kjuulh/forge-enforce
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
forge-enforce/README.md
kjuulh 091c09450e feat: add schema rs 
Signed-off-by: kjuulh <contact@kjuulh.io>
2026-02-03 23:32:51 +01:00

48 lines
1.4 KiB
Markdown
Raw Permalink Blame History

# forge-enforce
Enforce repository policies across forge providers (GitHub, etc.). Runs on a schedule, discovers repositories matching allow/deny filters, and applies configured policies.
## Usage
```bash
forge-enforce serve --host 127.0.0.1:3000
```
Requires `FE_CONFIG_DIR` (or `--config-dir`) pointing to a directory of TOML config files, one per forge.
## Configuration
Each file in the config directory defines a forge connection. Example (`github.com.toml`):
```toml
# Schedule: pick one
# schedule.cron = "0 * * * * *"
# schedule.interval = "60" # minutes (default)
schedule.once = true
# Repository filters (regex patterns)
allow = ["^canopy-.*$"]
deny = ["^infrastructure-.*$", "^canopy-data-gateway$"]
# Forge connection
[github]
credentials.token_env = "GITHUB_ACCESS_TOKEN"
organisation = "understory-io"
# Policies to enforce
[policies]
squash_merge_only.enabled = true
```
### Fields
| Field | Description |
|---|---|
| `schedule` | `cron`, `interval` (minutes), or `once` |
| `allow` | Regex list of repository names to include (default: `.*`) |
| `deny` | Regex list of repository names to exclude (default: none) |
| `[github]` | GitHub forge config: `credentials` and `organisation` |
| `credentials` | `token = "..."` or `token_env = "ENV_VAR"` |
| `[policies]` | Policy rules to enforce on matched repositories |
| `squash_merge_only.enabled` | Require squash merges only |
Reference in New Issue View Git Blame Copy Permalink