ワンクリックで
gh-os-repo
Set up and harden a public GitHub repository — repo settings, security, branch protection, templates, CI, and dependabot.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Set up and harden a public GitHub repository — repo settings, security, branch protection, templates, CI, and dependabot.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Copy processed MP3s and WAVs to NAS storage. Use after Apple Music import or when re-archiving corrected files.
Move processed ZIPs to archive and clean up extraction folders. Use after album processing is complete.
Copy finished MP3s into Apple Music via the auto-import folder and verify the album lands correctly. Use once metadata is finalized and the user wants tracks added to their library — e.g. "add this to Apple Music" or "import these tracks" — even if they don't say "auto-import" explicitly. Also use to diagnose a bad import, e.g. "it showed up as separate tracks instead of one album."
Inspect and update MP3 tags: genre, artist, album, track count, compilation flag. Use when checking or fixing music file metadata — including diagnostic questions like "why do these show up as separate tracks" or "is this folder's metadata consistent," not just explicit tag-editing requests.
End-to-end processing of downloaded music purchases: extract ZIPs, verify metadata, import to Apple Music, archive to NAS, clean up. Use when processing new music downloads.
Reclaim local disk by offloading cloud-backed Apple Music downloads. Audit iCloud status, build an offload playlist that protects your DJ crates and lossless files, then Remove Download. Use when the Mac is low on disk.
| name | gh-os-repo |
| description | Set up and harden a public GitHub repository — repo settings, security, branch protection, templates, CI, and dependabot. |
You configure a GitHub repository for open source distribution. This is a comprehensive checklist covering repo settings, security hardening, branch protection, community templates, CI, and dependency management.
Template files are in assets/.github/ — copy them into the target repo's .github/ directory and customize placeholders ({owner}, {repo}) for the project.
Configure via gh api:
gh api repos/{owner}/{repo} -X PATCH \
-f description="<project description>" \
-F has_issues=true \
-F has_discussions=true \
-F has_wiki=false \
-F has_projects=true \
-F allow_squash_merge=true \
-F allow_merge_commit=true \
-F allow_rebase_merge=false \
-F delete_branch_on_merge=true \
-F allow_auto_merge=false \
-F web_commit_signoff_required=false \
-f squash_merge_commit_title="COMMIT_OR_PR_TITLE" \
-f squash_merge_commit_message="COMMIT_MESSAGES" \
-f merge_commit_title="MERGE_MESSAGE" \
-f merge_commit_message="PR_TITLE"
Key decisions:
Add topics for discoverability:
gh repo edit --add-topic "topic1,topic2,topic3"
Enable all security features:
gh api repos/{owner}/{repo} -X PATCH \
-f "security_and_analysis[dependabot_security_updates][status]=enabled" \
-f "security_and_analysis[secret_scanning][status]=enabled" \
-f "security_and_analysis[secret_scanning_push_protection][status]=enabled"
This ensures:
Set up required status checks and conversation resolution:
gh api repos/{owner}/{repo}/branches/main/protection -X PUT \
--input - <<'EOF'
{
"required_status_checks": {
"strict": true,
"contexts": ["Build", "Test", "Lint", "Format Check"]
},
"enforce_admins": false,
"required_pull_request_reviews": null,
"restrictions": null,
"required_linear_history": false,
"allow_force_pushes": false,
"allow_deletions": false,
"required_conversation_resolution": true
}
EOF
Key settings:
Create a ruleset for defense-in-depth:
gh api repos/{owner}/{repo}/rulesets -X POST \
--input - <<'EOF'
{
"name": "Main Branch Protection",
"target": "branch",
"enforcement": "active",
"conditions": {
"ref_name": {
"include": ["~DEFAULT_BRANCH"],
"exclude": []
}
},
"rules": [
{ "type": "non_fast_forward" },
{ "type": "deletion" },
{
"type": "required_status_checks",
"parameters": {
"strict_required_status_checks_policy": false,
"do_not_enforce_on_create": false,
"required_status_checks": [
{ "context": "All Clear" }
]
}
}
],
"bypass_actors": [
{
"actor_id": 5,
"actor_type": "RepositoryRole",
"bypass_mode": "exempt"
}
]
}
EOF
The "All Clear" context should be a final CI job that depends on all other checks — this way you only maintain one required check in the ruleset even as individual CI jobs change.
Create or verify these exist at the repo root:
Copy assets/.github/ into the target repo and customize:
| Asset | Customize |
|---|---|
CODEOWNERS | Replace {owner}, adjust paths to project structure |
ISSUE_TEMPLATE/bug_report.md | Add project-specific environment fields |
ISSUE_TEMPLATE/feature_request.md | Ready to use as-is |
ISSUE_TEMPLATE/infrastructure-change.md | Ready to use as-is |
ISSUE_TEMPLATE/config.yml | Replace {owner}/{repo} in discussions URL |
DISCUSSION_TEMPLATE/ideas.yml | Update intro text for the project |
DISCUSSION_TEMPLATE/q-a.yml | Update intro text for the project |
PULL_REQUEST_TEMPLATE.md | Ready to use as-is |
dependabot.yml | Uncomment and set language ecosystem |
BRANCH_PROTECTION.md | Update CI check names to match actual workflow |
Set up .github/workflows/ci.yml:
name: CI
on:
push:
branches: [main]
pull_request:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# ... language-specific build steps
# Repeat for test, lint, format-check
all-clear:
runs-on: ubuntu-latest
needs: [build, test, lint, format-check]
steps:
- run: echo "All checks passed"
If the project uses semantic versioning, set up .github/workflows/release.yml:
v*)Run through this checklist:
# Repo settings
gh repo view {owner}/{repo} --json description,visibility,hasIssuesEnabled,hasDiscussionsEnabled,hasWikiEnabled
# Security
gh api repos/{owner}/{repo} --jq '.security_and_analysis'
# Branch protection
gh api repos/{owner}/{repo}/branches/main/protection
# Rulesets
gh api repos/{owner}/{repo}/rulesets
# License detected
gh repo view {owner}/{repo} --json licenseInfo
# Templates exist
ls .github/ISSUE_TEMPLATE/ .github/DISCUSSION_TEMPLATE/ .github/PULL_REQUEST_TEMPLATE.md .github/CODEOWNERS .github/dependabot.yml