Organization-wide GitHub defaults and shared automation.
This repository now provides:
- A centralized reusable workflow:
.github/workflows/org-bot.yml - A workflow template for other repositories:
.github/workflow-templates/org-bot-caller.yml
In Organization Settings → Secrets and variables → Actions, create:
EMAIL_USEREMAIL_PASS
Grant both secrets to all repositories that should use the bot.
In each target repository, add the caller workflow from template:
.github/workflows/org-bot-caller.yml
Or copy this minimum caller workflow:
name: Organization Issue/PR Bot Caller
on:
issues:
types: [opened]
pull_request_target:
types: [opened]
permissions:
contents: read
issues: write
pull-requests: write
jobs:
org-bot:
uses: th30d4y/.github/.github/workflows/org-bot.yml@main
with:
event_type: ${{ github.event_name == 'issues' && 'Issue' || 'Pull Request' }}
number: ${{ github.event.issue.number || github.event.pull_request.number }}
title: ${{ github.event.issue.title || github.event.pull_request.title }}
url: ${{ github.event.issue.html_url || github.event.pull_request.html_url }}
secrets: inheritSecurity note: this uses
pull_request_targetso the bot can post welcome comments on fork PRs. Keep this workflow free of checkout/build/test steps that execute PR branch code.
Tip: once you publish a stable tag for this workflow (for example
v1), prefer@v1instead of@mainso repositories get controlled, versioned updates instead of inheriting breaking changes immediately.
- Enable on 1–2 repositories first.
- Open a test issue and a test PR to confirm:
- welcome comment is posted
- owner email is sent
- Roll out to remaining repositories.
If your GitHub plan supports required workflows/rulesets, enforce the caller workflow org-wide. Otherwise, each repository must include the caller workflow file.