Problem
A few public-repo trust settings cannot be fully verified from the current private/account-limited state. Branch protection returns a GitHub tier/public-repo restriction while the repository is private, and some security endpoints are not available for this repo state.
Desired end state
- Hosted GitHub Actions remain disabled for the launch repository; public launch uses local release/preflight evidence.
- Protect
main without required hosted status checks.
- Require PR review/conversation resolution and prevent force pushes/deletions on
main.
- Enable private vulnerability reporting and secret scanning/push protection if GitHub exposes them for the repository/account.
- Confirm Dependabot vulnerability alerts remain enabled.
Current evidence
- Issues and Discussions are enabled.
- Hosted GitHub Actions are disabled for the local-CI launch policy.
- Dependabot vulnerability alerts are enabled.
- Branch protection API currently reports that the feature requires GitHub Pro or a public repository while private.
- Private vulnerability reporting/secret scanning endpoints may need final application immediately after the public flip.
Validation
Before public visibility:
scripts/configure_github_launch_settings.sh --repo akratch/mgb64 --yes
NO_COLOR=1 scripts/check_github_launch_ready.sh --repo akratch/mgb64 --allow-private
After public visibility:
scripts/configure_github_launch_settings.sh --repo akratch/mgb64 --yes
NO_COLOR=1 scripts/check_github_launch_ready.sh --repo akratch/mgb64
Do not require hosted status checks unless the project deliberately re-enables hosted Actions later and the billing/policy decision changes.
Problem
A few public-repo trust settings cannot be fully verified from the current private/account-limited state. Branch protection returns a GitHub tier/public-repo restriction while the repository is private, and some security endpoints are not available for this repo state.
Desired end state
mainwithout required hosted status checks.main.Current evidence
Validation
Before public visibility:
After public visibility:
Do not require hosted status checks unless the project deliberately re-enables hosted Actions later and the billing/policy decision changes.