“Prevent Public Repos”を導入してPublicなGithubリポジトリが作成されたら通知させる

$ uname -moi
x86_64 MacBookPro16,1 Darwin

$ bash -version | head -n 1
GNU bash, version 5.1.8(1)-release (x86_64-apple-darwin20.3.0)

$ gh --version
gh version 1.10.2 (2021-05-19)
https://github.com/cli/cli/releases/tag/v1.10.2

$ gh repo create --private MY_ORG/org-settings
? This will create the "MY_ORG/org-settings" repository on GitHub. Continue? Yes
✓ Created repository MY_ORG/org-settings on GitHub
? Create a local project directory for "MY_ORG/org-settings"? Yes
hint: Using 'master' as the name for the initial branch. This default branch name
hint: is subject to change. To configure the initial branch name to use in all
hint: of your new repositories, which will suppress this warning, call:
hint:
hint:   git config --global init.defaultBranch <name>
hint:
hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
hint: 'development'. The just-created branch can be renamed via this command:
hint:
hint:   git branch -m <name>
Initialized empty Git repository in /tmp/work/org-settings/.git/
✓ Initialized repository in "org-settings"

$ ls
org-settings

$ cd org-settings/

$ mkdir -p .github/

$ cat <<'EOF' >.github/prevent-public-repos.yaml
# Configuration for Prevent-Public-Repos

# Turn on Monitor Mode. In this mode the repo visibility is not modified and only an Issue is created
monitorOnly: true

# Enables detection of repos that change visibility from private to public (not just newly created ones)
enablePrivateToPublic: false

# Issue Title when repo is privatized
privatizedIssueTitle: '[CRITICAL] Public Repositories are Disabled for this Org'

# Issue Body when repo is privatized
privatizedIssueBody: 'NOTE: Public Repos are disabled for this organization! Repository was automatically converted to a Private Repo. Please contact an admin to override.'

# Issue Title when monitor mode is enabled
monitorIssueTitle: '[CRITICAL] Public Repository Created'

# Issue Body when monitor mode is enable
monitorIssueBody: 'Please note that this repository is publicly visible to the internet!'

# Users/Groups that should be cc'ed on the issue. Should be users/groups separated by a space.
# ccList: '@user123 @user456'

# Repos to  exclude in detection. Should be a List of Strings.
# excludeRepos: ['repo1', 'repo2']
EOF

$ git add .

$ git commit -m "first commit."
[master (root-commit) b856e5c] first commit.
 1 file changed, 25 insertions(+)
 create mode 100644 .github/prevent-public-repos.yaml

$ git push origin master
Enumerating objects: 4, done.
Counting objects: 100% (4/4), done.
Delta compression using up to 16 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (4/4), 785 bytes | 785.00 KiB/s, done.
Total 4 (delta 0), reused 0 (delta 0), pack-reused 0
To github.com:MY_ORG/org-settings.git
 * [new branch]      master -> master

$ gh repo create --public MY_ORG/invalid-public-repo-sample
? This will create the "MY_ORG/invalid-public-repo-sample" repository on GitHub. Continue? Yes
✓ Created repository MY_ORG/invalid-public-repo-sample on GitHub
? Create a local project directory for "MY_ORG/invalid-public-repo-sample"? Yes
hint: Using 'master' as the name for the initial branch. This default branch name
hint: is subject to change. To configure the initial branch name to use in all
hint: of your new repositories, which will suppress this warning, call:
hint:
hint:   git config --global init.defaultBranch <name>
hint:
hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
hint: 'development'. The just-created branch can be renamed via this command:
hint:
hint:   git branch -m <name>
Initialized empty Git repository in /private/tmp/work/invalid-public-repo-sample/.git/
✓ Initialized repository in "invalid-public-repo-sample"

$ gh repo view --web