GitHub Action
GitHub Team Sync
This is a GitHub action to synchronize GitHub Teams with the contents of a teams document in an organization repository.
-
Choose or create a repository in your organization for this action. If your organization is already using a
.github
repository to manage GitHub files like Issue and PR templates across the organization, that's a good choice. -
Create a
.github/teams.yml
file in that repository with the following format:designers: description: The amazing design team slack: "#design-team" members: - name: Alice Smith github: alicesmith - name: Bob Jones github: bjonesdev fighters: members: - name: Dave Grohl github: dgrohl - name: Taylor Hawkins github: taylorhawk1
For the team sync, what's important is that the outer object maps each team name to an object with a
members
array of objects containing agithub
key. Any other fields can be included in themembers
objects (e.g.name
,email
, etc.) butgithub
is the required one that declares which GitHub users should be part of each team.If you provide a
description
field alongside themembers
array, this description will be synced to the GitHub Team's description. Any other fields can be included alongside these two (e.g. Slack channel, Trello board URL, etc.), though they will be ignored by the action. -
As an organization administrator, generate a Personal Access Token with the
admin:org
scope. Enable SSO for the token if necessary for your organization. (Theadmin:org
scope is necessary to manage GitHub Teams.) If your repository is private, you also need to include therepo
scope. -
In the repository settings, create a new Secret called
ORG_ADMIN_ACCESS_TOKEN
to store the token. (The name of the secret is not important, as long you use that name to configure therepo-token
secret below.) -
Create a
.github/workflows/team_sync.yml
file like this:name: 'Team Sync' on: push: branches: - main paths: - '.github/teams.yml' jobs: synchronize-teams: runs-on: ubuntu-latest steps: - uses: rmacklin/team-sync@v0 with: repo-token: "${{ secrets.ORG_ADMIN_ACCESS_TOKEN }}"
Now your team can create pull requests that update the teams.yml
file and when
they are merged to main
, the GitHub Teams in your organization will be
created/updated according to those changes!
For large organizations, it may be more appropriate/practical to manage teams
within a subdivision of the larger organization. However, team names still have
to be unique across the whole GitHub organization. To support this, you can
specify the prefix-teams-with
attribute in the action configuration:
.github/workflows/team_sync.yml
:
name: 'Team Sync'
on:
push:
branches:
- main
paths:
- '.github/teams.yml'
jobs:
synchronize-teams:
runs-on: ubuntu-latest
steps:
- uses: rmacklin/team-sync@v0
with:
repo-token: "${{ secrets.ORG_ADMIN_ACCESS_TOKEN }}"
prefix-teams-with: 'foo'
.github/teams.yml
:
designers:
description: The amazing design team
members:
- name: Alice Smith
github: alicesmith
- name: Bob Jones
github: bjonesdev
fighters:
members:
- name: Dave Grohl
github: dgrohl
- name: Taylor Hawkins
github: taylorhawk1
This configuration would create the teams foo designers
and foo fighters
(rather than designers
and fighters
).
By default, the action looks for the team data in the .github/teams.yml
file
in your repository. You can specify the team-data-path
option to change this.
(Note that you'll also want to change the paths
configuration specified in the
workflow definition.) For example, if you want to keep teams.yml
in the root
of your repository, you could use:
name: 'Team Sync'
on:
push:
branches:
- main
paths:
- 'teams.yml'
jobs:
synchronize-teams:
runs-on: ubuntu-latest
steps:
- uses: rmacklin/team-sync@v0
with:
repo-token: "${{ secrets.ORG_ADMIN_ACCESS_TOKEN }}"
team-data-path: 'teams.yml'
You can add "team_sync_ignored": true
to a team's properties to prevent that
team from being synchronized with a corresponding GitHub Team.
Note that if you rename a team (in a way that updates the team's computed slug), this action will create a new team with the new name, rather than updating the old team. This action will not delete any teams since doing so is very destructive and difficult to reverse. (Even if you are using this action to manage GitHub teams, it still permits the existence of other teams in the organization that are managed elsewhere.) So, if you want to rename a team in a way that changes its slug, you should rename the GitHub Team before you update your teams document with the new name. Otherwise you'll need to manually delete the old GitHub Team after this action creates a new GitHub Team using the new name.