From 1f25196edb6366e1f5c40c83796c49c1d3cebf3b Mon Sep 17 00:00:00 2001
From: Pavel Popov <popoffpavel@yandex.ru>
Date: Mon, 28 Feb 2022 11:12:31 +0300
Subject: [PATCH] Initial

---
 README.md              | 37 +++++++++++++++++++++++++++++++++++++
 allstar.yaml           |  3 +++
 binary_artifacts.yaml  |  4 ++++
 branch_protection.yaml |  9 +++++++++
 outside.yaml           |  4 ++++
 security.yaml          |  4 ++++
 6 files changed, 61 insertions(+)
 create mode 100644 README.md
 create mode 100644 allstar.yaml
 create mode 100644 binary_artifacts.yaml
 create mode 100644 branch_protection.yaml
 create mode 100644 outside.yaml
 create mode 100644 security.yaml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..32dc6eb
--- /dev/null
+++ b/README.md
@@ -0,0 +1,37 @@
+# Allstar configuration for `valitydev`
+
+[Allstar](https://github.com/ossf/allstar) is a security-policy GitHubApp. It is
+installed on this org, and this repo contains the configuration for that app. It
+is configured to create issues on repos that do not comply with the configured
+policy.
+
+## Enabled Repos
+
+Allstar is configured in opt-out.
+
+## Policy Configuration
+
+These are the expected settings to be in compliance
+
+### [Branch Protection](branch_protection.yaml)
+
+|                       |         |
+| --------------------- | ------- |
+| Branches enforced     | default |
+| Require approval      | yes     |
+| Approvals required    | 1       |
+| Dismiss stale reviews | yes     |
+| Block force push      | yes     |
+
+### [Binary Artifacts](binary_artifacts.yaml)
+
+- Binary artifacts not allowed.
+
+### [Outside Collaborators](outside.yaml)
+
+- Push access allowed.
+- Admin access not allowed.
+
+### [SECURITY.md](security.yaml)
+
+- SECURITY.md required.
diff --git a/allstar.yaml b/allstar.yaml
new file mode 100644
index 0000000..471fdf4
--- /dev/null
+++ b/allstar.yaml
@@ -0,0 +1,3 @@
+optConfig:
+  optOutStrategy: true
+  disableRepoOverride: true
diff --git a/binary_artifacts.yaml b/binary_artifacts.yaml
new file mode 100644
index 0000000..863c0ca
--- /dev/null
+++ b/binary_artifacts.yaml
@@ -0,0 +1,4 @@
+optConfig:
+  optOutStrategy: true
+  disableRepoOverride: true
+action: issue
diff --git a/branch_protection.yaml b/branch_protection.yaml
new file mode 100644
index 0000000..7889c1a
--- /dev/null
+++ b/branch_protection.yaml
@@ -0,0 +1,9 @@
+optConfig:
+  optOutStrategy: true
+  disableRepoOverride: true
+action: issue
+enforceDefault: true
+requireApproval: true
+approvalCount: 1
+dismissStale: true
+blockForce: true
diff --git a/outside.yaml b/outside.yaml
new file mode 100644
index 0000000..863c0ca
--- /dev/null
+++ b/outside.yaml
@@ -0,0 +1,4 @@
+optConfig:
+  optOutStrategy: true
+  disableRepoOverride: true
+action: issue
diff --git a/security.yaml b/security.yaml
new file mode 100644
index 0000000..863c0ca
--- /dev/null
+++ b/security.yaml
@@ -0,0 +1,4 @@
+optConfig:
+  optOutStrategy: true
+  disableRepoOverride: true
+action: issue