@codyswann/lisa 2.195.8 → 2.196.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/all/github-rulesets/base.json +64 -0
- package/all/github-rulesets/prevent-delete.json +25 -0
- package/all/github-rulesets/protect-tags.json +31 -0
- package/expo/github-rulesets/playwright.json +38 -0
- package/package.json +2 -2
- package/plugins/lisa/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa/.codex-plugin/skills/lisa-setup-github-repo/SKILL.md +66 -0
- package/plugins/lisa/.codex-plugin/skills/lisa-setup-github-repo/agents/openai.yaml +4 -0
- package/plugins/lisa/commands/lisa/setup/github-repo.md +7 -0
- package/plugins/lisa/skills/lisa-setup-github-repo/SKILL.md +66 -0
- package/plugins/lisa/skills/lisa-setup-github-repo/agents/openai.yaml +4 -0
- package/plugins/lisa-agy/commands/lisa/setup/github-repo.md +7 -0
- package/plugins/lisa-agy/plugin.json +1 -1
- package/plugins/lisa-agy/skills/lisa-setup-github-repo/SKILL.md +66 -0
- package/plugins/lisa-cdk/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-cdk/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-cdk-agy/plugin.json +1 -1
- package/plugins/lisa-cdk-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-cdk-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-copilot/commands/lisa/setup/github-repo.md +7 -0
- package/plugins/lisa-copilot/skills/lisa-setup-github-repo/SKILL.md +66 -0
- package/plugins/lisa-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-cursor/commands/lisa/setup/github-repo.md +7 -0
- package/plugins/lisa-cursor/skills/lisa-setup-github-repo/SKILL.md +66 -0
- package/plugins/lisa-expo/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-expo/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-expo-agy/plugin.json +1 -1
- package/plugins/lisa-expo-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-expo-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-harper-fabric/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-harper-fabric/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-harper-fabric-agy/plugin.json +1 -1
- package/plugins/lisa-harper-fabric-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-harper-fabric-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-nestjs/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-nestjs/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-nestjs-agy/plugin.json +1 -1
- package/plugins/lisa-nestjs-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-nestjs-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-openclaw/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-openclaw/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-openclaw-agy/plugin.json +1 -1
- package/plugins/lisa-openclaw-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-openclaw-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-phaser/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-phaser/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-phaser-agy/plugin.json +1 -1
- package/plugins/lisa-phaser-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-phaser-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-rails/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-rails/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-rails-agy/plugin.json +1 -1
- package/plugins/lisa-rails-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-rails-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-typescript/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-typescript/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-typescript-agy/plugin.json +1 -1
- package/plugins/lisa-typescript-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-typescript-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-wiki/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-wiki/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-wiki-agy/plugin.json +1 -1
- package/plugins/lisa-wiki-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-wiki-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/src/base/commands/lisa/setup/github-repo.md +7 -0
- package/plugins/src/base/skills/lisa-setup-github-repo/SKILL.md +66 -0
- package/rails/github-rulesets/quality-checks.json +51 -0
- package/scripts/cleanup-github-branches.sh +96 -72
- package/scripts/cleanup-local-merged-branches.sh +110 -0
- package/scripts/cleanup-worktrees.sh +222 -0
- package/scripts/lisa-github-repo-settings.sh +152 -0
- package/scripts/lisa-github-repo-setup.sh +73 -0
- package/scripts/lisa-github-rulesets.sh +612 -0
- package/scripts/setup-deploy-key.sh +62 -2
- package/typescript/github-rulesets/quality-checks.json +67 -0
- package/typescript/github-rulesets/base.json +0 -33
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "base",
|
|
3
|
+
"target": "branch",
|
|
4
|
+
"enforcement": "active",
|
|
5
|
+
"conditions": {
|
|
6
|
+
"ref_name": {
|
|
7
|
+
"exclude": [],
|
|
8
|
+
"include": [
|
|
9
|
+
"~DEFAULT_BRANCH",
|
|
10
|
+
"refs/heads/dev",
|
|
11
|
+
"refs/heads/staging",
|
|
12
|
+
"refs/heads/main"
|
|
13
|
+
]
|
|
14
|
+
}
|
|
15
|
+
},
|
|
16
|
+
"bypass_actors": [
|
|
17
|
+
{
|
|
18
|
+
"actor_id": null,
|
|
19
|
+
"actor_type": "DeployKey",
|
|
20
|
+
"bypass_mode": "always"
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
"actor_id": 5,
|
|
24
|
+
"actor_type": "RepositoryRole",
|
|
25
|
+
"bypass_mode": "always"
|
|
26
|
+
}
|
|
27
|
+
],
|
|
28
|
+
"rules": [
|
|
29
|
+
{
|
|
30
|
+
"type": "deletion"
|
|
31
|
+
},
|
|
32
|
+
{
|
|
33
|
+
"type": "non_fast_forward"
|
|
34
|
+
},
|
|
35
|
+
{
|
|
36
|
+
"type": "pull_request",
|
|
37
|
+
"parameters": {
|
|
38
|
+
"required_approving_review_count": 0,
|
|
39
|
+
"dismiss_stale_reviews_on_push": false,
|
|
40
|
+
"require_code_owner_review": false,
|
|
41
|
+
"require_last_push_approval": false,
|
|
42
|
+
"required_review_thread_resolution": true,
|
|
43
|
+
"allowed_merge_methods": ["merge"]
|
|
44
|
+
}
|
|
45
|
+
},
|
|
46
|
+
{
|
|
47
|
+
"type": "required_status_checks",
|
|
48
|
+
"parameters": {
|
|
49
|
+
"strict_required_status_checks_policy": false,
|
|
50
|
+
"do_not_enforce_on_create": false,
|
|
51
|
+
"required_status_checks": [
|
|
52
|
+
{
|
|
53
|
+
"context": "CodeRabbit",
|
|
54
|
+
"integration_id": 347564
|
|
55
|
+
},
|
|
56
|
+
{
|
|
57
|
+
"context": "GitGuardian Security Checks",
|
|
58
|
+
"integration_id": 46505
|
|
59
|
+
}
|
|
60
|
+
]
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
]
|
|
64
|
+
}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "prevent delete",
|
|
3
|
+
"target": "branch",
|
|
4
|
+
"enforcement": "active",
|
|
5
|
+
"conditions": {
|
|
6
|
+
"ref_name": {
|
|
7
|
+
"exclude": [],
|
|
8
|
+
"include": [
|
|
9
|
+
"~DEFAULT_BRANCH",
|
|
10
|
+
"refs/heads/dev",
|
|
11
|
+
"refs/heads/staging",
|
|
12
|
+
"refs/heads/main"
|
|
13
|
+
]
|
|
14
|
+
}
|
|
15
|
+
},
|
|
16
|
+
"bypass_actors": [],
|
|
17
|
+
"rules": [
|
|
18
|
+
{
|
|
19
|
+
"type": "deletion"
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
"type": "non_fast_forward"
|
|
23
|
+
}
|
|
24
|
+
]
|
|
25
|
+
}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "protect tags",
|
|
3
|
+
"target": "tag",
|
|
4
|
+
"enforcement": "active",
|
|
5
|
+
"conditions": {
|
|
6
|
+
"ref_name": {
|
|
7
|
+
"exclude": [],
|
|
8
|
+
"include": ["refs/tags/v*"]
|
|
9
|
+
}
|
|
10
|
+
},
|
|
11
|
+
"bypass_actors": [
|
|
12
|
+
{
|
|
13
|
+
"actor_id": null,
|
|
14
|
+
"actor_type": "DeployKey",
|
|
15
|
+
"bypass_mode": "always"
|
|
16
|
+
},
|
|
17
|
+
{
|
|
18
|
+
"actor_id": 5,
|
|
19
|
+
"actor_type": "RepositoryRole",
|
|
20
|
+
"bypass_mode": "always"
|
|
21
|
+
}
|
|
22
|
+
],
|
|
23
|
+
"rules": [
|
|
24
|
+
{
|
|
25
|
+
"type": "deletion"
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
"type": "non_fast_forward"
|
|
29
|
+
}
|
|
30
|
+
]
|
|
31
|
+
}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "playwright",
|
|
3
|
+
"target": "branch",
|
|
4
|
+
"enforcement": "active",
|
|
5
|
+
"conditions": {
|
|
6
|
+
"ref_name": {
|
|
7
|
+
"exclude": [],
|
|
8
|
+
"include": ["refs/heads/staging"]
|
|
9
|
+
}
|
|
10
|
+
},
|
|
11
|
+
"bypass_actors": [
|
|
12
|
+
{
|
|
13
|
+
"actor_id": null,
|
|
14
|
+
"actor_type": "DeployKey",
|
|
15
|
+
"bypass_mode": "always"
|
|
16
|
+
},
|
|
17
|
+
{
|
|
18
|
+
"actor_id": 5,
|
|
19
|
+
"actor_type": "RepositoryRole",
|
|
20
|
+
"bypass_mode": "always"
|
|
21
|
+
}
|
|
22
|
+
],
|
|
23
|
+
"rules": [
|
|
24
|
+
{
|
|
25
|
+
"type": "required_status_checks",
|
|
26
|
+
"parameters": {
|
|
27
|
+
"strict_required_status_checks_policy": false,
|
|
28
|
+
"do_not_enforce_on_create": true,
|
|
29
|
+
"required_status_checks": [
|
|
30
|
+
{
|
|
31
|
+
"context": "🔍 Quality Checks / 🎭 Playwright E2E Tests",
|
|
32
|
+
"integration_id": 15368
|
|
33
|
+
}
|
|
34
|
+
]
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
]
|
|
38
|
+
}
|
package/package.json
CHANGED
|
@@ -94,7 +94,7 @@
|
|
|
94
94
|
"ws": ">=8.20.1"
|
|
95
95
|
},
|
|
96
96
|
"name": "@codyswann/lisa",
|
|
97
|
-
"version": "2.
|
|
97
|
+
"version": "2.196.1",
|
|
98
98
|
"description": "Claude Code governance framework that applies guardrails, guidance, and automated enforcement to projects",
|
|
99
99
|
"main": "dist/index.js",
|
|
100
100
|
"exports": {
|
|
@@ -217,7 +217,7 @@
|
|
|
217
217
|
"vitest": "^4.1.9"
|
|
218
218
|
},
|
|
219
219
|
"devDependencies": {
|
|
220
|
-
"@codyswann/lisa": "^2.
|
|
220
|
+
"@codyswann/lisa": "^2.195.6",
|
|
221
221
|
"@types/js-yaml": "^4.0.9",
|
|
222
222
|
"@types/semver": "^7.7.1",
|
|
223
223
|
"eslint-plugin-oxlint": "^1.62.0",
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: lisa-setup-github-repo
|
|
3
|
+
description: "Apply Lisa's GitHub repository…"
|
|
4
|
+
allowed-tools: ["Bash", "Read", "AskUserQuestion"]
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Setup GitHub Repository Governance
|
|
8
|
+
|
|
9
|
+
Apply the fleet-standard GitHub repository configuration to this project's repo. The settings, rulesets, and deploy key that used to be clicked together by hand for every new repo are applied here as one scripted flow.
|
|
10
|
+
|
|
11
|
+
## What gets applied
|
|
12
|
+
|
|
13
|
+
1. **Repository settings** (`scripts/lisa-github-repo-settings.sh`)
|
|
14
|
+
- Merge commits on; squash and rebase merging **off** (merge-only policy)
|
|
15
|
+
- Merge commit title/message from the PR (`MERGE_MESSAGE` / `PR_TITLE`)
|
|
16
|
+
- Auto-merge **on** — per-repo opt-out via `.lisa.config.json`:
|
|
17
|
+
```json
|
|
18
|
+
{ "github": { "settings": { "allow_auto_merge": false } } }
|
|
19
|
+
```
|
|
20
|
+
(any key under `github.settings` overrides the baseline)
|
|
21
|
+
- Delete head branches after merge (environment branches survive — the rulesets' `deletion` rule means GitHub refuses to delete them)
|
|
22
|
+
- "Always suggest updating pull request branches" on
|
|
23
|
+
- GitHub wiki tab off (Lisa projects use in-repo `wiki/`)
|
|
24
|
+
- Secret scanning + push protection enabled where the plan supports it
|
|
25
|
+
2. **Rulesets** (`scripts/lisa-github-rulesets.sh`) from Lisa's `<type>/github-rulesets/` templates, matched by project type:
|
|
26
|
+
- `base` — deletion/force-push protection on `main`/`dev`/`staging` + default, PRs required (0 approvals, review-thread resolution required, merge method = merge only), required checks: CodeRabbit + GitGuardian
|
|
27
|
+
- `quality checks` — the stack's CI checks (TypeScript emoji names or Rails names)
|
|
28
|
+
- `prevent delete`, `protect tags` (`v*`), plus stack overlays (`cdk validation`, staging-only `playwright`)
|
|
29
|
+
- Repos without `.github/workflows/` get only app-based required checks — an Actions check that can never report would block every PR forever
|
|
30
|
+
3. **Deploy key** (`scripts/setup-deploy-key.sh --yes`) — write-access deploy key + `DEPLOY_KEY` secret, skipped when already configured. The `base` ruleset's `DeployKey: always` bypass is what lets CI version-bump pushes through protected branches.
|
|
31
|
+
|
|
32
|
+
## Workflow
|
|
33
|
+
|
|
34
|
+
### Step 1 — Locate the scripts
|
|
35
|
+
|
|
36
|
+
In the Lisa repo itself, use `scripts/` directly. In a downstream project, use the installed package:
|
|
37
|
+
|
|
38
|
+
```bash
|
|
39
|
+
LISA_SCRIPTS=$(ls -d node_modules/@codyswann/lisa/scripts 2>/dev/null || echo scripts)
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
### Step 2 — Dry-run and show the plan
|
|
43
|
+
|
|
44
|
+
```bash
|
|
45
|
+
bash "$LISA_SCRIPTS/lisa-github-repo-setup.sh" --dry-run .
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
Present what would change. If the repo already matches the baseline, say so and stop.
|
|
49
|
+
|
|
50
|
+
### Step 3 — Apply
|
|
51
|
+
|
|
52
|
+
```bash
|
|
53
|
+
bash "$LISA_SCRIPTS/lisa-github-repo-setup.sh" .
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
Requires `gh` authenticated with **admin** permission on the repo. A 403 on rulesets means the plan doesn't support them (private repo on a free personal plan) — settings and deploy key still apply; the script skips rulesets gracefully.
|
|
57
|
+
|
|
58
|
+
### Step 4 — Verify
|
|
59
|
+
|
|
60
|
+
```bash
|
|
61
|
+
gh api "repos/$(gh repo view --json nameWithOwner -q .nameWithOwner)" \
|
|
62
|
+
--jq '{allow_squash_merge, allow_auto_merge, delete_branch_on_merge, allow_update_branch}'
|
|
63
|
+
gh api "repos/$(gh repo view --json nameWithOwner -q .nameWithOwner)/rulesets" --jq '[.[].name]'
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
Report the applied settings and ruleset names. If any step failed, surface the error — do not mark the setup complete.
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: "Apply Lisa's GitHub repository governance baseline: merge-only settings with auto-merge and delete-branch-on-merge, branch + tag rulesets (CodeRabbit/GitGuardian/Quality Checks gates, prevent delete, protect tags), and a CI deploy key + DEPLOY_KEY secret. Idempotent; per-repo overrides via .lisa.config.json github.settings."
|
|
3
|
+
allowed-tools: ["Skill"]
|
|
4
|
+
argument-hint: ""
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
Use the /lisa-setup-github-repo skill to apply the GitHub repository governance baseline. $ARGUMENTS
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: lisa-setup-github-repo
|
|
3
|
+
description: "Apply Lisa's GitHub repository governance baseline to the current project's repo: repository settings (merge-only, auto-merge, delete-branch-on-merge, update-branch suggestions, wiki off, secret scanning where available), branch + tag rulesets from Lisa templates (base PR gate with CodeRabbit/GitGuardian/Quality Checks, prevent delete, protect tags, stack overlays), and a write-access deploy key + DEPLOY_KEY secret so release workflows can push version bumps through the rulesets' DeployKey bypass. Idempotent — re-running updates settings and rulesets in place and skips an already-configured deploy key."
|
|
4
|
+
allowed-tools: ["Bash", "Read", "AskUserQuestion"]
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Setup GitHub Repository Governance
|
|
8
|
+
|
|
9
|
+
Apply the fleet-standard GitHub repository configuration to this project's repo. The settings, rulesets, and deploy key that used to be clicked together by hand for every new repo are applied here as one scripted flow.
|
|
10
|
+
|
|
11
|
+
## What gets applied
|
|
12
|
+
|
|
13
|
+
1. **Repository settings** (`scripts/lisa-github-repo-settings.sh`)
|
|
14
|
+
- Merge commits on; squash and rebase merging **off** (merge-only policy)
|
|
15
|
+
- Merge commit title/message from the PR (`MERGE_MESSAGE` / `PR_TITLE`)
|
|
16
|
+
- Auto-merge **on** — per-repo opt-out via `.lisa.config.json`:
|
|
17
|
+
```json
|
|
18
|
+
{ "github": { "settings": { "allow_auto_merge": false } } }
|
|
19
|
+
```
|
|
20
|
+
(any key under `github.settings` overrides the baseline)
|
|
21
|
+
- Delete head branches after merge (environment branches survive — the rulesets' `deletion` rule means GitHub refuses to delete them)
|
|
22
|
+
- "Always suggest updating pull request branches" on
|
|
23
|
+
- GitHub wiki tab off (Lisa projects use in-repo `wiki/`)
|
|
24
|
+
- Secret scanning + push protection enabled where the plan supports it
|
|
25
|
+
2. **Rulesets** (`scripts/lisa-github-rulesets.sh`) from Lisa's `<type>/github-rulesets/` templates, matched by project type:
|
|
26
|
+
- `base` — deletion/force-push protection on `main`/`dev`/`staging` + default, PRs required (0 approvals, review-thread resolution required, merge method = merge only), required checks: CodeRabbit + GitGuardian
|
|
27
|
+
- `quality checks` — the stack's CI checks (TypeScript emoji names or Rails names)
|
|
28
|
+
- `prevent delete`, `protect tags` (`v*`), plus stack overlays (`cdk validation`, staging-only `playwright`)
|
|
29
|
+
- Repos without `.github/workflows/` get only app-based required checks — an Actions check that can never report would block every PR forever
|
|
30
|
+
3. **Deploy key** (`scripts/setup-deploy-key.sh --yes`) — write-access deploy key + `DEPLOY_KEY` secret, skipped when already configured. The `base` ruleset's `DeployKey: always` bypass is what lets CI version-bump pushes through protected branches.
|
|
31
|
+
|
|
32
|
+
## Workflow
|
|
33
|
+
|
|
34
|
+
### Step 1 — Locate the scripts
|
|
35
|
+
|
|
36
|
+
In the Lisa repo itself, use `scripts/` directly. In a downstream project, use the installed package:
|
|
37
|
+
|
|
38
|
+
```bash
|
|
39
|
+
LISA_SCRIPTS=$(ls -d node_modules/@codyswann/lisa/scripts 2>/dev/null || echo scripts)
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
### Step 2 — Dry-run and show the plan
|
|
43
|
+
|
|
44
|
+
```bash
|
|
45
|
+
bash "$LISA_SCRIPTS/lisa-github-repo-setup.sh" --dry-run .
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
Present what would change. If the repo already matches the baseline, say so and stop.
|
|
49
|
+
|
|
50
|
+
### Step 3 — Apply
|
|
51
|
+
|
|
52
|
+
```bash
|
|
53
|
+
bash "$LISA_SCRIPTS/lisa-github-repo-setup.sh" .
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
Requires `gh` authenticated with **admin** permission on the repo. A 403 on rulesets means the plan doesn't support them (private repo on a free personal plan) — settings and deploy key still apply; the script skips rulesets gracefully.
|
|
57
|
+
|
|
58
|
+
### Step 4 — Verify
|
|
59
|
+
|
|
60
|
+
```bash
|
|
61
|
+
gh api "repos/$(gh repo view --json nameWithOwner -q .nameWithOwner)" \
|
|
62
|
+
--jq '{allow_squash_merge, allow_auto_merge, delete_branch_on_merge, allow_update_branch}'
|
|
63
|
+
gh api "repos/$(gh repo view --json nameWithOwner -q .nameWithOwner)/rulesets" --jq '[.[].name]'
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
Report the applied settings and ruleset names. If any step failed, surface the error — do not mark the setup complete.
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
display_name: "Setup Github Repo"
|
|
2
|
+
short_description: "Apply Lisa's GitHub repository governance baseline to the current project's repo: repository settings (merge-only, auto-merge…"
|
|
3
|
+
default_prompt:
|
|
4
|
+
- "Use $lisa-setup-github-repo: Apply Lisa's GitHub repository governance baseline to the current project's repo: repository settings (merge-only, auto-merge…."
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: "Apply Lisa's GitHub repository governance baseline: merge-only settings with auto-merge and delete-branch-on-merge, branch + tag rulesets (CodeRabbit/GitGuardian/Quality Checks gates, prevent delete, protect tags), and a CI deploy key + DEPLOY_KEY secret. Idempotent; per-repo overrides via .lisa.config.json github.settings."
|
|
3
|
+
allowed-tools: ["Skill"]
|
|
4
|
+
argument-hint: ""
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
Use the /lisa-setup-github-repo skill to apply the GitHub repository governance baseline. $ARGUMENTS
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: lisa-setup-github-repo
|
|
3
|
+
description: "Apply Lisa's GitHub repository governance baseline to the current project's repo: repository settings (merge-only, auto-merge, delete-branch-on-merge, update-branch suggestions, wiki off, secret scanning where available), branch + tag rulesets from Lisa templates (base PR gate with CodeRabbit/GitGuardian/Quality Checks, prevent delete, protect tags, stack overlays), and a write-access deploy key + DEPLOY_KEY secret so release workflows can push version bumps through the rulesets' DeployKey bypass. Idempotent — re-running updates settings and rulesets in place and skips an already-configured deploy key."
|
|
4
|
+
allowed-tools: ["Bash", "Read", "AskUserQuestion"]
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Setup GitHub Repository Governance
|
|
8
|
+
|
|
9
|
+
Apply the fleet-standard GitHub repository configuration to this project's repo. The settings, rulesets, and deploy key that used to be clicked together by hand for every new repo are applied here as one scripted flow.
|
|
10
|
+
|
|
11
|
+
## What gets applied
|
|
12
|
+
|
|
13
|
+
1. **Repository settings** (`scripts/lisa-github-repo-settings.sh`)
|
|
14
|
+
- Merge commits on; squash and rebase merging **off** (merge-only policy)
|
|
15
|
+
- Merge commit title/message from the PR (`MERGE_MESSAGE` / `PR_TITLE`)
|
|
16
|
+
- Auto-merge **on** — per-repo opt-out via `.lisa.config.json`:
|
|
17
|
+
```json
|
|
18
|
+
{ "github": { "settings": { "allow_auto_merge": false } } }
|
|
19
|
+
```
|
|
20
|
+
(any key under `github.settings` overrides the baseline)
|
|
21
|
+
- Delete head branches after merge (environment branches survive — the rulesets' `deletion` rule means GitHub refuses to delete them)
|
|
22
|
+
- "Always suggest updating pull request branches" on
|
|
23
|
+
- GitHub wiki tab off (Lisa projects use in-repo `wiki/`)
|
|
24
|
+
- Secret scanning + push protection enabled where the plan supports it
|
|
25
|
+
2. **Rulesets** (`scripts/lisa-github-rulesets.sh`) from Lisa's `<type>/github-rulesets/` templates, matched by project type:
|
|
26
|
+
- `base` — deletion/force-push protection on `main`/`dev`/`staging` + default, PRs required (0 approvals, review-thread resolution required, merge method = merge only), required checks: CodeRabbit + GitGuardian
|
|
27
|
+
- `quality checks` — the stack's CI checks (TypeScript emoji names or Rails names)
|
|
28
|
+
- `prevent delete`, `protect tags` (`v*`), plus stack overlays (`cdk validation`, staging-only `playwright`)
|
|
29
|
+
- Repos without `.github/workflows/` get only app-based required checks — an Actions check that can never report would block every PR forever
|
|
30
|
+
3. **Deploy key** (`scripts/setup-deploy-key.sh --yes`) — write-access deploy key + `DEPLOY_KEY` secret, skipped when already configured. The `base` ruleset's `DeployKey: always` bypass is what lets CI version-bump pushes through protected branches.
|
|
31
|
+
|
|
32
|
+
## Workflow
|
|
33
|
+
|
|
34
|
+
### Step 1 — Locate the scripts
|
|
35
|
+
|
|
36
|
+
In the Lisa repo itself, use `scripts/` directly. In a downstream project, use the installed package:
|
|
37
|
+
|
|
38
|
+
```bash
|
|
39
|
+
LISA_SCRIPTS=$(ls -d node_modules/@codyswann/lisa/scripts 2>/dev/null || echo scripts)
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
### Step 2 — Dry-run and show the plan
|
|
43
|
+
|
|
44
|
+
```bash
|
|
45
|
+
bash "$LISA_SCRIPTS/lisa-github-repo-setup.sh" --dry-run .
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
Present what would change. If the repo already matches the baseline, say so and stop.
|
|
49
|
+
|
|
50
|
+
### Step 3 — Apply
|
|
51
|
+
|
|
52
|
+
```bash
|
|
53
|
+
bash "$LISA_SCRIPTS/lisa-github-repo-setup.sh" .
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
Requires `gh` authenticated with **admin** permission on the repo. A 403 on rulesets means the plan doesn't support them (private repo on a free personal plan) — settings and deploy key still apply; the script skips rulesets gracefully.
|
|
57
|
+
|
|
58
|
+
### Step 4 — Verify
|
|
59
|
+
|
|
60
|
+
```bash
|
|
61
|
+
gh api "repos/$(gh repo view --json nameWithOwner -q .nameWithOwner)" \
|
|
62
|
+
--jq '{allow_squash_merge, allow_auto_merge, delete_branch_on_merge, allow_update_branch}'
|
|
63
|
+
gh api "repos/$(gh repo view --json nameWithOwner -q .nameWithOwner)/rulesets" --jq '[.[].name]'
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
Report the applied settings and ruleset names. If any step failed, surface the error — do not mark the setup complete.
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: "Apply Lisa's GitHub repository governance baseline: merge-only settings with auto-merge and delete-branch-on-merge, branch + tag rulesets (CodeRabbit/GitGuardian/Quality Checks gates, prevent delete, protect tags), and a CI deploy key + DEPLOY_KEY secret. Idempotent; per-repo overrides via .lisa.config.json github.settings."
|
|
3
|
+
allowed-tools: ["Skill"]
|
|
4
|
+
argument-hint: ""
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
Use the /lisa-setup-github-repo skill to apply the GitHub repository governance baseline. $ARGUMENTS
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: lisa-setup-github-repo
|
|
3
|
+
description: "Apply Lisa's GitHub repository governance baseline to the current project's repo: repository settings (merge-only, auto-merge, delete-branch-on-merge, update-branch suggestions, wiki off, secret scanning where available), branch + tag rulesets from Lisa templates (base PR gate with CodeRabbit/GitGuardian/Quality Checks, prevent delete, protect tags, stack overlays), and a write-access deploy key + DEPLOY_KEY secret so release workflows can push version bumps through the rulesets' DeployKey bypass. Idempotent — re-running updates settings and rulesets in place and skips an already-configured deploy key."
|
|
4
|
+
allowed-tools: ["Bash", "Read", "AskUserQuestion"]
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Setup GitHub Repository Governance
|
|
8
|
+
|
|
9
|
+
Apply the fleet-standard GitHub repository configuration to this project's repo. The settings, rulesets, and deploy key that used to be clicked together by hand for every new repo are applied here as one scripted flow.
|
|
10
|
+
|
|
11
|
+
## What gets applied
|
|
12
|
+
|
|
13
|
+
1. **Repository settings** (`scripts/lisa-github-repo-settings.sh`)
|
|
14
|
+
- Merge commits on; squash and rebase merging **off** (merge-only policy)
|
|
15
|
+
- Merge commit title/message from the PR (`MERGE_MESSAGE` / `PR_TITLE`)
|
|
16
|
+
- Auto-merge **on** — per-repo opt-out via `.lisa.config.json`:
|
|
17
|
+
```json
|
|
18
|
+
{ "github": { "settings": { "allow_auto_merge": false } } }
|
|
19
|
+
```
|
|
20
|
+
(any key under `github.settings` overrides the baseline)
|
|
21
|
+
- Delete head branches after merge (environment branches survive — the rulesets' `deletion` rule means GitHub refuses to delete them)
|
|
22
|
+
- "Always suggest updating pull request branches" on
|
|
23
|
+
- GitHub wiki tab off (Lisa projects use in-repo `wiki/`)
|
|
24
|
+
- Secret scanning + push protection enabled where the plan supports it
|
|
25
|
+
2. **Rulesets** (`scripts/lisa-github-rulesets.sh`) from Lisa's `<type>/github-rulesets/` templates, matched by project type:
|
|
26
|
+
- `base` — deletion/force-push protection on `main`/`dev`/`staging` + default, PRs required (0 approvals, review-thread resolution required, merge method = merge only), required checks: CodeRabbit + GitGuardian
|
|
27
|
+
- `quality checks` — the stack's CI checks (TypeScript emoji names or Rails names)
|
|
28
|
+
- `prevent delete`, `protect tags` (`v*`), plus stack overlays (`cdk validation`, staging-only `playwright`)
|
|
29
|
+
- Repos without `.github/workflows/` get only app-based required checks — an Actions check that can never report would block every PR forever
|
|
30
|
+
3. **Deploy key** (`scripts/setup-deploy-key.sh --yes`) — write-access deploy key + `DEPLOY_KEY` secret, skipped when already configured. The `base` ruleset's `DeployKey: always` bypass is what lets CI version-bump pushes through protected branches.
|
|
31
|
+
|
|
32
|
+
## Workflow
|
|
33
|
+
|
|
34
|
+
### Step 1 — Locate the scripts
|
|
35
|
+
|
|
36
|
+
In the Lisa repo itself, use `scripts/` directly. In a downstream project, use the installed package:
|
|
37
|
+
|
|
38
|
+
```bash
|
|
39
|
+
LISA_SCRIPTS=$(ls -d node_modules/@codyswann/lisa/scripts 2>/dev/null || echo scripts)
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
### Step 2 — Dry-run and show the plan
|
|
43
|
+
|
|
44
|
+
```bash
|
|
45
|
+
bash "$LISA_SCRIPTS/lisa-github-repo-setup.sh" --dry-run .
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
Present what would change. If the repo already matches the baseline, say so and stop.
|
|
49
|
+
|
|
50
|
+
### Step 3 — Apply
|
|
51
|
+
|
|
52
|
+
```bash
|
|
53
|
+
bash "$LISA_SCRIPTS/lisa-github-repo-setup.sh" .
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
Requires `gh` authenticated with **admin** permission on the repo. A 403 on rulesets means the plan doesn't support them (private repo on a free personal plan) — settings and deploy key still apply; the script skips rulesets gracefully.
|
|
57
|
+
|
|
58
|
+
### Step 4 — Verify
|
|
59
|
+
|
|
60
|
+
```bash
|
|
61
|
+
gh api "repos/$(gh repo view --json nameWithOwner -q .nameWithOwner)" \
|
|
62
|
+
--jq '{allow_squash_merge, allow_auto_merge, delete_branch_on_merge, allow_update_branch}'
|
|
63
|
+
gh api "repos/$(gh repo view --json nameWithOwner -q .nameWithOwner)/rulesets" --jq '[.[].name]'
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
Report the applied settings and ruleset names. If any step failed, surface the error — do not mark the setup complete.
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: "Apply Lisa's GitHub repository governance baseline: merge-only settings with auto-merge and delete-branch-on-merge, branch + tag rulesets (CodeRabbit/GitGuardian/Quality Checks gates, prevent delete, protect tags), and a CI deploy key + DEPLOY_KEY secret. Idempotent; per-repo overrides via .lisa.config.json github.settings."
|
|
3
|
+
allowed-tools: ["Skill"]
|
|
4
|
+
argument-hint: ""
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
Use the /lisa-setup-github-repo skill to apply the GitHub repository governance baseline. $ARGUMENTS
|