Github Repository Template
GithubRepositoryTemplate
Defines a reusable template for creating new GitHub repositories.
When a GithubRepository references this template, the new repository is initialized with the contents and settings defined here, ensuring architectural and operational consistency.
| Property | Type | Description |
|---|---|---|
| apiVersion | string | |
| kind | string | |
| metadata | map | |
| spec | Spec |
Spec
Contains the user-defined configuration for the template repository. Instructs the engine on the visibility, initial branching strategies, and baseline permissions to be stamped onto all derived repositories.
| Property | Type | Description |
|---|---|---|
| public | bool | If true, the template repository will be publicly visible; otherwise, it will be private. Sets the visibility attribute of the repository configuration that is created for this template. |
| description | string | This description is optional but will drastically improve the understand of the AI assistant about the structural elements of the organization |
| name | string | The name of the template repository. If omitted, the name from the manifest's metadata block will be used. |
| ignorePrefix | bool | If true, the global repository prefix defined in the 'Organization' manifest will not be prepended to this template's repository name. |
| strategy | string | The branching strategy to pre-configure in the template repository. This determines the branch protection rules that are automatically created for the repository's primary branches. |
| codeOwners | list of CodeOwnersEntry | A map defining the CODEOWNERS for the template repository. This will be inherited by repositories created from this template. Generates the '.github/CODEOWNERS' file in the template repository. |
| pullRequest | PullRequestConfig | Pull Request Configuration |
| license | string | The name of a 'GithubLicense' manifest to use as the license for the template repository. The content of the referenced manifest will be used to create the 'LICENSE' file in the repository. |
| permissions | AccessPermissions | Defines which users and groups have admin, write, or read access to this template repository. These permissions are translated into repository configurations, granting the appropriate permission levels to the specified users and teams. |
A list of 'GithubSecret' manifest names to make available to the template repository's GitHub Actions workflows. Dynamically binds organization-level secrets directly to the template execution scope for CI pipelines. |
CodeOwnerEntry
| Property | Type | Description |
|---|---|---|
| owners | list of string |
CodeOwnersEntry
| Property | Type | Description |
|---|---|---|
| key | string | |
| value | CodeOwnerEntry |
PullRequestConfig
| Property | Type | Description |
|---|---|---|
| template | string | The name of a 'GithubPullRequestTemplate' manifest to use for this template repository. The content of the referenced manifest will be used to create the '.github/pull_request_template.md' file in the repository. |
AccessPermissions
Core definition for assigning administrative and viewer privileges across the platform.
Used by the engine to compute the final IAM policies (google_folder_iam_binding, etc.), aggregating individual user and group definitions to role assignments.
| Property | Type | Description |
|---|---|---|
| administrators | DetailedAccessPermissions | A list of users and groups with administrative privileges on the asset. The exact permissions are resource-dependent but typically grant full control. |
| contributors | DetailedAccessPermissions | A list of users and groups with contributor privileges on the asset. The exact permissions are resource-dependent but typically grant read and write access. |
| viewers | DetailedAccessPermissions | A list of users and groups with viewer privileges on the asset. The exact permissions are resource-dependent but typically grant read-only access. |
DetailedAccessPermissions
Aggregation of specific user and group access definitions.
Refers to lists of OrganizationUser and OrganizationUserGroup manifests that will be parsed to retrieve actual Google Workspace identity emails for IAM binding construction.
| Property | Type | Description |
|---|---|---|
| members | list of string | A list of 'OrganizationUser' manifest names to be included in this permission set. |
| groups | list of string | A list of 'OrganizationUserGroup' manifest names to be included in this permission set. |