repository.yml

# define the protected branches for the repository
protected_branches: 
  - name: main
    required_pull_request_reviews: 
      dismiss_stale_reviews: false
      require_code_owner_reviews: true
      require_last_push_approval: true
      required_approving_review_count: true
      dismissal_restrictions: 
        users: 
          - dcodx
        teams:
          - dcodx
        apps:
          - dcodx
    required_status_checks: 
      strict: true
      contexts: 
        - context1
        - context2
    required_signatures: true
    enforce_admins: true
    required_linear_history: true
    allow_force_pushes: false
    allow_deletions: false
    block_creations: true
    required_conversation_resolution: true
    lock_branch: false
    allow_fork_syncing: true
  - name: staging
  - name: test
  - name: dev
    required_conversation_resolution: false
    required_pull_request_reviews: true
    allow_fork_syncing: false

     
file_exists:
  - .github/CODEOWNERS
  - README.md
  - SECURITY.md


advanced_security:
  ghas: true
  secret_scanning: true
  secret_scanning_push_protection: true
  secret_scanning_validity_check: true
  dependabot_alerts: true
  dependabot_security_updates: true
  dependabot_version_updates: true
  code_scanning: true

allowed_actions:
  permission: selected # all, local_only, selected, none
  selected:
    github_owned_allowed: true
    verified_allowed: true
    patterns_allowed:
      - "veracode/*"
      - "dcodx/*"
     
workflows:
  permission: read # read, write
  approve_pull_requests: false
  access_level: none # none, organization, enterprise, user

runners:
  self_hosted_allowed: false
  self_hosted_allowed_os:
    - linux
    - windows
  #self_hosted_allowed_labels:
  #  - azure-lambda-prod
  #  - aws-dcodx-ec2-prod
  #self_hosted_allowed_groups: only available for Enterprise GH users
  #  - "group1"
  #  - "group2"
  

webhooks:
  allowed_domains:
    - github.com
  allow_insecure_ssl: false
  allowed_events:
    - pull
  mandatory_secret: false