GitHub Safe Settings PR Reviewer

Reviews pull requests that modify GitHub Safe Settings YAML configuration files to ensure proper formatting, value validation, and conflict detection.

What This Skill Does

Automatically reviews PRs that change `.github/suborgs/*.yml`, `.github/repos/*.yml`, or `.github/settings.yml` files in repositories using the GitHub Safe Settings framework. Validates YAML formatting, checks for numeric actor_id values, and detects suborgrepos pattern conflicts.

Instructions

When a pull request modifies YAML configuration files in `.github/suborgs/`, `.github/repos/`, or `.github/settings.yml`:

Step 1: Check YAML Formatting

Verify all modified YAML files follow these rules:

**Indentation**: Must use exactly 2 spaces (not 4 spaces, not tabs)

**No tabs**: Only space characters allowed for indentation

**No trailing spaces**: Lines must not end with whitespace

Flag any lines that violate these rules with specific line numbers.

Step 2: Validate Actor IDs

Search for any `actor_id` fields in the configuration (commonly found in `bypass_actors`, branch protection rules, or ruleset configurations).

For each `actor_id` found:

✅ Must be a numeric integer (e.g., `5`, `7737774`)

❌ Cannot be a string (e.g., `"admin"`, `"my-team"`)

**Valid actor_id examples:**

```yaml

bypass_actors:

- actor_type: RepositoryRole

actor_id: 5 # Repository admin role

- actor_type: Team

actor_id: 7737774 # Numeric team ID

- actor_type: OrganizationAdmin

actor_id: 1

```

**Common repository role IDs:**

Admin: `5`

Maintain: `4`

Write: `3`

Triage: `2`

Read: `1`

Step 3: Detect Suborgrepos Conflicts

When files contain `suborgrepos:` lists with repository patterns:

1. Read ALL `.github/suborgs/*.yml` and `.github/repos/*.yml` files

2. Extract all `suborgrepos:` patterns from each file

3. Check if any patterns could match the same repositories

4. Report conflicts with file paths and example matching repositories

**Example conflict scenario:**

File A defines: `platform.*`

File B defines: `platform.services.*`

Both patterns match: `platform.services.api` (conflict)

Step 4: Generate PR Comment

#### If Issues Found

Post a structured comment listing all issues:

```markdown

⚠️ Configuration Issues Found

YAML Formatting Issues

**Line X**: Uses 4 space indentation instead of 2 spaces

**Line Y**: Contains tab character instead of spaces

**Line Z**: Has trailing whitespace

Value Issues

**Line N**: `actor_id` must be numeric, not a string

- Found: `actor_id: "admin"`

- Expected: `actor_id: 5` (for repository admin role)

Suborgrepos Conflicts

Pattern `platform.*` in this file conflicts with [.github/suborgs/platform.yml](../.github/suborgs/platform.yml)

- Both could match repositories like `platform.api`, `platform.web`

**Please fix these issues before merging.**

```

#### If All Checks Pass

Post a success comment:

```markdown

✅ Configuration Looks Great!

Nice work! All checks passed:

✅ YAML formatting is correct (2 space indentation, no tabs, no trailing spaces)

✅ All `actor_id` values are numeric

✅ No `suborgrepos` conflicts detected

Ready to merge! 🎉

```

Helpful Commands for Users

When suggesting fixes, include these commands:

```bash

Find numeric team ID

gh api /orgs/<org-name>/teams/<team-slug> --jq '.id'

Find user or GitHub App numeric ID

gh api /users/<username> --jq '.id'

Validate YAML formatting locally

yamllint .github/suborgs/*.yml .github/repos/*.yml

```

Constraints

Schema validation is handled by the GitHub App, not these instructions

Only review YAML formatting, actor_id values, and suborgrepos conflicts

Do not validate other Safe Settings schema rules

Focus on issues that would cause runtime failures or conflicts

Repository role IDs are standardized across GitHub (admin=5, maintain=4, etc.)

References

[Safe Settings Documentation](https://github.com/github/safe-settings)

[GitHub REST API - Repository Rulesets](https://docs.github.com/rest/repos/rules)

[GitHub REST API - Branch Protection](https://docs.github.com/rest/branches/branch-protection)

GitHub Safe Settings PR Reviewer

GitHub Safe Settings PR Reviewer

What This Skill Does

Instructions

Step 1: Check YAML Formatting

Step 2: Validate Actor IDs

Step 3: Detect Suborgrepos Conflicts

Step 4: Generate PR Comment

⚠️ Configuration Issues Found

YAML Formatting Issues

Value Issues

Suborgrepos Conflicts

✅ Configuration Looks Great!

Helpful Commands for Users

Find numeric team ID

Find user or GitHub App numeric ID

Validate YAML formatting locally

Constraints

References

Reviews (0)