GitHub Org Manager¶
GitHub Org Manager (GOM) is an Infrastructure as Code platform for managing GitHub organizations through YAML configuration files stored in a git "control repo". Every change to your org — repos, teams, branch protection rules, deployment environments — is made through a pull request.
How It Works¶
Control Repo PR opened
│
▼
GOM evaluates changes
│
▼
Posts PR comment:
"Here's what will change"
│
▼
PR reviewed & merged
│
▼
GOM applies changes
│
▼
Posts PR comment:
"Here's what changed"
- Open a PR against your control repo (e.g. add a new
repos/my-new-repo.yaml) - GOM comments on the PR with a preview of exactly what will change
- Merge the PR after peer review
- GOM applies the changes and comments again with results
Scheduled runs also ensure your org continuously drifts back toward the desired state in config.
What GOM Manages¶
| Resource | Supported Operations |
|---|---|
| Repositories | Create, update settings, archive, manage team access |
| IDP Teams | Create (linked to IDP external groups) |
| Branch Protection Rules | Create, update, delete per-branch rules |
| Deployment Environments | Create, update, delete with reviewer gates |
| Org Settings | Member privileges, base permissions |
Key Concepts¶
- Control repo — A git repo (auto-created on install, named
github_org_manager_<orgname>) that holds all YAML config for your org - IDP teams — GOM only manages
GHEC_*prefixed teams that are linked to your Identity Provider; non-IDP teams on repos are left untouched - Dry run — PR-open triggers always run in read-only mode; push triggers (merged PRs) apply changes
- Auto-merge — PRs from trusted bot identities that only touch
repos/orteams/files are merged automatically
Support¶
Reach out in the #det-github-org-manager Slack channel.