Context. renovate-config holds only the shared Renovate preset (no secrets) and should be public for reuse. The agent's App cannot change visibility (administration, 403).
Depends on. #16 (the Main ruleset should be in place first so the public repo is protected).
Steps
gitleaks detect --source /path/to/renovate-config --redact --exit-code 1
gh repo edit JorisJonkers-dev/renovate-config --visibility public --accept-visibility-change-consequences
Acceptance
Where to run: Run from anywhere on your machine (e.g. your home dir) — these are gh commands that call the GitHub API and name each repo explicitly (repos/$ORG/<repo> / $ORG/<repo>), so you do not need to be inside a cloned repo. The only requirement is gh auth status showing an org-admin identity (PAT with repo+admin:org, or your owner login). Steps that scan files (e.g. gitleaks) are the exception and need a local checkout — clone a throwaway copy first.
Context.
renovate-configholds only the shared Renovate preset (no secrets) and should be public for reuse. The agent's App cannot change visibility (administration, 403).Depends on. #16 (the Main ruleset should be in place first so the public repo is protected).
Steps
Acceptance
renovate-configis public, gitleaks-clean, and still consumed byrenovate.jsonextends across repos.Where to run: Run from anywhere on your machine (e.g. your home dir) — these are
ghcommands that call the GitHub API and name each repo explicitly (repos/$ORG/<repo>/$ORG/<repo>), so you do not need to be inside a cloned repo. The only requirement isgh auth statusshowing an org-admin identity (PAT withrepo+admin:org, or your owner login). Steps that scan files (e.g.gitleaks) are the exception and need a local checkout — clone a throwaway copy first.