Skip to content

Flip renovate-config to public (after gitleaks) #17

Description

@jorisjonkers-dev-agents

Context. renovate-config holds only the shared Renovate preset (no secrets) and should be public for reuse. The agent's App cannot change visibility (administration, 403).

Depends on. #16 (the Main ruleset should be in place first so the public repo is protected).

Steps

  • Scan the current tree (and ideally full history) for secrets:
gitleaks detect --source /path/to/renovate-config --redact --exit-code 1
  • If clean, flip visibility:
gh repo edit JorisJonkers-dev/renovate-config --visibility public --accept-visibility-change-consequences
  • If history is not clean, instead publish a fresh clean copy of just the preset and archive the old repo.

Acceptance

  • renovate-config is public, gitleaks-clean, and still consumed by renovate.json extends across repos.

Where to run: Run from anywhere on your machine (e.g. your home dir) — these are gh commands that call the GitHub API and name each repo explicitly (repos/$ORG/<repo> / $ORG/<repo>), so you do not need to be inside a cloned repo. The only requirement is gh auth status showing an org-admin identity (PAT with repo+admin:org, or your owner login). Steps that scan files (e.g. gitleaks) are the exception and need a local checkout — clone a throwaway copy first.

Metadata

Metadata

Assignees

No one assigned

    Labels

    governanceRepo protection, permissions, visibilityowner-actionRequires owner/admin access — not automatable by the agent

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions