To work around persistent GitHub bugs we have had the past few years related
to setting the member privilege level for many of our organizations to not
allow members to create repos, we are exploring this new opt-in only feature
flag called "direct new repo lockdown" that will help us to try and experiment
a way to allow our members to directly create repos.
The current prototyping design of this feature is:
1. if a repo is created by a GitHub App (a bot) or an approved system operations account, or the existing new repo workflow, no-op
2. if a repo is created by a member of the GitHub org, the repo is "locked down" - removing their collaborator and team permissions - and they are sent an e-mail asking them to complete the new repo setup by entering into our existing internal wizard for that.
The feature flag must be enabled in 2 places:
1. the app itself must opt in to the feature being available
2. an organization setting must opt in to the feature via configuration
This system requires a few specific parts of the monolithic app to
function: the use of a repository metadata provider (Postgres is what
we are using) to store additional source-of-truth data for a repo,
and also connecting to webhooks either through an org-level webhook
or a GitHub App that has a configured hook.
7280254b9e