # Workflow for Copilot initialization
│ ├── harden-repos.yml # Workflow to enforce repository visibility
LICENSE # MIT License
README.md # Main documentation file
profile/ # Public-facing content for STARLIGHTRETAIL/.github
├── README.md # Sanitized content deployed as org profile
The workflow ensures all repositories in the StarlightRetail organization, except the public .github repository, remain private. Follow these steps:
- Navigate to the Workflows section in the repository:
Actions → Harden Repository Visibility - Select Run workflow and configure the parameters:
dry_run: (defaulttrue) Set tofalseto apply changes.
- Click Run workflow and monitor the logs for activity.
Triggered workflows perform the following:
- Validate repository visibility settings.
- Ensure public-facing content exists in the
.github/profilerepository.
Contributions to this repository are welcome! To ensure consistency and adherence to organizational policies, please follow these steps:
- Fork the repository and create a feature branch.
- Make your changes while adhering to the MIT License and organizational guidelines.
- Submit a pull request for review.
For more details, review the StarlightRetail contribution guide.
This repository is licensed under the MIT License. See the LICENSE file for details.
Note: All actions and workflows in this repository are subject to StarlightRetail's organizational policies. Ensure compliance with applicable governance rules when contributing or executing workflows.
StarlightRetail — Building the future of retail technology
Made with 💜 by the StarlightRetail team