Skip to main content
This section provides practical, production-ready configuration examples for Safe Settings. Each example is based on real-world use cases and demonstrates best practices for managing GitHub repository settings as code.

Example Categories

Getting Started

Basic Setup

Complete starter configuration for a new organization with sensible defaults

Core Features

Branch Protection

Examples of branch protection rules with different security requirements

Team Management

Team permissions with include/exclude patterns for flexible access control

Advanced Patterns

Multi-Level Config

How org, suborg, and repo configurations merge together

Custom Validation

Real examples of configvalidators and overridevalidators

Understanding the Configuration Hierarchy

Safe Settings uses a three-level configuration hierarchy: Precedence: Repository > Sub-Organization > Organization Settings at lower levels override settings at higher levels, allowing you to:
  • Set organization-wide defaults
  • Customize settings for groups of repositories (suborgs)
  • Override specific settings for individual repositories

Common Use Cases

Enforce Security Standards

Set minimum security requirements at the org level (required approvals, status checks) while allowing teams to add stricter controls.

Manage Team Permissions

Define team access patterns that automatically apply to repositories based on naming conventions or team membership.

Prevent Configuration Drift

Ensure repository settings stay consistent with policy, even if someone manually changes them through the GitHub UI.

Scale Policy Management

Manage thousands of repositories with a small set of configuration files instead of manually configuring each one.

File Structure Example

admin/
├── .github/
│   ├── settings.yml              # Org-wide defaults
│   ├── suborgs/
│   │   ├── frontend-team.yml     # Frontend repo settings
│   │   ├── backend-team.yml      # Backend repo settings
│   │   └── security-critical.yml # High-security repos
│   └── repos/
│       ├── api-service.yml       # Specific repo overrides
│       └── public-docs.yml       # Public repo settings
└── deployment-settings.yml        # Runtime config & validators

Next Steps

1

Start with Basic Setup

Begin with the Basic Setup example to create your first organization-wide configuration.
2

Add Branch Protection

Secure your codebase with Branch Protection rules.
3

Configure Team Access

Set up Team Management with pattern-based access control.
4

Scale with Multi-Level Configs

Learn Multi-Level Configuration for complex organizations.
5

Add Custom Validation

Implement Custom Validation rules for your specific policies.

Tips for Success

Begin with org-level settings and only add suborg/repo overrides when needed.
Set up CODEOWNERS in your admin repo so different teams can manage their suborg configs.
Always test changes in a pull request first - Safe Settings will validate in dry-run mode.
Watch the safe-settings check runs to see what changes are being applied.

Build docs developers (and LLMs) love

Get started for freeTalk to us