{"id":22071130,"url":"https://github.com/andyfeller/issueops-createrepo","last_synced_at":"2025-10-17T21:01:55.940Z","repository":{"id":61322193,"uuid":"546212052","full_name":"andyfeller/issueops-createrepo","owner":"andyfeller","description":"GitHub Action solution for creating repository through GitHub issue workflows.","archived":false,"fork":false,"pushed_at":"2022-10-25T12:04:14.000Z","size":2511,"stargazers_count":8,"open_issues_count":3,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2023-03-11T09:17:35.018Z","etag":null,"topics":["actions","issueops","repository"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andyfeller.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null}},"created_at":"2022-10-05T18:10:38.000Z","updated_at":"2023-03-02T17:10:39.000Z","dependencies_parsed_at":"2023-01-20T14:18:32.008Z","dependency_job_id":null,"html_url":"https://github.com/andyfeller/issueops-createrepo","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andyfeller%2Fissueops-createrepo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andyfeller%2Fissueops-createrepo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andyfeller%2Fissueops-createrepo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andyfeller%2Fissueops-createrepo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andyfeller","download_url":"https://codeload.github.com/andyfeller/issueops-createrepo/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227424783,"owners_count":17775351,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","issueops","repository"],"created_at":"2024-11-30T20:23:51.785Z","updated_at":"2025-10-17T21:01:55.934Z","avatar_url":"https://github.com/andyfeller.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# IssueOps for creating GitHub repositories\n\n## Motivation\n\nMany enterprises struggle around [repository creation](https://docs.github.com/en/enterprise-cloud@latest/repositories/creating-and-managing-repositories/creating-a-new-repository), balancing best practices with developer experience:\n\n- How visible should this be?\n- Is access being only being granted to teams?\n- Are branch protection rules in place?\n- Is it clear who owns the repository?\n- Can we satisfy regulatory requirements around controls?\n\nFor enterprises that cannot allow developers to create repositories directly, the following solution walks through a possible solution built around native GitHub functionality to provide a transparent, auditable, and minimal process to facilitate repository creation needs.\n\n## Overview\n\nLike many internal GitHub processes, this solution is built leveraging [issue forms](https://docs.github.com/en/enterprise-cloud@latest/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms) and [actions](https://docs.github.com/en/enterprise-cloud@latest/actions) to facilitate requests for repository creation.\n\n![Screenshot of create repository issue form](docs/create-repo-new-issue-form.png)\n\nUpon filling out the issue form, a team of people can review and approve requests without having to be organization owners.\n\n![Screenshot of portion of create repository issue that has been fulfilled](docs/create-repo-short.png)\n\nFor faster response time, leverage [Slack](https://slack.github.com/) or [Microsoft Teams](https://teams.github.com/) integrations to notify responsible party when issues are created.\n\n## Benefits\n\n1. Self-documenting process\n1. Auditable as issues and comments are preserved in 1 place\n1. Capable of notifying relevant parties in a timely manner\n1. Leverages GitHub App for necessary elevated permissions\n1. Assign people to review and approve from a designated team, no organization owner access needed\n\n## Prerequisites\n\n1. [GitHub issue forms](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms) access\n1. Ability to setup one of supported mechanisms for escalated privileges:\n   1. Enterprise Personal Access Token (PAT)  _(require enterprise owner access)_\n   1. GitHub App  _(requires organization owner access)_\n\n## Setup\n\n### Step 1: Authentication setup\n\n**Choose one of the following based on your situation, both are equally valuable and supported**\n\n#### Option 1: GitHub App for organization-wide usage\n\nThe GitHub App route of gaining elevated access to an organization is that it is not tied to a user and does not cost a user license.  The downside is that GitHub Apps are organization specific, so this approach can only managed the 1 organization.\n\n1. [Create new GitHub App](https://docs.github.com/en/enterprise-cloud@latest/developers/apps/building-github-apps/creating-a-github-app) with the following:\n\n   - **Homepage URL**:  URL of repository containing workflow and issue forms\n   - **Webhooks**:  disable\n   - **Repository permissions**:\n     - administration (read and write)\n     - issues (read and write)\n   - **Organization permissions**:\n     - members (read-only)\n\n1. Generate [private key](https://docs.github.com/en/enterprise-cloud@latest/developers/apps/building-github-apps/authenticating-with-github-apps)\n\n   _Note: we will need this and the App ID shortly in setting up GitHub Action secrets_\n\n1. [Install newly created GitHub App](https://docs.github.com/en/enterprise-cloud@latest/developers/apps/managing-github-apps/installing-github-apps) into the organization\n\n1. Create the following [repository secrets](https://docs.github.com/en/enterprise-cloud@latest/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository):\n\n   1. `APP_ID`:  using the App ID from the General \u003e About section of the GitHub App\n   1. `APP_PEM`:  using the downloaded private key from the General \u003e Private keys section of the GitHub App\n\n\n#### Option 2: Enterprise Personal Access Token (PAT) for enterprise-wide usage\n\nThe Enterprise PAT route of gaining elevated access to an organization is that it can manage multiple organization across an enterprise.  The downside is that it is tied to a user account, which should be a machine user to avoid disturbances when people are offboarded.\n\n1. Generate [personal access token](https://github.com/settings/tokens) under the machine user account with the following permissions:\n\n   - **repo**\n   - **read:org**\n\n1. Create the following [repository secrets](https://docs.github.com/en/enterprise-cloud@latest/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository):\n\n   1. `ISSUEOPS_TOKEN`:  using personal access token of the machine user account\n\n### Step 2: Organization teams for review and approval\n\n1. Create and populate organization teams with individuals for various roles:\n\n   - **`lgtm`**: individuals who can approve requests\n   - **`lgtm-reviewers`**: nested team of `lgtm` of individuals who will be assigned to review and approve requests\n\n   ![Screenshot illustrating nested team relationship described above](https://user-images.githubusercontent.com/2089743/169402822-cff62b00-316d-4841-ad8b-dfb04133d55f.png)\n\n### Step 3: GitHub Action workflow setup\n\n1. Create repository containing the following issue labels:\n\n   - `administration`\n   - `createrepo`\n\n1. Create `.github` directory containing [issue forms and workflows from `assets` directory](assets)\n\n   ```\n   └── .github\n       ├── ISSUE_TEMPLATE\n       │   └── createrepo.yml\n       └── workflows\n           ├── createrepo_assign.yml\n           ├── createrepo_fulfill.yml\n           └── createrepo_validate.yml\n   ```\n\n1. Update the list of organizations in **repository-owner** field within `.github/ISSUE_TEMPLATE/createrepo.yml`:\n\n   ```yaml\n   - type: dropdown\n      id: repository-owner\n      attributes:\n         label: Repository owner\n         description: Select an owner\n         options:\n         - tinyfists\n         - visibilitysaurus\n   ```\n\n   \u003e **Note**\n   \u003e For multiple organizations, an Enterprise PAT is required.  Otherwise, limit this to the organization where GitHub App is installed.\n\n1. Update the inputs for `andyfeller/issueops-createrepo` action(s) within the workflows based on your authentication setup:\n\n   - Option 1: GitHub App for organization-wide usage\n\n     ```yaml\n           - name: Assign\n             uses: andyfeller/issueops-createrepo/assign@v1\n             with:\n               authentication: app\n               application-id: ${{ secrets.APP_ID }}\n               application-private-key: ${{ secrets.APP_PEM }}\n               team-assign: ${{ env.LGTM_TEAM }}\n     ```\n\n   - Option 2: Enterprise Personal Access Token (PAT) for enterprise-wide usage\n\n     ```yaml\n           - name: Assign\n             uses: andyfeller/issueops-createrepo/assign@v1\n             with:\n               authentication: token\n               github-token: ${{ secrets.ISSUEOPS_TOKEN }}\n               team-assign: ${{ env.LGTM_TEAM }}\n     ```\n\n## Alterations and Workarounds\n\n### Customizing approver and reviewer team names\n\nYou can choose different names by modifying the `LGTM_TEAM` value in respective workflows:\n\n- `.github/workflows/createrepo_assign.yml`:\n\n  ```yaml\n  name: Create Repo - Assign\n  on:\n     issues:\n        types:\n        - opened\n  env:\n     LGTM_TEAM: lgtm-reviewers\n  ```\n\n- `.github/workflows/createrepo_fulfill.yml`:\n\n  ```yaml\n  name: Create Repo - Fulfill\n  on:\n     issue_comment:\n        types:\n        - created\n  env:\n     LGTM_TEAM: lgtm\n  ```\n\n- `.github/workflows/createrepo_validate.yml`:\n\n  ```yaml\n  name: Create Repo - Validate\n  on:\n     issues:\n        types:\n        - opened\n        - edited\n  env:\n     LGTM_TEAM: lgtm\n  ```\n\n### Using issue template if issue forms are unavailable\n\nFor private repositories where [GitHub issue forms](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms) are not available yet, [GitHub issue templates](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/manually-creating-a-single-issue-template-for-your-repository) are an alternative that can be parsed by [zentered/issue-forms-body-parser](https://github.com/zentered/issue-forms-body-parser).\n\n```\n---\nname: Create Repo\ndescription: Request creation of GitHub repository\ntitle: \"[Create Repo]: \"\nlabels: administration, create_repo\n---\n### Repository name\n\n\u003c!-- Required.  Great repository names are short and memorable. --\u003e\n\n### Repository description\n\n\u003c!-- Optional.  Repository description --\u003e\n\n### Repository visibility\n\n\u003c!--\n   Required.  Repository visibility including:\n\n   Public\n      Anyone on the internet can see this repository. You choose who can commit.\n\n   Internal\n      Enterprise members can see this repository. You choose who can commit.\n\n   Private\n      You choose who can see and commit to this repository.\n--\u003e\n\n### Repository access\n\n\u003c!--\n   Required.  Comma-separated list of teams and permissions to grant including:\n\n   Read\n      Can read and clone this repository. Can also open and comment on issues and pull requests.\n\n   Triage\n      Can read and clone this repository. Can also manage issues and pull requests.\n\n   Write\n      Can read, clone, and push to this repository.  Can also manage issues and pull requests.\n\n   Maintain\n      Can read, clone, and push to this repository.  They can also manage issues, pull requests, and some repository settings.\n\n   Admin\n      Can read, clone, and push to this repository.  Can also manage issues, pull requests, and repository settings including adding collaborators.\n\n   Custom\n      Name of custom repository role; permissions vary\n\n   Examples:\n      @org/teamslug,read\n      @org/teamslug,triage\n      @org/teamslug,write\n      @org/teamslug,maintain\n      @org/teamslug,admin\n--\u003e\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandyfeller%2Fissueops-createrepo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandyfeller%2Fissueops-createrepo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandyfeller%2Fissueops-createrepo/lists"}