API Reference¶

Packages¶

github.interhyp.de/v1alpha1

github.interhyp.de/v1alpha1¶

Package v1alpha1 contains API Schema definitions for the github v1alpha1 API group.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Resource Types¶

AutolinksPreset
AutolinksPresetList
CodeSecurityConfiguration
CodeSecurityConfigurationList
Organization
OrganizationList
Repository
RepositoryList
RulesetPreset
RulesetPresetList
Team
TeamList
WebhookIgnorePreset
WebhookIgnorePresetList
WebhookPreset
WebhookPresetList

About¶

About contains descriptive information about a repository.

Appears in: - RepositorySpec

Field	Description	Validation
`description` string	Description is a short description of the repository displayed on the repository page.	MaxLength: 1000 Type: string
`website` string	Website is the URL of the repository's homepage or documentation. Must be a valid HTTP or HTTPS URL.	MaxLength: 200 Pattern: `^https?://[^\s]+$` Type: string
`topics` Topic array	Topics is a list of topics (tags) that categorize and help discover the repository. Topics appear on the repository page and in GitHub's topic explorer. See: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics

ActionsSettings¶

ActionsSettings configures GitHub Actions permissions and behavior for an organization. See: https://docs.github.com/en/rest/actions/permissions

Appears in: - OrganizationSpec

Field	Description	Default	Validation
`enabledRepositories` string	EnabledRepositories determines which repositories can use GitHub Actions. - "all": Actions enabled for all repositories - "none": Actions disabled for all repositories - "selected": Actions enabled for specific repositories (requires additional configuration)	none	Enum: [all none selected]
`allowedActions` string	AllowedActions configures which actions and workflows are allowed to run. Must be nil if EnabledRepositories is "none". - "all": All actions and reusable workflows are allowed - "local_only": Only actions and workflows defined in the same repository or organization are allowed - "selected": Only specific actions are allowed (requires SelectedAllowedActions)		Enum: [all local_only selected]
`selectedAllowedActions` SelectedAllowedActions	SelectedAllowedActions specifies which actions are allowed when AllowedActions is "selected". This field is required when AllowedActions is "selected" and ignored otherwise.
`shaPinningRequired` boolean	ShaPinningRequired determines whether workflows must reference actions using the commit SHA instead of tags or branches. When true, improves security by preventing tag manipulation attacks.	false
`defaultWorkflowPermissions` string	DefaultWorkflowPermissions sets the default GITHUB_TOKEN permissions for workflows. - "read": Token has read-only access to repository contents - "write": Token has read and write access to repository contents	read	Enum: [read write]
`canApprovePullRequestReviews` boolean	CanApprovePullRequestReviews determines whether the GITHUB_TOKEN can approve pull requests. When false, prevents workflows from approving pull requests automatically.	false
`artifactAndLogRetentionDays` integer	ArtifactAndLogRetentionDays specifies how many days workflow artifacts and logs are retained. Must be between 1 and 400 days. Shorter retention periods reduce storage costs.	400
`runnerGroups` RunnerGroup array	RunnerGroups configures self-hosted runner groups for the organization. Each group can have different visibility and workflow restrictions.

AttachableCodeSecurityConfigurationRef¶

AttachableCodeSecurityConfigurationRef references a CodeSecurityConfiguration CRD and specifies its attachment scope. Code security configurations define security settings like dependency scanning, secret scanning, and code scanning. See: https://docs.github.com/en/rest/code-security/configurations

Appears in: - OrganizationSpec

Field	Description	Default	Validation
`name` string	Name is the name of the referenced CodeSecurityConfiguration CRD.		Required: {} Type: string
`attachmentScope` string	AttachmentScope defines which repositories the code security configuration applies to. - "all": Apply to all repositories in the organization - "all_without_configurations": Apply to repositories without an existing configuration - "public": Apply only to public repositories - "private_or_internal": Apply only to private and internal repositories - "selected": Apply only to repositories that explicitly reference this configuration in their AttachedCodeSecurityConfiguration field If not set, the configuration is created but not attached to any repositories. Note: GitHub's API does not provide a way to retrieve the current attachment scope type. The reconciler ensures functional correctness by comparing the actual list of attached repositories to the desired state, not the scope label itself. This means GitHub's UI may display "selected repositories" even when the scope is set to "all" (if all repositories happen to be selected), which is a cosmetic discrepancy that does not affect the actual security configuration. The reconciler will only re-attach if the actual repository attachments differ from what the scope implies. For scope "all_without_configurations", the attachment is performed unconditionally without comparing repository lists, as there is no reliable way to determine which repositories should be included (repositories without configurations at the time of attachment may have since been configured). The reconciler will re-attach on every reconciliation for this scope.		Enum: [all all_without_configurations public private_or_internal selected] Optional: {}

Autolink¶

Autolink defines an automatic link reference for external resources. When a reference matching KeyPrefix is found in issues, pull requests, or commit messages, GitHub automatically converts it to a clickable link using the URLTemplate. See: https://docs.github.com/en/rest/repos/autolinks

Appears in: - AutolinksPresetSpec

Field	Description	Default	Validation
`keyPrefix` string	KeyPrefix is the text prefix that triggers autolink creation. When text starts with this prefix followed by a reference, it becomes a link. Examples: "JIRA-", "TICKET-", "BUG-"		MaxLength: 20 Pattern: `^[a-zA-Z0-9][a-zA-Z0-9-]\{0,19\}$` Type: string
`urlTemplate` string	URLTemplate is the URL pattern used to generate links. Use as a placeholder for the reference number/ID. Example: "https://jira.example.com/browse/" converts "JIRA-123" to "https://jira.example.com/browse/123"		MaxLength: 200 Type: string
`isAlphanumeric` boolean	IsAlphanumeric determines whether the reference must be alphanumeric. - true: the parameter of the url_template matches alphanumeric characters `A-Z` (case insensitive), `0-9`, and `-` - false: reference only matches numeric characters.	false	Type: boolean

AutolinksPreset¶

AutolinksPreset is the Schema for the autolinkspresets API

Appears in: - AutolinksPresetList

Field	Description	Validation
`apiVersion` string	`github.interhyp.de/v1alpha1`
`kind` string	`AutolinksPreset`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	Optional: {}
`spec` AutolinksPresetSpec	spec defines the desired state of AutolinksPreset	Required: {}
`status` AutolinksPresetStatus	status defines the observed state of AutolinksPreset	Optional: {}

AutolinksPresetList¶

AutolinksPresetList contains a list of AutolinksPreset

Field	Description	Validation
`apiVersion` string	`github.interhyp.de/v1alpha1`
`kind` string	`AutolinksPresetList`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` AutolinksPreset array

AutolinksPresetSpec¶

AutolinksPresetSpec defines the desired state of AutolinksPreset. Autolinks automatically convert references to external resources (like issue trackers) into clickable links. See: https://docs.github.com/en/rest/repos/autolinks

Appears in: - AutolinksPreset

Field	Description	Default	Validation
`autolinks` Autolink array	AutolinkList is a list of autolink configurations to create in repositories. Each autolink defines a prefix that triggers link generation and a URL template.

AutolinksPresetStatus¶

AutolinksPresetStatus defines the observed state of AutolinksPreset.

Appears in: - AutolinksPreset

Field	Description	Default	Validation
`conditions` Condition array	conditions represent the current state of the AutolinksPreset resource. Each condition has a unique type and reflects the status of a specific aspect of the resource. Standard condition types include: - "Available": the resource is fully functional - "Progressing": the resource is being created or updated - "Degraded": the resource failed to reach or maintain its desired state The status of each condition is one of True, False, or Unknown.		Optional: {}

BypassReviewer¶

BypassReviewer represents a team or role that can review secret scanning bypass requests. Either ReviewerId (for direct ID specification) or ReviewerName (for name-based resolution) must be set. See: https://docs.github.com/en/rest/code-security/configurations

Validation: - ExactlyOneOf: [reviewerId reviewerName]

Appears in: - SecretScanningDelegatedBypassOptions

Field	Description	Validation
`reviewerId` integer	ReviewerId is the numeric ID of the reviewer (team ID or role ID). This field is mutually exclusive with ReviewerName.
`reviewerName` string	ReviewerName is the name of the reviewer (team slug or role name) which will be resolved to an ID based on the ReviewerType. This field is mutually exclusive with ReviewerId. For TEAM type, this should be the team slug. For ROLE type, this should be the role name.
`reviewerType` string	ReviewerType specifies the type of reviewer. - "TEAM": A team within the organization (use team slug for ReviewerName) - "ROLE": An organization role (use role name for ReviewerName)	Enum: [TEAM ROLE]

CodeScanningDefaultSetupOptions¶

CodeScanningDefaultSetupOptions configures the default setup options for code scanning. See: https://docs.github.com/en/rest/code-security/configurations

Appears in: - CodeSecurityConfigurationSpec

Field	Description	Default	Validation
`runnerType` string	RunnerType specifies which type of runners to use for code scanning. - "standard": Use GitHub-hosted standard runners - "labeled": Use self-hosted runners with specific labels (requires RunnerLabel) - "not_set": No runner type is configured		Enum: [standard labeled not_set]
`runnerLabel` string	RunnerLabel specifies the label of self-hosted runners to use. This field is required when RunnerType is "labeled" and ignored otherwise.

CodeScanningOptions¶

CodeScanningOptions configures code scanning feature options for a security configuration. See: https://docs.github.com/en/rest/code-security/configurations

Appears in: - CodeSecurityConfigurationSpec

Field	Description	Default	Validation
`allowAdvanced` boolean	AllowAdvanced determines whether users can enable advanced code scanning features. When true, repository administrators can configure advanced code scanning settings beyond the default setup.

CodeSecurityConfiguration¶

CodeSecurityConfiguration is the Schema for the codesecurityconfigurations API

Appears in: - CodeSecurityConfigurationList

Field	Description	Validation
`apiVersion` string	`github.interhyp.de/v1alpha1`
`kind` string	`CodeSecurityConfiguration`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	Optional: {}
`spec` CodeSecurityConfigurationSpec	spec defines the desired state of CodeSecurityConfiguration	Required: {}
`status` CodeSecurityConfigurationStatus	status defines the observed state of CodeSecurityConfiguration	Optional: {}

CodeSecurityConfigurationList¶

CodeSecurityConfigurationList contains a list of CodeSecurityConfiguration

Field	Description	Validation
`apiVersion` string	`github.interhyp.de/v1alpha1`
`kind` string	`CodeSecurityConfigurationList`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` CodeSecurityConfiguration array

CodeSecurityConfigurationRef¶

CodeSecurityConfigurationRef references a CodeSecurityConfiguration CRD.

Appears in: - RepositorySpec

Field	Description	Default	Validation
`name` string	Name is the name of the referenced CodeSecurityConfiguration CRD.		Required: {} Type: string

CodeSecurityConfigurationSpec¶

CodeSecurityConfigurationSpec defines the desired state of CodeSecurityConfiguration. A code security configuration defines a set of security features and settings that can be applied to repositories in an organization. This is a configuration-only CRD with no dedicated controller; it is reconciled by the Organization controller. Please note that activating features may cause additional costs as the code security features are billed additionally. See: https://docs.github.com/en/rest/code-security/configurations

Appears in: - CodeSecurityConfiguration

Field	Description	Validation
`name` string	Name is the display name of the code security configuration.
`description` string	Description provides additional information about the configuration's purpose and settings.
`advancedSecurity` string	AdvancedSecurity enables or disables GitHub Advanced Security features. - "enabled": Enable Advanced Security (required for code scanning, secret scanning, and dependency review) - "disabled": Disable Advanced Security - "code_security": Enable code security features only - "secret_protection": Enable secret protection features only Warning: code_security and secret_protection are deprecated values for this field. Prefer the individual code_security and secret_protection fields to set the status of these features. See: https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security	Enum: [enabled disabled code_security secret_protection]
`dependencyGraph` string	DependencyGraph enables or disables the dependency graph. The dependency graph identifies all dependencies in your repository. - "enabled": Enable dependency graph - "disabled": Disable dependency graph - "not_set": Use default organization or repository setting See: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph	Enum: [enabled disabled not_set]
`dependencyGraphAutosubmitAction` string	DependencyGraphAutosubmitAction enables automatic submission of dependency information. When enabled, dependency information is automatically submitted from Actions workflows.	Enum: [enabled disabled not_set]
`dependencyGraphAutosubmitActionOptions` DependencyGraphAutosubmitActionOptions	DependencyGraphAutosubmitActionOptions configures options for automatic dependency submission.
`dependabotAlerts` string	DependabotAlerts enables or disables Dependabot alerts for vulnerable dependencies. Requires DependencyGraph to be enabled. See: https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts	Enum: [enabled disabled not_set]
`dependabotSecurityUpdates` string	DependabotSecurityUpdates enables or disables Dependabot security updates. When enabled, Dependabot automatically creates pull requests to update vulnerable dependencies. Requires DependabotAlerts to be enabled. See: https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates	Enum: [enabled disabled not_set]
`codeScanningDefaultSetup` string	CodeScanningDefaultSetup enables or disables default code scanning setup. Default setup automatically configures code scanning with recommended settings. See: https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning	Enum: [enabled disabled not_set]
`codeScanningDefaultSetupOptions` CodeScanningDefaultSetupOptions	CodeScanningDefaultSetupOptions configures runner options for default code scanning setup.
`code_scanning_delegated_alert_dismissal` string	CodeScanningDelegatedAlertDismissal enables users to dismiss code scanning alerts. When enabled, users with appropriate permissions can dismiss alerts that don't require action.	Enum: [enabled disabled not_set]
`code_scanning_options` CodeScanningOptions	CodeScanningOptions configures advanced code scanning options.
`codeSecurity` string	CodeSecurity is a meta-setting that enables multiple code security features.	Enum: [enabled disabled not_set]
`secretScanning` string	SecretScanning enables or disables secret scanning. Secret scanning detects secrets (like API keys and tokens) in your code. Requires AdvancedSecurity to be enabled. See: https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning	Enum: [enabled disabled not_set]
`secretScanningPushProtection` string	SecretScanningPushProtection enables or disables push protection for secret scanning. When enabled, pushes containing detected secrets are blocked. Requires SecretScanning to be enabled. See: https://docs.github.com/en/code-security/secret-scanning/push-protection-for-repositories-and-organizations	Enum: [enabled disabled not_set]
`secretScanningValidityChecks` string	SecretScanningValidityChecks enables validation of detected secrets. When enabled, GitHub validates whether detected secrets are still active.	Enum: [enabled disabled not_set]
`secretScanningNonProviderPatterns` string	SecretScanningNonProviderPatterns enables detection of non-provider secret patterns. This expands secret scanning beyond known service provider patterns.	Enum: [enabled disabled not_set]
`secretScanningGenericSecrets` string	SecretScanningGenericSecrets enables detection of generic secrets. This uses AI to detect potential secrets that don't match specific patterns.	Enum: [enabled disabled not_set]
`secretScanningDelegatedAlertDismissal` string	SecretScanningDelegatedAlertDismissal enables users to dismiss secret scanning alerts. When enabled, users with appropriate permissions can dismiss false-positive alerts.	Enum: [enabled disabled not_set]
`secretProtection` string	SecretProtection is a meta-setting that enables multiple secret protection features.	Enum: [enabled disabled not_set]
`privateVulnerabilityReporting` string	PrivateVulnerabilityReporting enables or disables private vulnerability reporting. When enabled, security researchers can privately report vulnerabilities. See: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability	Enum: [enabled disabled not_set]
`enforcement` string	Enforcement determines how strictly this configuration is applied. - "enforced": Configuration settings are strictly enforced and cannot be overridden - "unenforced": Configuration settings are recommended but can be overridden at the repository level	Enum: [enforced unenforced]
`secretScanningDelegatedBypass` string	SecretScanningDelegatedBypass enables delegated bypass for secret scanning push protection. When enabled, contributors can request bypass approval from designated reviewers.	Enum: [enabled disabled not_set]
`secretScanningDelegatedBypassOptions` SecretScanningDelegatedBypassOptions	SecretScanningDelegatedBypassOptions configures reviewers who can approve bypass requests.
`defaultForNewRepos` string	DefaultForNewRepos determines whether this configuration is automatically applied to new repositories. - "all": Apply to all new repositories - "private_and_internal": Apply only to new private and internal repositories - "public": Apply only to new public repositories	Enum: [all private_and_internal public]

CodeSecurityConfigurationStatus¶

CodeSecurityConfigurationStatus defines the observed state of CodeSecurityConfiguration.

Appears in: - CodeSecurityConfiguration

Field	Description	Default	Validation
`conditions` Condition array	conditions represent the current state of the CodeSecurityConfiguration resource. Each condition has a unique type and reflects the status of a specific aspect of the resource. Standard condition types include: - "Available": the resource is fully functional - "Progressing": the resource is being created or updated - "Degraded": the resource failed to reach or maintain its desired state The status of each condition is one of True, False, or Unknown.		Optional: {}

CopilotCodeReviewRule¶

CopilotCodeReviewRule defines the automatic pull request review by GitHub Copilot.

Appears in: - RulesetRules

Field	Description	Default	Validation
`reviewOnPush` boolean	ReviewOnPush configures Copilot to automatically review each new push to the pull request.	true
`reviewDraftPullRequests` boolean	ReviewDraftPullRequests configures Copilot to automatically review draft pull requests before they are marked as ready for review.	true

CustomPropertyValue¶

CustomPropertyValue defines a custom property value for a repository. Custom properties are defined at the organization level and applied to repositories. If both Value and Values are empty, the value for the property is considered nil (removes the property). For custom properties of value type "multi_select", use Values to specify multiple selections. For all other value types ("string", "single_select", "true_false"), use Value. See: https://docs.github.com/en/rest/repos/custom-properties

Validation: - ExactlyOneOf: [value values]

Appears in: - RepositorySpec

Field	Description	Default	Validation
`value` string	Value is the property value for types "string", "single_select", and "true_false". For "true_false", must be "true" or "false". For "single_select", must be one of the allowed values defined in the organization's custom property.
`values` string array	Values is the list of selected values for "multi_select" type properties. Each value must be one of the allowed values defined in the organization's custom property.
`propertyName` string	PropertyName is the name of the custom property as defined in the organization.

DependencyGraphAutosubmitActionOptions¶

DependencyGraphAutosubmitActionOptions configures options for automatic dependency submission actions. See: https://docs.github.com/en/rest/code-security/configurations

Appears in: - CodeSecurityConfigurationSpec

Field	Description	Default	Validation
`labeledRunners` boolean	LabeledRunners indicates whether to use labeled runners for dependency submission actions. If true, actions will run on runners with specific labels instead of GitHub-hosted runners.

DeployKey¶

DeployKey defines an SSH key for read-only or read-write access to a single repository. Deploy keys are commonly used for CI/CD systems and automated deployments. See: https://docs.github.com/en/rest/deploy-keys/deploy-keys

Appears in: - RepositorySpec

Field	Description	Default	Validation
`key` string	Key is the public SSH key in OpenSSH format. Supported key types are RSA and Ed25519. Example: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC..." or "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5..."		Pattern: `^ssh-(rsa\\|ed25519) [A-Za-z0-9+/]+=\{0,3\}( [^\s]+)?$` Type: string
`title` string	Title is a descriptive name for the deploy key shown in the repository settings. Examples: "CI/CD Key", "Read-Only Deploy Key", "Production Server"		Type: string
`readOnly` boolean	ReadOnly determines the access level for this deploy key. - true: Key can only read from the repository (cannot push) - false: Key can read and write to the repository (can push commits)	true	Type: boolean

MergeStrategy¶

MergeStrategy defines an allowed merge strategy for pull requests. See: https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/about-merge-methods-on-github

Appears in: - RepositorySpec

Field	Description	Default	Validation
`type` string	Type specifies the merge strategy type. - "merge": Create a merge commit (preserves all commits from the feature branch) - "rebase": Rebase and merge (rebases commits onto base branch) - "squash": Squash and merge (combines all commits into a single commit)		Enum: [merge rebase squash]

OrgCustomProperty¶

OrgCustomProperty defines a custom property for an organization. Custom properties allow you to add metadata to repositories in your organization. This is a kubebuilder annotated copy of github.CustomProperty without the source_type (as it is fixed to "organization"). For the logic to work the json field names must match the ones in github.CustomProperty. See: https://docs.github.com/en/rest/orgs/custom-properties

Appears in: - OrganizationSpec

Field	Description	Default	Validation
`propertyName` string	PropertyName is the unique name of the custom property. Must start with a letter, number, , $, or # and can only contain letters, numbers, , $, #, and -.		Pattern: `^[a-zA-Z0-9_\$#\-]+$`
`valueType` string	ValueType specifies the type of value this property accepts. - "string": A free-form text value - "single_select": A single value from a predefined list (requires AllowedValues) - "multi_select": Multiple values from a predefined list (requires AllowedValues) - "true_false": A boolean value represented as "true" or "false"		Enum: [string single_select multi_select true_false]
`required` boolean	Required indicates whether this property must be set on all repositories. If true, a DefaultValue must be provided.	false
`defaultValue` OrgCustomPropertyDefaultValue	DefaultValue is the default value for the property. This property must be set if Required is true. It must be empty if Required is false. The allowed format depends on the ValueType. For ValueType "string" or "single_select", it must be a string. For "single_select", it must be one of the AllowedValues. For ValueType "multi_select", it must be a JSON array of strings only containing elements of AllowedValues. For ValueType "true_false", it must be a string that is either "true" or "false".		ExactlyOneOf: [value values]
`description` string	Description provides additional information about the purpose and usage of this custom property.
`allowedValues` string array	AllowedValues is a list of allowed values for the property. This property is required for ValueType "single_select" and "multi_select". For the other ValueTypes, it must be empty.		MaxItems: 200
`valuesEditableBy` string	ValuesEditableBy determines who can edit the property values on repositories. - "org_actors": Only organization members can edit values - "org_and_repo_actors": Both organization and repository members can edit values	org_actors	Enum: [org_actors org_and_repo_actors]

OrgCustomPropertyDefaultValue¶

OrgCustomPropertyDefaultValue defines the default value for an organization custom property. Either Value (for single values) or Values (for multi-select) must be set, but not both.

Validation: - ExactlyOneOf: [value values]

Appears in: - OrgCustomProperty

Field	Description	Default	Validation
`value` string	Value is the default value for properties with ValueType "string", "single_select", or "true_false". For "true_false", it must be either "true" or "false". For "single_select", it must be one of the AllowedValues defined in the property.
`values` string array	Values is the default value for properties with ValueType "multi_select". Each value must be one of the AllowedValues defined in the property.

Organization¶

Organization is the Schema for the organizations API

Appears in: - OrganizationList

Field	Description	Validation
`apiVersion` string	`github.interhyp.de/v1alpha1`
`kind` string	`Organization`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	Optional: {}
`spec` OrganizationSpec	spec defines the desired state of Organization	Required: {}
`status` OrganizationStatus	status defines the observed state of Organization	Optional: {}

OrganizationList¶

OrganizationList contains a list of Organization

Field	Description	Validation
`apiVersion` string	`github.interhyp.de/v1alpha1`
`kind` string	`OrganizationList`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` Organization array

OrganizationRef¶

OrganizationRef is a reference to an Organization CRD.

Appears in: - RepositorySpec - TeamSpec - TeamStatus

Field	Description	Default	Validation
`name` string	Name is the name of the referenced Organization CRD.		Optional: {}

OrganizationSpec¶

OrganizationSpec defines the desired state of Organization. An Organization represents a GitHub organization and its configuration including custom properties, rulesets, code security settings, and Actions permissions. See: https://docs.github.com/en/rest/orgs/orgs

Appears in: - Organization

Field	Description	Default	Validation
`login` string	Login is the GitHub organization login (the unique, immutable identifier on GitHub). This field is optional for backwards compatibility. If not specified, the Name field will be used as both login and display name. It is recommended to explicitly set this field to clearly separate login from display name.		MaxLength: 39 MinLength: 1 Optional: {}
`name` string	Name is the organization's display name shown on the GitHub profile. If Login is not specified, this field will also be used as the organization login for backwards compatibility. At least one of Login or Name must be specified.		MaxLength: 255 MinLength: 1 Optional: {}
`githubAppInstallationId` integer	GitHubAppInstallationId is the numeric ID of the GitHub App installation for this organization. This is used to authenticate API requests to GitHub. You can find this ID in your GitHub App's installation settings or via the GitHub API.		Minimum: 1 Required: {}
`customProperties` OrgCustomProperty array	CustomProperties defines custom metadata properties that can be assigned to repositories in the organization. These properties allow you to categorize and add structured metadata to your repositories. See: https://docs.github.com/en/rest/orgs/custom-properties		MaxItems: 100
`actionsSettings` ActionsSettings	ActionsSettings configures GitHub Actions permissions and behavior for the organization. This includes which repositories can use Actions, which actions are allowed, and runner group configurations. See: https://docs.github.com/en/rest/actions/permissions
`codeSecurityConfigurations` AttachableCodeSecurityConfigurationRef array	CodeSecurityConfigurations lists code security configurations to create and optionally attach to repositories. Each configuration defines security features like dependency scanning, secret scanning, and code scanning. See: https://docs.github.com/en/rest/code-security/configurations
`rulesetPresets` LocalObjectReference array	RulesetPresetList references RulesetPreset CRDs that define repository rulesets for this organization. Rulesets enforce policies like branch protection, required reviews, and status checks. See: https://docs.github.com/en/rest/orgs/rules
`description` string	Description is a human-readable description of the organization. This appears on the organization's GitHub profile page.
`location` string	Location is the organization's location (e.g., "Munich, Germany"). This appears on the organization's GitHub profile page.		MaxLength: 100 Optional: {}
`website` string	Website is the organization's website URL. This appears on the organization's GitHub profile page as a clickable link.		MaxLength: 255 Optional: {}
`plan` string	Plan indicates the GitHub plan tier for this organization (enterprise, team, or free). Determines whether Enterprise-only features (e.g., custom properties, runner groups) are reconciled or skipped.	enterprise	Enum: [enterprise team free] Optional: {}

OrganizationStatus¶

OrganizationStatus defines the observed state of Organization.

Appears in: - Organization

Field	Description	Default	Validation
`conditions` Condition array	conditions represent the current state of the Organization resource. Each condition has a unique type and reflects the status of a specific aspect of the resource. Standard condition types include: - "Available": the resource is fully functional - "Progressing": the resource is being created or updated - "Degraded": the resource failed to reach or maintain its desired state The status of each condition is one of True, False, or Unknown.		Optional: {}
`observedSubResourceGenerations` object (keys:string, values:integer)	ObservedSubResourceGenerations is a map of sub-resource names to their observed generations. Keys are in the format "/<namespace/". SubResources are kubernetes resources that are referenced by this Organization and are not managed by their own controllers like RuleSetPresets and CodeSecurityConfigurations

PatternRule¶

PatternRule defines a pattern-based rule for enforcing naming conventions or content requirements. Patterns are evaluated using the specified operator and can be negated if needed. See: https://docs.github.com/en/rest/repos/rules#metadata-restrictions

Appears in: - RulesetRules

Field	Description	Default	Validation
`pattern` string	Pattern is the pattern to match against. For regex operator, this is a regular expression. For other operators, this is a literal string or substring.		MaxLength: 1024 MinLength: 1 Required: {}
`operator` string	Operator defines how the pattern is evaluated. - "starts_with": String must start with the pattern - "ends_with": String must end with the pattern - "contains": String must contain the pattern - "regex": String must match the pattern as a regular expression		Enum: [starts_with ends_with contains regex] Required: {}
`negate` boolean	Negate inverts the pattern matching logic. When true, the rule passes if the pattern does NOT match. Example: Use with "contains" to prevent certain words in commit messages.	false	Optional: {}

PullRequestRule¶

PullRequestRule defines pull request requirements that must be met before merging. See: https://docs.github.com/en/rest/repos/rules#pull-request

Appears in: - RulesetRules

Field	Description	Default	Validation
`allowedMergeMethods` string array	AllowedMergeMethods specifies which merge methods are allowed for pull requests. - "squash": Squash all commits into a single commit - "merge": Create a merge commit (preserves all commits) - "rebase": Rebase commits onto the base branch		Required: {} items:Enum: [squash merge rebase]
`dismissStaleReviewsOnPush` boolean	DismissStaleReviewsOnPush automatically dismisses approved reviews when new commits are pushed. This ensures reviewers see the latest changes before approval.	false	Optional: {}
`requireCodeOwnerReviews` boolean	RequireCodeOwnerReviews requires approval from code owners before merging. Code owners are defined in a CODEOWNERS file in the repository. See: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners	false	Optional: {}
`requireLastPushApproval` boolean	RequireLastPushApproval requires that the most recent push be approved. This prevents merging if new commits are pushed after the last approval.	false	Optional: {}
`requiredApprovingReviewCount` integer	RequiredApprovingReviewCount specifies the minimum number of approving reviews required. Must be between 1 and 10.		Maximum: 10 Minimum: 1 Optional: {}
`requiredReviewThreadResolution` boolean	RequiredReviewThreadResolution requires all review comment threads to be resolved before merging. This ensures all feedback is addressed.	false	Optional: {}

RefNameCondition¶

RefNameCondition defines which refs a ruleset applies to. At least one pattern must be specified.

Validation: - MinProperties: 1

Appears in: - RulesetConditions

Field	Description	Default	Validation
`include` string array	Include defines ref patterns that the ruleset applies to. Patterns can use wildcards () and must start with refs/heads/ (branches) or refs/tags/ (tags). Use "~DEFAULT_BRANCH" to target the default branch. Use "~ALL" to target all branches. Examples: "refs/heads/main", "refs/heads/feature/", "refs/tags/v*", "~DEFAULT_BRANCH", "~ALL"		MaxItems: 50 MinItems: 1 items:Pattern: `^(~DEFAULT_BRANCH\\|~ALL\\|refs/(heads\\|tags)(/?[a-zA-Z0-9][a-zA-Z0-9_.-]))$` Optional: {}
`exclude` string array	Exclude defines ref patterns to exempt from the ruleset. Refs matching exclude patterns will not be subject to the ruleset rules. Useful for exempting release branches or other special refs.		MaxItems: 50 items:Pattern: `^(~DEFAULT_BRANCH\\|~ALL\\|refs/(heads\\|tags)(/?[a-zA-Z0-9][a-zA-Z0-9_.-]))$` Optional: {}

Repository¶

Repository is the Schema for the repositories API

Appears in: - RepositoryList

Field	Description	Validation
`apiVersion` string	`github.interhyp.de/v1alpha1`
`kind` string	`Repository`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	Optional: {}
`spec` RepositorySpec	spec defines the desired state of Repository	Required: {}
`status` RepositoryStatus	status defines the observed state of Repository	Optional: {}

RepositoryList¶

RepositoryList contains a list of Repository

Field	Description	Validation
`apiVersion` string	`github.interhyp.de/v1alpha1`
`kind` string	`RepositoryList`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` Repository array

RepositoryNameCondition¶

RepositoryNameCondition defines repository name patterns for organization-level ruleset targeting. Only effective for organization-level rulesets; ignored when applied at repository level. Use "~ALL" to target all repositories. See: https://docs.github.com/en/rest/orgs/rules#create-an-organization-repository-ruleset

Appears in: - RulesetConditions

Field	Description	Default	Validation
`include` string array	Include defines repository name patterns that the ruleset applies to. Use "~ALL" to target all repositories. Supports wildcards (). Examples: "~ALL", "my-repo-", "backend-*"		MaxItems: 50 MinItems: 1
`exclude` string array	Exclude defines repository name patterns to exempt from the ruleset.		MaxItems: 50 Optional: {}
`protected` boolean	Protected determines whether renaming a targeted repository is prevented.	false	Optional: {}

RepositoryPropertyCondition¶

RepositoryPropertyCondition defines repository property-based conditions for organization-level ruleset targeting. Only effective for organization-level rulesets; ignored when applied at repository level. Repositories matching the included property conditions (and not matching excluded ones) are targeted. See: https://docs.github.com/en/rest/orgs/rules#create-an-organization-repository-ruleset

Appears in: - RulesetConditions

Field	Description	Default	Validation
`include` RepositoryPropertyTarget array	Include defines repository property conditions that must match for the ruleset to apply. A repository must match all included property conditions. The names of the properties in the slice are validated to be unique.		MaxItems: 50 MinItems: 1
`exclude` RepositoryPropertyTarget array	Exclude defines repository property conditions that exempt repositories from the ruleset. A repository matching any of the conditions is excluded from the rule. The names of the properties in the slice are validated to be unique.		MaxItems: 50 Optional: {}

RepositoryPropertyTarget¶

RepositoryPropertyTarget defines a single repository property condition for ruleset targeting. The repository must have the specified property set to one of the given values.

Appears in: - RepositoryPropertyCondition

Field	Description	Validation
`name` string	Name is the name of the repository custom property to match against. Must match a custom property defined at the organization level. Note: restrict name length to be able to validate within budget	MaxLength: 100 MinLength: 1 Required: {}
`propertyValues` string array	PropertyValues is the list of values to match against the custom property. The repository's property value must be one of these values for the condition to match.	MinItems: 1 Required: {}
`source` string	Source defines where the property is defined. Defaults to "custom" for organization-defined properties.	Optional: {}

RepositorySpec¶

RepositorySpec defines the desired state of Repository. A Repository represents a GitHub repository and its configuration including settings, webhooks, rulesets, custom properties, and more. See: https://docs.github.com/en/rest/repos/repos

Appears in: - Repository

Field	Description	Default	Validation
`name` string	Name is the GitHub repository name. Repository names can contain alphanumeric characters, hyphens, underscores, and periods.		MaxLength: 100 MinLength: 1 Pattern: `^[.a-zA-Z0-9][a-zA-Z0-9_.-]\{0,99\}$` Required: {} Type: string
`customProperties` CustomPropertyValue array	CustomProperties is a list of custom property values to apply to this repository. These properties must be defined in the parent organization's custom properties. If a property is not present in this list, it will be unset (removed) from the repository. See: https://docs.github.com/en/rest/repos/custom-properties		ExactlyOneOf: [value values]
`defaultBranch` string	DefaultBranch is the name of the default branch for the repository. This is the base branch for pull requests and where the repository opens by default.	main	MaxLength: 100 MinLength: 1 Pattern: `^[a-zA-Z0-9][a-zA-Z0-9_.-]\{0,99\}$` Type: string
`visibility` string	Visibility controls who can see the repository. - "public": Anyone can see the repository - "private": Only people with explicit access can see the repository - "internal": Only members of the organization can see the repository (Enterprise only) See: https://docs.github.com/en/rest/repos/repos#create-an-organization-repository	private	Enum: [public private internal] Type: string
`hasIssues` boolean	HasIssues enables or disables the GitHub Issues feature for the repository. When enabled, users can create and track issues.	true	Type: boolean
`hasProjects` boolean	HasProjects enables or disables the GitHub Projects (classic) feature for the repository. Note: This refers to classic projects, not the newer Projects feature.	false	Type: boolean
`hasWiki` boolean	HasWiki enables or disables the GitHub Wiki feature for the repository. When enabled, users can create wiki pages for documentation.	false	Type: boolean
`hasDownloads` boolean	HasDownloads enables or disables the Downloads feature for the repository. This feature is deprecated and has been replaced by Releases.	false	Type: boolean
`isTemplate` boolean	IsTemplate marks the repository as a template repository. Template repositories can be used as a starting point for new repositories. See: https://docs.github.com/en/repositories/creating-and-managing-repositories/creating-a-template-repository	false	Type: boolean
`mergeCommitTitle` string	MergeCommitTitle determines the default title for merge commits. - "PR_TITLE": Use the pull request title - "MERGE_MESSAGE": Use the default merge message format See: https://docs.github.com/en/rest/repos/repos#update-a-repository	MERGE_MESSAGE	Enum: [PR_TITLE MERGE_MESSAGE] Type: string
`mergeCommitMessage` string	MergeCommitMessage determines the default message for merge commits. - "PR_BODY": Use the pull request body - "PR_TITLE": Use the pull request title - "BLANK": Use a blank message See: https://docs.github.com/en/rest/repos/repos#update-a-repository	PR_TITLE	Enum: [PR_BODY PR_TITLE BLANK] Type: string
`allowedMergeStrategies` MergeStrategy array	AllowedMergeStrategies lists the merge strategies allowed for pull requests. See: https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges	[map[type:merge] map[type:rebase]]
`deleteBranchOnMerge` boolean	DeleteBranchOnMerge automatically deletes head branches after pull requests are merged. This helps keep the repository clean by removing merged feature branches. See: https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-the-automatic-deletion-of-branches	true
`about` About	About contains descriptive information about the repository.
`archived` boolean	Archived marks the repository as archived (read-only). Archived repositories cannot receive new issues, pull requests, or commits. See: https://docs.github.com/en/repositories/archiving-a-github-repository/archiving-repositories	false
`actionsEnabled` boolean	ActionsEnabled determines whether this repository can use GitHub Actions. This must be enabled at the organization level for this setting to take effect. See: https://docs.github.com/en/rest/actions/permissions	true
`accessLevelForExternalWorkflows` string	AccessLevelForExternalWorkflows controls access to workflows outside the repository. - "none": Only workflows in this repository can access actions and reusable workflows - "user": Workflows in user-owned private repositories can access them - "organization": Workflows across the organization can access them - "enterprise": Workflows across the enterprise can access them See: https://docs.github.com/en/rest/actions/permissions	none	Enum: [none user organization enterprise]
`availableActionsRunnerGroups` string array	AvailableActionsRunnerGroups lists runner group names that this repository can use. This is only relevant when the organization's runner groups have "selected" visibility. See: https://docs.github.com/en/rest/actions/self-hosted-runner-groups
`organizationRef` OrganizationRef	OrganizationRef references the Organization CRD this repository belongs to.		Required: {}
`rulesetPresets` LocalObjectReference array	RulesetPresetList references RulesetPreset CRDs to apply to this repository. These define branch protection rules, required status checks, and other policies. See: https://docs.github.com/en/rest/repos/rules
`webhookPresets` LocalObjectReference array	WebhookPresetList references WebhookPreset CRDs to create webhooks for this repository. Webhooks send HTTP POST payloads to external services when specific events occur. See: https://docs.github.com/en/rest/webhooks/repos
`webhookIgnorePresets` LocalObjectReference array	WebhookIgnorePresetsList references WebhookIgnorePreset CRDs that define webhooks to ignore. Webhooks matching these patterns will not be created even if they are in WebhookPresetList.
`autolinksPresets` LocalObjectReference array	AutolinksPresetList references AutolinksPreset CRDs to create autolinks for this repository. Autolinks automatically convert references (like "JIRA-123") into clickable links. See: https://docs.github.com/en/rest/repos/autolinks
`deployKeys` DeployKey array	DeployKeyList defines deploy keys to create for this repository. Deploy keys are SSH keys that grant access to a single repository. See: https://docs.github.com/en/rest/deploy-keys/deploy-keys
`attachedCodeSecurityConfiguration` CodeSecurityConfigurationRef	AttachedCodeSecurityConfiguration references a CodeSecurityConfiguration to attach to this repository. This is only used when the organization's configuration has "selected" attachment scope. See: https://docs.github.com/en/rest/code-security/configurations

RepositoryStatus¶

RepositoryStatus defines the observed state of Repository.

Appears in: - Repository

Field	Description	Validation
`webhooks` object (keys:string, values:WebhookStatus)	Webhooks is a list of webhooks configured for this repository the key is the hash of the configuration
`conditions` Condition array	conditions represent the current state of the Repository resource. Each condition has a unique type and reflects the status of a specific aspect of the resource. Standard condition types include: - "Available": the resource is fully functional - "Progressing": the resource is being created or updated - "Degraded": the resource failed to reach or maintain its desired state The status of each condition is one of True, False, or Unknown.	Optional: {}
`id` integer	ID is the repository ID as created by GitHub.
`observedSubResourceGenerations` object (keys:string, values:integer)	ObservedSubResourceGenerations is a map of sub-resource names to their observed generations. Keys are in the format "/<namespace/". SubResources are kubernetes resources that are referenced by this Repository and are not managed by their own controllers like WebhookPresets, RuleSetPresets and the attached CodeSecurityConfiguration

RequiredStatusChecks¶

RequiredStatusChecks defines status check requirements that must pass before merging. Status checks are CI/CD jobs, security scans, or other automated checks. See: https://docs.github.com/en/rest/repos/rules#required-status-checks

Appears in: - RulesetRules

Field	Description	Default	Validation
`checks` StatusCheck array	Checks lists the required status checks that must pass.		AtMostOneOf: [integrationId appSlug] MaxItems: 100 MinItems: 1 Required: {}
`strictPolicy` boolean	StrictPolicy requires branches to be up to date with the base branch before merging. When enabled, branches must include the latest changes from the base branch. This prevents merge conflicts but may require additional merges/rebases.	false	Optional: {}

RuleWorkflow¶

RuleWorkflow defines a single required workflow for the workflows rule. The workflow is referenced by its path in a repository. The repository is identified by name (resolved to a numeric ID at reconciliation time via the GitHub API).

Appears in: - WorkflowsRule

Field	Description	Validation
`path` string	Path is the path to the workflow file relative to the repository root. Example: ".github/workflows/ci.yaml"	MaxLength: 500 MinLength: 1 Required: {}
`repositoryName` string	RepositoryName is the name of the repository containing the workflow. Must be a repository within the same organization. The name will be resolved to a numeric repository ID at reconciliation time via the GitHub API.	MaxLength: 100 MinLength: 1 Required: {}
`ref` string	Ref is the git ref (branch, tag, or SHA) to use for the workflow file. Example: "refs/heads/main"	Optional: {}

RulesetBypassActor¶

RulesetBypassActor defines an actor (user, team, or integration) who can bypass ruleset enforcement. Either ActorID (for direct specification) or ActorSlug (for name-based resolution) must be provided for ActorTypes "Integration" and "Team". ActorID must be provided for ActorType "RepositoryRole". Both must be empty for ActorType "DeployKey". See: https://docs.github.com/en/rest/repos/rules#create-an-organization-repository-ruleset

Validation: - AtMostOneOf: [actorId actorSlug]

Appears in: - RulesetPresetSpec

Field	Description	Validation
`actorId` integer	ActorID is the numeric ID of the bypass actor. This field is mutually exclusive with ActorSlug.
`actorSlug` string	ActorSlug is the slug or name of the actor, which will be resolved to an ID. This field is mutually exclusive with ActorID. Only supported for ActorType "Integration" (GitHub Apps) and "Team" (organization teams). For Integration, use the app slug (e.g., "my-github-app"). For Team, use the team slug (e.g., "platform-engineers").
`actorType` string	ActorType specifies the type of actor that can bypass the ruleset. - "Integration": A GitHub App - "OrganizationAdmin": Organization administrators - "RepositoryRole": Users with a specific repository role - "Team": An organization team - "DeployKey": A deploy key - "EnterpriseOwner": Enterprise owners (GitHub Enterprise only)	Enum: [Integration OrganizationAdmin RepositoryRole Team DeployKey EnterpriseOwner] Required: {}
`bypassMode` string	BypassMode determines when and how the actor can bypass the ruleset. - "always": Actor can always bypass the ruleset - "pull_request": Actor can bypass only when submitting via pull request	Enum: [always pull_request] Optional: {}

RulesetConditions¶

RulesetConditions define which refs are targeted by the Ruleset. For Organization-level rules they additionally define which Repositories are targeted by the Ruleset via the fields RepositoryName and RepositoryProperty. If neither RepositoryName nor RepositoryProperty are set for an Organization-level ruleset, the ruleset will target all repositories.

Validation: - AtMostOneOf: [repositoryName repositoryProperty]

Appears in: - RulesetPresetSpec

Field	Description	Validation
`refName` RefNameCondition	RefName defines which git refs (branches or tags) a ruleset applies to.	MinProperties: 1 Optional: {}
`repositoryName` RepositoryNameCondition	RepositoryName targets repositories for Organization-level rulesets by their name. The field is ignored for Repository-level rulesets.	Optional: {}
`repositoryProperty` RepositoryPropertyCondition	RepositoryProperty targets repositories for Organization-level rulesets by matching against custom properties. The field is ignored for Repository-level rulesets.	Optional: {}

RulesetEnforcement¶

Underlying type: string

RulesetEnforcement defines the enforcement level

Appears in: - RulesetPresetSpec

Field	Description
`disabled`	RulesetEnforcementDisabled means the ruleset is disabled
`active`	RulesetEnforcementActive means the ruleset is actively enforced
`evaluate`	RulesetEnforcementEvaluate means the ruleset is evaluated but not enforced

RulesetPreset¶

RulesetPreset is the Schema for the rulesetpresets API

Appears in: - RulesetPresetList

Field	Description	Validation
`apiVersion` string	`github.interhyp.de/v1alpha1`
`kind` string	`RulesetPreset`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	Optional: {}
`spec` RulesetPresetSpec	spec defines the desired state of RulesetPreset	Required: {}
`status` RulesetPresetStatus	status defines the observed state of RulesetPreset	Optional: {}

RulesetPresetList¶

RulesetPresetList contains a list of RulesetPreset

Field	Description	Validation
`apiVersion` string	`github.interhyp.de/v1alpha1`
`kind` string	`RulesetPresetList`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` RulesetPreset array

RulesetPresetSpec¶

RulesetPresetSpec defines the desired state of RulesetPreset. A ruleset preset defines reusable repository rules that can be applied to multiple repositories or organizations. Rulesets enforce policies like branch protection, required reviews, and more. See: https://docs.github.com/en/rest/repos/rules

Appears in: - RulesetPreset

Field	Description	Default	Validation
`name` string	Name is the display name of the ruleset shown in the GitHub UI.		MaxLength: 255 MinLength: 1 Pattern: `^[a-zA-Z0-9][a-zA-Z0-9\s\[\]/'_.,~-][a-zA-Z0-9\[\]]$` Required: {}
`target` string	Target defines which ref types this ruleset applies to. The Target 'repository' is only supported by Organization-level RulesetPresets. Repository-level RulesetPresets with Target 'repository' are filtered out (i.e. are not checked nor applied).	branch	Enum: [branch tag push repository] Optional: {}
`conditions` RulesetConditions	Conditions defines which refs are included or excluded in the list of targets for this Ruleset. They also define which Repositories are targeted by Organization-level Rulesets.		AtMostOneOf: [repositoryName repositoryProperty] Optional: {}
`enforcement` RulesetEnforcement	Enforcement determines whether the ruleset is enforced. - "disabled": Ruleset is not enforced - "active": Ruleset is actively enforced; violations block operations - "evaluate": Ruleset is evaluated but violations only generate warnings		Enum: [disabled active evaluate] Required: {}
`bypassActors` RulesetBypassActor array	BypassActors defines actors (users, teams, apps) who can bypass this ruleset. Bypass actors can perform operations that would otherwise be blocked by the ruleset. See: https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets#about-bypass-mode-for-rulesets		AtMostOneOf: [actorId actorSlug] MaxItems: 100 Optional: {}
`rules` RulesetRules	Rules defines the specific rules to enforce in this ruleset.		Required: {}

RulesetPresetStatus¶

RulesetPresetStatus defines the observed state of RulesetPreset.

Appears in: - RulesetPreset

Field	Description	Default	Validation
`conditions` Condition array	conditions represent the current state of the RulesetPreset resource. Each condition has a unique type and reflects the status of a specific aspect of the resource. Standard condition types include: - "Available": the resource is fully functional - "Progressing": the resource is being created or updated - "Degraded": the resource failed to reach or maintain its desired state The status of each condition is one of True, False, or Unknown.		Optional: {}

RulesetRules¶

RulesetRules defines the specific rules to enforce in a ruleset. Each rule is optional and can be combined to create comprehensive protection policies. See: https://docs.github.com/en/rest/repos/rules#available-rules

Appears in: - RulesetPresetSpec

Field	Description	Default	Validation
`creation` boolean	Creation prevents the creation of matching refs. When enabled, users cannot create branches or tags matching the ruleset target.	false	Optional: {}
`update` boolean	Update prevents updates to matching refs. When enabled, users cannot push commits to matching branches.	false	Optional: {}
`deletion` boolean	Deletion prevents deletion of matching refs. When enabled, users cannot delete matching branches or tags.	false	Optional: {}
`requiredLinearHistory` boolean	RequiredLinearHistory requires branches to have a linear commit history. When enabled, merge commits are not allowed; only rebasing and fast-forward merges are permitted.	false	Optional: {}
`requiredSignatures` boolean	RequiredSignatures requires commits to be signed with a verified signature. When enabled, only commits signed with GPG, SSH, or S/MIME are allowed. See: https://docs.github.com/en/authentication/managing-commit-signature-verification	false	Optional: {}
`pullRequest` PullRequestRule	PullRequest defines pull request requirements for merging. See: https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging		Optional: {}
`requiredStatusChecks` RequiredStatusChecks	RequiredStatusChecks defines status checks that must pass before merging. See: https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging		Optional: {}
`nonFastForward` boolean	NonFastForward prevents non-fast-forward updates. When enabled, only fast-forward pushes are allowed, preventing force pushes.	false	Optional: {}
`commitMessagePattern` PatternRule	CommitMessagePattern enforces a pattern for commit messages. Use this to enforce commit message conventions like Conventional Commits.		Optional: {}
`commitAuthorEmailPattern` PatternRule	CommitAuthorEmailPattern enforces a pattern for commit author email addresses. Use this to ensure commits come from verified email domains.		Optional: {}
`committerEmailPattern` PatternRule	CommitterEmailPattern enforces a pattern for committer email addresses.		Optional: {}
`branchNamePattern` PatternRule	BranchNamePattern enforces a pattern for branch names. Use this to enforce branch naming conventions like "feature/" or "hotfix/".		Optional: {}
`tagNamePattern` PatternRule	TagNamePattern enforces a pattern for tag names. Use this to enforce semantic versioning or other tag naming conventions.		Optional: {}
`copilotReview` CopilotCodeReviewRule	CopilotReview automatically requests a GitHub Copilot pull request review if the author has access to Copilot code review and their premium requests quota has not reached the limit.		Optional: {}
`workflows` WorkflowsRule	Workflows defines required workflow rules that must pass before merging. This rule type is only effective for organization-level rulesets and is ignored when the preset is applied at the repository level. See: https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets#require-workflows-to-pass-before-merging		Optional: {}

RunnerGroup¶

RunnerGroup configures a self-hosted runner group for GitHub Actions in an organization. Runner groups allow you to control which repositories can use specific sets of self-hosted runners. See: https://docs.github.com/en/rest/actions/self-hosted-runner-groups

Appears in: - ActionsSettings

Field	Description	Default	Validation
`name` string	Name is the unique name of the runner group within the organization.		Required: {}
`visibility` string	Visibility determines which repositories can access runners in this group. - "all": All repositories in the organization can use these runners - "private": Only private repositories can use these runners - "selected": Only specific repositories can use these runners (selected via AvailableActionsRunnerGroups in RepositorySpec)	all	Enum: [all private selected]
`restrictedToWorkflows` boolean	RestrictedToWorkflows determines whether this runner group can only run specific workflows. If true, only workflows listed in SelectedWorkflows can use runners in this group. This provides additional security by limiting which workflows can execute on sensitive runners.	false
`selectedWorkflows` string array	SelectedWorkflows lists the workflows that can use runners in this group. This field is only used when RestrictedToWorkflows is true. Each entry must be a full workflow path with a reference (branch, tag, or SHA). Example: "octo-org/octo-repo/.github/workflows/deploy.yaml@refs/heads/main"

SecretScanningDelegatedBypassOptions¶

SecretScanningDelegatedBypassOptions configures reviewers who can approve secret scanning bypass requests. When delegated bypass is enabled, contributors can request to bypass secret scanning push protection, and the specified reviewers can approve or deny these requests. See: https://docs.github.com/en/rest/code-security/configurations

Appears in: - CodeSecurityConfigurationSpec

Field	Description	Default	Validation
`reviewers` BypassReviewer array	Reviewers is a list of teams or organization roles that can review bypass requests.		ExactlyOneOf: [reviewerId reviewerName]

SelectedAllowedActions¶

SelectedAllowedActions defines which specific actions are allowed when AllowedActions is set to "selected". At least one setting must be configured to allow some actions. See: https://docs.github.com/en/rest/actions/permissions

Appears in: - ActionsSettings

Field	Description	Default
`githubOwnedAllowed` boolean	GitHubOwnedAllowed determines whether actions created by GitHub are allowed to run. This includes actions in the "actions" and "github" organizations.	false
`verifiedAllowed` boolean	VerifiedAllowed determines whether actions from verified creators are allowed to run. Verified creators are trusted partners and organizations with verified domains.	false
`patternsAllowed` string array	PatternsAllowed is a list of glob patterns specifying allowed actions. Each pattern can match action repositories using wildcards, e.g., "my-org/" or "/action-name@*".	[]

StatusCheck¶

StatusCheck defines a required status check that must pass before merging. A status check can be provided by a GitHub App or CI/CD integration. See: https://docs.github.com/en/rest/repos/rules#required-status-checks

Validation: - AtMostOneOf: [integrationId appSlug]

Appears in: - RequiredStatusChecks

Field	Description	Validation
`context` string	Context is the name of the status check as reported by the CI/CD system or app. Examples: "ci/circleci: build", "Security Scan", "Unit Tests"	MaxLength: 255 MinLength: 1 Required: {}
`integrationId` integer	IntegrationID is the numeric ID of the GitHub App integration providing the status check. This field is mutually exclusive with AppSlug.	Minimum: 1 Optional: {}
`appSlug` string	AppSlug is the slug of the GitHub App integration providing the status check. This field is mutually exclusive with IntegrationID. The slug will be resolved to the corresponding integration ID. Only supported for GitHub App integrations. Example: "my-ci-app"	Optional: {}

Team¶

Appears in: - TeamList

Field	Description	Validation
`apiVersion` string	`github.interhyp.de/v1alpha1`
`kind` string	`Team`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	Optional: {}
`spec` TeamSpec	spec defines the desired state of Team	ExactlyOneOf: [idpGroup members] Required: {}
`status` TeamStatus	status defines the observed state of Team	Optional: {}

TeamList¶

TeamList contains a list of Teams

Field	Description	Validation
`apiVersion` string	`github.interhyp.de/v1alpha1`
`kind` string	`TeamList`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` Team array

TeamSpec¶

TeamSpec defines the desired state of Team within one or more Organizations. Teams group organization members and can be assigned permissions to repositories. A Team can exist in multiple organizations simultaneously. See: https://docs.github.com/en/rest/teams/teams

Validation: - ExactlyOneOf: [idpGroup members]

Appears in: - Team

Field	Description	Default	Validation
`name` string	Name is the display name of the team in GitHub. GitHub automatically generates a "slug" from this name for use in URLs and APIs.		MaxLength: 100 MinLength: 1 Pattern: `^[a-zA-Z0-9][a-zA-Z0-9_.-]\{0,99\}$` Required: {} Type: string
`members` string array	Members is a list of GitHub usernames to add to the team. This field is mutually exclusive with IDPGroup. When set, team membership is managed manually through this list. Members not in this list will be removed from the team.		MaxItems: 100
`idpGroup` string	IDPGroup is the name of the Identity Provider group to synchronize with this team. This field is mutually exclusive with Members. When set, team membership is automatically synchronized from the IDP group. See: https://docs.github.com/en/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group		MaxLength: 100 Pattern: `^[a-zA-Z0-9][a-zA-Z0-9_.-]\{0,99\}$` Type: string
`description` string	Description provides additional information about the team's purpose. This appears on the team's page in GitHub.		MaxLength: 1000 Optional: {} Type: string
`privacy` string	Privacy controls the visibility of the team within the organization. - "closed": The team is visible to all members of the organization, but only team members can see team discussions and manage team membership. - "secret": The team is only visible to organization owners and team members. See: https://docs.github.com/en/rest/teams/teams#create-a-team	closed	Enum: [closed secret] Optional: {}
`permission` string	Permission specifies the default permission granted to team members for organization repositories. - "pull": Team members can pull (read) from organization repositories. - "push": Team members can pull and push (read and write) to organization repositories. Note: This is a legacy field. Use organization roles for more fine-grained permissions. See: https://docs.github.com/en/rest/teams/teams#create-a-team	pull	Enum: [pull push] Optional: {}
`notificationSetting` string	NotificationSetting controls whether team members receive notifications for the team. - "notifications_disabled": No one receives notifications. - "notifications_enabled": Everyone receives notifications when the team is @mentioned. See: https://docs.github.com/en/rest/teams/teams#create-a-team	notifications_disabled	Enum: [notifications_disabled notifications_enabled] Optional: {}
`organizationRoles` string array	OrganizationRoles is a list of organization role names to assign to this team. Organization roles define the permissions the team has within the organization. If not specified, defaults to empty list. Set to an empty list to remove all role assignments. See: https://docs.github.com/en/rest/orgs/organization-roles		Optional: {}
`organizationRefs` OrganizationRef array	OrganizationRefs is a list of Organization CRDs that this team belongs to. The team will be created or updated in all referenced organizations. Removing an organization from this list will delete the team from that organization while preserving it in other organizations.		MinItems: 1 Required: {}

TeamStatus¶

TeamStatus defines the observed state of Team.

Appears in: - Team

Field	Description	Validation
`conditions` Condition array	conditions represent the current state of the Team resource. Each condition has a unique type and reflects the status of a specific aspect of the resource. Standard condition types include: - "Available": the resource is fully functional - "Progressing": the resource is being created or updated - "Degraded": the resource failed to reach or maintain its desired state The status of each condition is one of True, False, or Unknown.	Optional: {}
`previousOrganizationRefs` OrganizationRef array	PreviousOrganizationRefs tracks the organization references from the last successful reconciliation. This allows the reconciler to detect when organizations are removed from the spec and clean up teams from those organizations while preserving them in remaining organizations.	Optional: {}
`slug` string	Slug is the URL-friendly version of the team name as assigned by GitHub. This slug is used in URLs and API calls. GitHub generates it automatically from the Name field. Example: A team named "Platform Engineers" might have the slug "platform-engineers".

Topic¶

Topic represents a repository topic (tag) for categorization. See: https://docs.github.com/en/rest/repos/repos#replace-all-repository-topics

Appears in: - About

Field	Description	Default	Validation
`name` string	Name is the topic name. Topics must be lowercase and can contain letters, numbers, and hyphens. They must start with a letter or number.		MaxLength: 50 Pattern: `^[a-z0-9][a-z0-9-]\{0,49\}$` Type: string

WebhookIgnorePreset¶

WebhookIgnorePreset is the Schema for the webhookignorepresets API

Appears in: - WebhookIgnorePresetList

Field	Description	Validation
`apiVersion` string	`github.interhyp.de/v1alpha1`
`kind` string	`WebhookIgnorePreset`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	Optional: {}
`spec` WebhookIgnorePresetSpec	spec defines the desired state of WebhookIgnorePreset	Required: {}
`status` WebhookIgnorePresetStatus	status defines the observed state of WebhookIgnorePreset	Optional: {}

WebhookIgnorePresetList¶

WebhookIgnorePresetList contains a list of WebhookIgnorePreset

Field	Description	Validation
`apiVersion` string	`github.interhyp.de/v1alpha1`
`kind` string	`WebhookIgnorePresetList`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` WebhookIgnorePreset array

WebhookIgnorePresetSpec¶

WebhookIgnorePresetSpec defines the desired state of WebhookIgnorePreset. WebhookIgnorePresets allow you to exclude certain webhooks from being created, even if they are referenced in a repository's WebhookPresetList. This is useful for globally excluding webhooks based on URL patterns.

Appears in: - WebhookIgnorePreset

Field	Description	Default	Validation
`ignoreURLRegex` string	IgnoreURLRegex is a regular expression pattern to match against webhook payload URLs. Webhooks with URLs matching this pattern will not be created, even if they are referenced in a repository's WebhookPresetList. Example: "^https://deprecated\.example\.com/.*" to ignore all webhooks to deprecated.example.com		Optional: {}

WebhookIgnorePresetStatus¶

WebhookIgnorePresetStatus defines the observed state of WebhookIgnorePreset.

Appears in: - WebhookIgnorePreset

Field	Description	Default	Validation
`conditions` Condition array	conditions represent the current state of the WebhookIgnorePreset resource. Each condition has a unique type and reflects the status of a specific aspect of the resource. Standard condition types include: - "Available": the resource is fully functional - "Progressing": the resource is being created or updated - "Degraded": the resource failed to reach or maintain its desired state The status of each condition is one of True, False, or Unknown.		Optional: {}

WebhookPreset¶

WebhookPreset is the Schema for the webhookpresets API

Appears in: - WebhookPresetList

Field	Description	Validation
`apiVersion` string	`github.interhyp.de/v1alpha1`
`kind` string	`WebhookPreset`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.	Optional: {}
`spec` WebhookPresetSpec	spec defines the desired state of WebhookPreset	Required: {}
`status` WebhookPresetStatus	status defines the observed state of WebhookPreset	Optional: {}

WebhookPresetList¶

WebhookPresetList contains a list of WebhookPreset

Field	Description	Validation
`apiVersion` string	`github.interhyp.de/v1alpha1`
`kind` string	`WebhookPresetList`
`kind` string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	Optional: {}
`apiVersion` string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources	Optional: {}
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` WebhookPreset array

WebhookPresetSecretSpec¶

WebhookPresetSecretSpec references a Kubernetes Secret containing the webhook secret.

Appears in: - WebhookPresetSpec

Field	Description	Validation
`name` string	Name is the name of the Kubernetes Secret containing the webhook secret.	MaxLength: 250 MinLength: 1 Pattern: `^[a-zA-Z0-9.-]+$` Required: {} Type: string
`key` string	Key is the key within the Secret that contains the webhook secret value.	MaxLength: 250 MinLength: 1 Pattern: `^[a-zA-Z0-9.-]+$` Required: {} Type: string
`namespace` string	Namespace is the namespace of the Secret. If not specified, the namespace of the WebhookPreset is used.	Optional: {} Type: string

WebhookPresetSpec¶

WebhookPresetSpec defines the desired state of WebhookPreset. Webhooks allow external services to be notified when certain events occur in a repository. See: https://docs.github.com/en/rest/webhooks/repos

Appears in: - WebhookPreset

Field	Description	Default	Validation
`payloadUrl` string	PayloadURL is the URL that will receive the webhook POST requests. Must be a publicly accessible HTTP or HTTPS endpoint. GitHub will send HTTP POST requests to this URL when subscribed events occur.		MaxLength: 2048 MinLength: 1 Pattern: `^https?://[a-zA-Z0-9.-]+(:[0-9]+)?(/.*)?$` Required: {} Type: string
`secret` WebhookPresetSecretSpec	Secret is a reference to a Kubernetes Secret containing the webhook secret. The webhook secret is used by GitHub to sign webhook payloads. Your service can verify this signature to ensure the request came from GitHub. This field takes precedence over SecretValue if both are provided. See: https://docs.github.com/en/webhooks/using-webhooks/validating-webhook-deliveries
`secretValue` string	SecretValue is the plaintext value of the webhook secret. Use this for simple cases, but Secret (referencing a Kubernetes Secret) is more secure. If both Secret and SecretValue are provided, Secret takes precedence.		Type: string
`contentType` string	ContentType specifies the format of the webhook payload. - "json": Send payload as application/json (recommended) - "form": Send payload as application/x-www-form-urlencoded See: https://docs.github.com/en/webhooks/webhook-events-and-payloads		Enum: [json form] Type: string
`active` boolean	Active determines whether the webhook is active and will send events. Set to false to temporarily disable the webhook without deleting it.	true
`events` string array	Events is a list of GitHub event types that trigger this webhook. If empty, the webhook subscribes to all events ("*"). Common events include "push", "pull_request", "issues", "release". See: https://docs.github.com/en/webhooks/webhook-events-and-payloads		MaxItems: 100 MinItems: 0 Type: array items:Enum: [branch_protection_rule check_run check_suite code_scanning_alert commit_comment create delete dependabot_alert deploy_key deployment deployment_status discussion discussion_comment fork github_app_authorization gollum installation installation_repositories issue_comment issues label marketplace_purchase member membership merge_group meta milestone organization org_block package page_build ping project project_card project_column public pull_request pull_request_review pull_request_review_comment pull_request_review_thread push registry_package release repository repository_dispatch repository_import repository_vulnerability_alert secret_scanning_alert security_advisory sponsorship star status team team_add watch workflow_dispatch workflow_job workflow_run]
`sslVerify` boolean	SSLVerify enables SSL certificate verification for the webhook endpoint. When true, GitHub verifies the SSL certificate of the PayloadURL. Disable only for testing with self-signed certificates; always enable in production.	true

WebhookPresetStatus¶

WebhookPresetStatus defines the observed state of WebhookPreset.

Appears in: - WebhookPreset

Field	Description	Default	Validation
`conditions` Condition array	conditions represent the current state of the WebhookPreset resource. Each condition has a unique type and reflects the status of a specific aspect of the resource. Standard condition types include: - "Available": the resource is fully functional - "Progressing": the resource is being created or updated - "Degraded": the resource failed to reach or maintain its desired state The status of each condition is one of True, False, or Unknown.		Optional: {}

WebhookStatus¶

WebhookStatus defines the status of a webhook configured for a repository

Appears in: - RepositoryStatus

Field	Description	Default	Validation
`secretHash` string	Secret is a hash of the secret used for the webhook

WorkflowsRule¶

WorkflowsRule defines required workflow rules that must pass before merging. Workflows are GitHub Actions workflows that are required to run and pass. This rule type is only effective for organization-level rulesets and is ignored when the preset is applied at the repository level. See: https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets#require-workflows-to-pass-before-merging

Appears in: - RulesetRules

Field	Description	Default	Validation
`doNotEnforceOnCreate` boolean	DoNotEnforceOnCreate disables enforcement of this rule for newly created refs. When true, the workflow requirement is not enforced on the first push creating the ref.	false	Optional: {}
`workflows` RuleWorkflow array	Workflows lists the required workflows that must pass.		MaxItems: 100 MinItems: 1 Required: {}