Reusable GitHub Actions workflows and tooling for repository governance.
flowchart LR
subgraph Feature["feature/*"]
F1["feature/foo"]
end
subgraph Release["v*.*.*"]
R1["v1.0.0"]
end
subgraph Infra["system/*"]
I1["system/add-workflow"]
end
subgraph Master["master"]
M(["default branch"])
end
F1 -- " squash & merge " --> R1
R1 -- " merge commit " --> M
I1 -- " merge commit " --> M
A reusable workflow that blocks pull requests to master unless the source branch starts with v (release branches) or
system/ (infrastructure changes).
# .github/workflows/check-source-branch.yml
name: Check source branch
on:
pull_request:
branches: [ master ]
jobs:
check:
uses: FlorexLabs/shared-workflows/.github/workflows/check-source-branch.yml@masterCLI tool to configure branch rulesets and the check-source-branch workflow on any GitHub repository.
setup_repo_flow <owner/repo> # Full setup (rulesets + workflow bootstrap)
setup_repo_flow <owner/repo> --rulesets # Rulesets only
setup_repo_flow <owner/repo> --checks # Enable required_status_checks (after workflow is in master)| Rule | Applies to | Merge method | Direct push |
|---|---|---|---|
| Master | master / default branch |
merge only |
Blocked |
| Release branches | v*.*.* |
squash only |
Blocked |
On first run, if check-source-branch.yml is missing from master, the script creates a system/add-source-check
branch and opens a pull request. After merging it, run setup_repo_flow <owner/repo> --checks to enable the
required_status_checks branch protection rule.
- GitHub CLI (
gh) installed and authenticated - Write access to the target repository