GithubRepository
Defines the high-level intent for a managed GitHub repository.
Beyond simple repository management, this manifest is also responsible for generating CI/CD workflows, applying branch protection rules, and configuring code ownership and licenses.
| Property | Type | Description |
|---|
| apiVersion | string | |
| kind | string | |
| metadata | map | |
| spec | Spec | |
BranchConfigEntry
WorkflowsEntry
| Property | Type | Description |
|---|
| key | string | |
| value | string | |
Spec
Contains the user-defined configuration for the GitHub repository.
Instructs the engine on repository visibility, structure (templates), branching strategies, and feature toggles. Translates into core configurations.
| Property | Type | Description |
|---|
| public | bool | If true, the repository will be publicly visible. If false (the default), it will be private. This sets the visibility attribute of the repository configuration. |
| name | string | The name of the repository. If omitted, the name from the manifest's metadata block will be used instead. This value is used for the name attribute of the repository configuration. |
| ignorePrefix | bool | If true, the global repository prefix defined in the 'Organization' manifest will not be prepended to this repository's name. |
| description | string | This description is optional but will drastically improve the understand of the AI assistant about the structural elements of the organization |
| template | string | The name of a 'GithubRepositoryTemplate' manifest to use as a template for this repository. If specified, the new repository is created with the contents and structure of the referenced template repository. |
| strategy | string | The branching strategy for the repository (e.g., GIT_FLOW, GITHUB_FLOW, TRUNK_BASED). This determines the default branch protections and required status checks. This setting is used to calculate and apply the appropriate branch protection rules for the repository's main branches. |
| codeOwners | list of CodeOwnerEntry | A map defining the code owners for different paths in the repository. The key is the path pattern, and the value is a list of GitHub team names or user emails. This map is used to generate the '.github/CODEOWNERS' file in the repository. |
| pullRequest | PullRequestConfig | Configures pull request settings for this repository. The content from the specified template manifest is used to create a '.github/pull_request_template.md' file in the repository. |
| license | string | The name of a 'GithubLicense' manifest to use as the license for this repository. The content from the specified license manifest is used to create a 'LICENSE' file in the repository. |
| permissions | AccessPermissions | Defines the users and teams who have 'admin', 'push' (contributor), or 'pull' (viewer) access to this repository. These permissions are translated into repository configurations to grant the specified access levels. |
| configuration | Configuration | Toggles the availability of standard GitHub features for this repository. These boolean flags map directly to the wiki, projects, issues, and downloads attributes of the repository configuration. |
| secrets | list of string | A list of names of 'GithubSecret' manifests. The secrets defined in those manifests will be made available to GitHub Actions in this repository. For each secret name in the list, the organization-level secret is associated with this specific repository. |
| aiAssistant | AiAssistant | Enable AI assistant for this repository. AI Assistant enables use of Gemini to help you document pull requests or source code. |
AiAssistant
AiAssistantPullRequest
| Property | Type | Description |
|---|
| enabled | bool | |
CodeOwnerEntry
| Property | Type | Description |
|---|
| path | string | |
| owners | list of string | |
Configuration
| Property | Type | Description |
|---|
| wiki | bool | |
| projects | bool | |
| issues | bool | |
| downloads | bool | |
PullRequestConfig
| Property | Type | Description |
|---|
| template | string | The name of a 'GithubPullRequestTemplate' manifest to use for pull requests in this repository. |
ComputedGithubBranchConfig
Represents computed branch protection rules for a GitHub repository.
Dictates the configuration applied to the github_branch_protection resource, enforcing review counts, status checks, and bypass roles.
| Property | Type | Description |
|---|
| id | string | The unique identifier for this set of rules (e.g., 'primary-branches', 'feature-branches'). |
| targetPatterns | list of string | A list of glob patterns for branches that these rules apply to (e.g., ['main', 'develop'] or ['feat/', 'bugfix/']). |
| requiredReviewers | int64 | The number of required approving reviews for a pull request before it can be merged. |
| canCreate | bool | Indicates whether branches matching these patterns can be created by users. |
| bypassRoles | list of string | A list of GitHub roles (e.g., 'Maintainer', 'Admin') who are allowed to bypass these rules. |
| statusChecks | list of string | A list of required status check contexts that must pass before merging. |
| releaseType | string | The type of release associated with this branch (e.g., 'major', 'minor', 'patch'), which can influence versioning automation. |
| allowedSourceBranchPatterns | list of string | A list of glob patterns for branches that are allowed to be merged into this branch (used by CI to enforce flow). |
| requiredBranchPattern | string | Optional regex pattern that branches matching the target_patterns must adhere to. |
AccessPermissions
Core definition for assigning administrative and viewer privileges across the platform.
Used by the engine to compute the final IAM policies (google_folder_iam_binding, etc.), aggregating individual user and group definitions to role assignments.
| Property | Type | Description |
|---|
| administrators | DetailedAccessPermissions | A list of users and groups with administrative privileges on the asset. The exact permissions are resource-dependent but typically grant full control. |
| contributors | DetailedAccessPermissions | A list of users and groups with contributor privileges on the asset. The exact permissions are resource-dependent but typically grant read and write access. |
| viewers | DetailedAccessPermissions | A list of users and groups with viewer privileges on the asset. The exact permissions are resource-dependent but typically grant read-only access. |
DetailedAccessPermissions
Aggregation of specific user and group access definitions.
Refers to lists of OrganizationUser and OrganizationUserGroup manifests that will be parsed to retrieve actual Google Workspace identity emails for IAM binding construction.
| Property | Type | Description |
|---|
| members | list of string | A list of 'OrganizationUser' manifest names to be included in this permission set. |
| groups | list of string | A list of 'OrganizationUserGroup' manifest names to be included in this permission set. |