From 53a1c7546af7631ca8602f647245585a5f73029a Mon Sep 17 00:00:00 2001
From: neatcoder <28711376+neatcoder@users.noreply.github.com>
Date: Wed, 24 Jun 2026 13:51:28 -0300
Subject: [PATCH] Add include/exclude repo filters to team settings
Team entries are filtered by the same Diffable include/exclude logic that
collaborators use, but unlike collaborators those keys were never part of the
TeamSettings schema or documented, so editors and linters can't validate them.
Mirror the CollaboratorSettings allOf pattern to declare include and exclude on
TeamSettings, document both in the teams guide with examples, add a sample, and
cover the filter path with unit tests. No runtime changes.
---
docs/github-settings/4. teams.md | 28 ++++
docs/sample-settings/settings.yml | 10 ++
schema/dereferenced/repos.json | 222 +++++++++++++++----------
schema/dereferenced/settings.json | 240 +++++++++++++++++-----------
schema/dereferenced/suborgs.json | 222 +++++++++++++++----------
schema/repos.json | 25 ++-
schema/settings.json | 25 ++-
schema/suborgs.json | 25 ++-
test/unit/lib/plugins/teams.test.js | 47 ++++++
9 files changed, 568 insertions(+), 276 deletions(-)
diff --git a/docs/github-settings/4. teams.md b/docs/github-settings/4. teams.md
index e6085ebcd..1bd035969 100644
--- a/docs/github-settings/4. teams.md
+++ b/docs/github-settings/4. teams.md
@@ -48,5 +48,33 @@ teams:
permission: maintain
```
+
+|
+ exclude array
+Exclude a list of repos for this team. The team is applied to every repo in scope except those whose names match one of these glob patterns.
+ |
+
+```yaml
+teams:
+ - name: SuperFriends
+ permission: maintain
+ exclude:
+ - secret-repo
+```
+
+ |
+|
+ include array
+Include a list of repos for this team. The team is applied only to repos whose names match one of these glob patterns.
+ |
+
+```yaml
+teams:
+ - name: SuperFriends
+ permission: maintain
+ include:
+ - public-*
+```
+
|
diff --git a/docs/sample-settings/settings.yml b/docs/sample-settings/settings.yml
index 1ede6a079..6d12884ec 100644
--- a/docs/sample-settings/settings.yml
+++ b/docs/sample-settings/settings.yml
@@ -161,6 +161,16 @@ teams:
- name: globalteam
permission: push
visibility: closed
+ - name: docs-team
+ permission: pull
+ # You can include a list of repos for this team and only those repos would have this team
+ include:
+ - actions-demo
+ - name: ops-team
+ permission: push
+ # You can exclude a list of repos for this team and all repos except these repos would have this team
+ exclude:
+ - actions-demo
# Branch protection rules
# See https://docs.github.com/en/rest/branches/branch-protection?apiVersion=2026-03-10#update-branch-protection for available options
diff --git a/schema/dereferenced/repos.json b/schema/dereferenced/repos.json
index 9213456a0..15061706e 100644
--- a/schema/dereferenced/repos.json
+++ b/schema/dereferenced/repos.json
@@ -400,53 +400,76 @@
"type": "array",
"items": {
"description": "A team entry",
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "description": "The name of the team."
- },
- "description": {
- "type": "string",
- "description": "The description of the team."
- },
- "maintainers": {
- "type": "array",
- "description": "List GitHub usernames for organization members who will become team maintainers.",
- "items": {
- "type": "string"
- }
- },
- "repo_names": {
- "type": "array",
- "description": "The full name (e.g., \"organization-name/repository-name\") of repositories to add the team to.",
- "items": {
- "type": "string"
- }
- },
- "privacy": {
- "type": "string",
- "description": "The level of privacy this team should have. The options are: \n**For a non-nested team:** \n * `secret` - only visible to organization owners and members of this team. \n * `closed` - visible to all members of this organization. \nDefault: `secret` \n**For a parent or child team:** \n * `closed` - visible to all members of this organization. \nDefault for child team: `closed`",
- "enum": [
- "secret",
- "closed"
- ]
- },
- "notification_setting": {
- "type": "string",
- "description": "The notification setting the team has chosen. The options are: \n * `notifications_enabled` - team members receive notifications when the team is @mentioned. \n * `notifications_disabled` - no one receives notifications. \nDefault: `notifications_enabled`",
- "enum": [
- "notifications_enabled",
- "notifications_disabled"
+ "allOf": [
+ {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "description": "The name of the team."
+ },
+ "description": {
+ "type": "string",
+ "description": "The description of the team."
+ },
+ "maintainers": {
+ "type": "array",
+ "description": "List GitHub usernames for organization members who will become team maintainers.",
+ "items": {
+ "type": "string"
+ }
+ },
+ "repo_names": {
+ "type": "array",
+ "description": "The full name (e.g., \"organization-name/repository-name\") of repositories to add the team to.",
+ "items": {
+ "type": "string"
+ }
+ },
+ "privacy": {
+ "type": "string",
+ "description": "The level of privacy this team should have. The options are: \n**For a non-nested team:** \n * `secret` - only visible to organization owners and members of this team. \n * `closed` - visible to all members of this organization. \nDefault: `secret` \n**For a parent or child team:** \n * `closed` - visible to all members of this organization. \nDefault for child team: `closed`",
+ "enum": [
+ "secret",
+ "closed"
+ ]
+ },
+ "notification_setting": {
+ "type": "string",
+ "description": "The notification setting the team has chosen. The options are: \n * `notifications_enabled` - team members receive notifications when the team is @mentioned. \n * `notifications_disabled` - no one receives notifications. \nDefault: `notifications_enabled`",
+ "enum": [
+ "notifications_enabled",
+ "notifications_disabled"
+ ]
+ },
+ "parent_team_id": {
+ "type": "integer",
+ "description": "The ID of a team to set as the parent team."
+ }
+ },
+ "required": [
+ "name"
]
},
- "parent_team_id": {
- "type": "integer",
- "description": "The ID of a team to set as the parent team."
+ {
+ "type": "object",
+ "properties": {
+ "exclude": {
+ "description": "You can exclude a list of repos for this team and all repos except these repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "include": {
+ "description": "You can include a list of repos for this team and only those repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
}
- },
- "required": [
- "name"
]
}
},
@@ -1214,53 +1237,76 @@
},
"TeamSettings": {
"description": "A team entry",
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "description": "The name of the team."
- },
- "description": {
- "type": "string",
- "description": "The description of the team."
- },
- "maintainers": {
- "type": "array",
- "description": "List GitHub usernames for organization members who will become team maintainers.",
- "items": {
- "type": "string"
- }
- },
- "repo_names": {
- "type": "array",
- "description": "The full name (e.g., \"organization-name/repository-name\") of repositories to add the team to.",
- "items": {
- "type": "string"
- }
- },
- "privacy": {
- "type": "string",
- "description": "The level of privacy this team should have. The options are: \n**For a non-nested team:** \n * `secret` - only visible to organization owners and members of this team. \n * `closed` - visible to all members of this organization. \nDefault: `secret` \n**For a parent or child team:** \n * `closed` - visible to all members of this organization. \nDefault for child team: `closed`",
- "enum": [
- "secret",
- "closed"
- ]
- },
- "notification_setting": {
- "type": "string",
- "description": "The notification setting the team has chosen. The options are: \n * `notifications_enabled` - team members receive notifications when the team is @mentioned. \n * `notifications_disabled` - no one receives notifications. \nDefault: `notifications_enabled`",
- "enum": [
- "notifications_enabled",
- "notifications_disabled"
+ "allOf": [
+ {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "description": "The name of the team."
+ },
+ "description": {
+ "type": "string",
+ "description": "The description of the team."
+ },
+ "maintainers": {
+ "type": "array",
+ "description": "List GitHub usernames for organization members who will become team maintainers.",
+ "items": {
+ "type": "string"
+ }
+ },
+ "repo_names": {
+ "type": "array",
+ "description": "The full name (e.g., \"organization-name/repository-name\") of repositories to add the team to.",
+ "items": {
+ "type": "string"
+ }
+ },
+ "privacy": {
+ "type": "string",
+ "description": "The level of privacy this team should have. The options are: \n**For a non-nested team:** \n * `secret` - only visible to organization owners and members of this team. \n * `closed` - visible to all members of this organization. \nDefault: `secret` \n**For a parent or child team:** \n * `closed` - visible to all members of this organization. \nDefault for child team: `closed`",
+ "enum": [
+ "secret",
+ "closed"
+ ]
+ },
+ "notification_setting": {
+ "type": "string",
+ "description": "The notification setting the team has chosen. The options are: \n * `notifications_enabled` - team members receive notifications when the team is @mentioned. \n * `notifications_disabled` - no one receives notifications. \nDefault: `notifications_enabled`",
+ "enum": [
+ "notifications_enabled",
+ "notifications_disabled"
+ ]
+ },
+ "parent_team_id": {
+ "type": "integer",
+ "description": "The ID of a team to set as the parent team."
+ }
+ },
+ "required": [
+ "name"
]
},
- "parent_team_id": {
- "type": "integer",
- "description": "The ID of a team to set as the parent team."
+ {
+ "type": "object",
+ "properties": {
+ "exclude": {
+ "description": "You can exclude a list of repos for this team and all repos except these repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "include": {
+ "description": "You can include a list of repos for this team and only those repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
}
- },
- "required": [
- "name"
]
},
"MilestoneSettings": {
diff --git a/schema/dereferenced/settings.json b/schema/dereferenced/settings.json
index 4dcdf0eb6..b118f39f7 100644
--- a/schema/dereferenced/settings.json
+++ b/schema/dereferenced/settings.json
@@ -421,62 +421,85 @@
"type": "array",
"items": {
"description": "A team entry",
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "description": "The name of the team."
- },
- "description": {
- "type": "string",
- "description": "The description of the team."
- },
- "maintainers": {
- "type": "array",
- "description": "List GitHub usernames for organization members who will become team maintainers.",
- "items": {
- "type": "string"
- }
- },
- "repo_names": {
- "type": "array",
- "description": "The full name (e.g., \"organization-name/repository-name\") of repositories to add the team to.",
- "items": {
- "type": "string"
- }
- },
- "privacy": {
- "type": "string",
- "description": "The level of privacy this team should have. The options are: \n**For a non-nested team:** \n * `secret` - only visible to organization owners and members of this team. \n * `closed` - visible to all members of this organization. \nDefault: `secret` \n**For a parent or child team:** \n * `closed` - visible to all members of this organization. \nDefault for child team: `closed`",
- "enum": [
- "secret",
- "closed"
- ]
- },
- "notification_setting": {
- "type": "string",
- "description": "The notification setting the team has chosen. The options are: \n * `notifications_enabled` - team members receive notifications when the team is @mentioned. \n * `notifications_disabled` - no one receives notifications. \nDefault: `notifications_enabled`",
- "enum": [
- "notifications_enabled",
- "notifications_disabled"
+ "allOf": [
+ {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "description": "The name of the team."
+ },
+ "description": {
+ "type": "string",
+ "description": "The description of the team."
+ },
+ "maintainers": {
+ "type": "array",
+ "description": "List GitHub usernames for organization members who will become team maintainers.",
+ "items": {
+ "type": "string"
+ }
+ },
+ "repo_names": {
+ "type": "array",
+ "description": "The full name (e.g., \"organization-name/repository-name\") of repositories to add the team to.",
+ "items": {
+ "type": "string"
+ }
+ },
+ "privacy": {
+ "type": "string",
+ "description": "The level of privacy this team should have. The options are: \n**For a non-nested team:** \n * `secret` - only visible to organization owners and members of this team. \n * `closed` - visible to all members of this organization. \nDefault: `secret` \n**For a parent or child team:** \n * `closed` - visible to all members of this organization. \nDefault for child team: `closed`",
+ "enum": [
+ "secret",
+ "closed"
+ ]
+ },
+ "notification_setting": {
+ "type": "string",
+ "description": "The notification setting the team has chosen. The options are: \n * `notifications_enabled` - team members receive notifications when the team is @mentioned. \n * `notifications_disabled` - no one receives notifications. \nDefault: `notifications_enabled`",
+ "enum": [
+ "notifications_enabled",
+ "notifications_disabled"
+ ]
+ },
+ "permission": {
+ "type": "string",
+ "description": "**Closing down notice**. The permission that new repositories will be added to the team with when none is specified.",
+ "enum": [
+ "pull",
+ "push"
+ ],
+ "default": "pull"
+ },
+ "parent_team_id": {
+ "type": "integer",
+ "description": "The ID of a team to set as the parent team."
+ }
+ },
+ "required": [
+ "name"
]
},
- "permission": {
- "type": "string",
- "description": "**Closing down notice**. The permission that new repositories will be added to the team with when none is specified.",
- "enum": [
- "pull",
- "push"
- ],
- "default": "pull"
- },
- "parent_team_id": {
- "type": "integer",
- "description": "The ID of a team to set as the parent team."
+ {
+ "type": "object",
+ "properties": {
+ "exclude": {
+ "description": "You can exclude a list of repos for this team and all repos except these repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "include": {
+ "description": "You can include a list of repos for this team and only those repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
}
- },
- "required": [
- "name"
]
}
},
@@ -2392,53 +2415,76 @@
},
"TeamSettings": {
"description": "A team entry",
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "description": "The name of the team."
- },
- "description": {
- "type": "string",
- "description": "The description of the team."
- },
- "maintainers": {
- "type": "array",
- "description": "List GitHub usernames for organization members who will become team maintainers.",
- "items": {
- "type": "string"
- }
- },
- "repo_names": {
- "type": "array",
- "description": "The full name (e.g., \"organization-name/repository-name\") of repositories to add the team to.",
- "items": {
- "type": "string"
- }
- },
- "privacy": {
- "type": "string",
- "description": "The level of privacy this team should have. The options are: \n**For a non-nested team:** \n * `secret` - only visible to organization owners and members of this team. \n * `closed` - visible to all members of this organization. \nDefault: `secret` \n**For a parent or child team:** \n * `closed` - visible to all members of this organization. \nDefault for child team: `closed`",
- "enum": [
- "secret",
- "closed"
- ]
- },
- "notification_setting": {
- "type": "string",
- "description": "The notification setting the team has chosen. The options are: \n * `notifications_enabled` - team members receive notifications when the team is @mentioned. \n * `notifications_disabled` - no one receives notifications. \nDefault: `notifications_enabled`",
- "enum": [
- "notifications_enabled",
- "notifications_disabled"
+ "allOf": [
+ {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "description": "The name of the team."
+ },
+ "description": {
+ "type": "string",
+ "description": "The description of the team."
+ },
+ "maintainers": {
+ "type": "array",
+ "description": "List GitHub usernames for organization members who will become team maintainers.",
+ "items": {
+ "type": "string"
+ }
+ },
+ "repo_names": {
+ "type": "array",
+ "description": "The full name (e.g., \"organization-name/repository-name\") of repositories to add the team to.",
+ "items": {
+ "type": "string"
+ }
+ },
+ "privacy": {
+ "type": "string",
+ "description": "The level of privacy this team should have. The options are: \n**For a non-nested team:** \n * `secret` - only visible to organization owners and members of this team. \n * `closed` - visible to all members of this organization. \nDefault: `secret` \n**For a parent or child team:** \n * `closed` - visible to all members of this organization. \nDefault for child team: `closed`",
+ "enum": [
+ "secret",
+ "closed"
+ ]
+ },
+ "notification_setting": {
+ "type": "string",
+ "description": "The notification setting the team has chosen. The options are: \n * `notifications_enabled` - team members receive notifications when the team is @mentioned. \n * `notifications_disabled` - no one receives notifications. \nDefault: `notifications_enabled`",
+ "enum": [
+ "notifications_enabled",
+ "notifications_disabled"
+ ]
+ },
+ "parent_team_id": {
+ "type": "integer",
+ "description": "The ID of a team to set as the parent team."
+ }
+ },
+ "required": [
+ "name"
]
},
- "parent_team_id": {
- "type": "integer",
- "description": "The ID of a team to set as the parent team."
+ {
+ "type": "object",
+ "properties": {
+ "exclude": {
+ "description": "You can exclude a list of repos for this team and all repos except these repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "include": {
+ "description": "You can include a list of repos for this team and only those repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
}
- },
- "required": [
- "name"
]
},
"MilestoneSettings": {
diff --git a/schema/dereferenced/suborgs.json b/schema/dereferenced/suborgs.json
index 0267bf7a8..5824a4879 100644
--- a/schema/dereferenced/suborgs.json
+++ b/schema/dereferenced/suborgs.json
@@ -434,53 +434,76 @@
"type": "array",
"items": {
"description": "A team entry",
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "description": "The name of the team."
- },
- "description": {
- "type": "string",
- "description": "The description of the team."
- },
- "maintainers": {
- "type": "array",
- "description": "List GitHub usernames for organization members who will become team maintainers.",
- "items": {
- "type": "string"
- }
- },
- "repo_names": {
- "type": "array",
- "description": "The full name (e.g., \"organization-name/repository-name\") of repositories to add the team to.",
- "items": {
- "type": "string"
- }
- },
- "privacy": {
- "type": "string",
- "description": "The level of privacy this team should have. The options are: \n**For a non-nested team:** \n * `secret` - only visible to organization owners and members of this team. \n * `closed` - visible to all members of this organization. \nDefault: `secret` \n**For a parent or child team:** \n * `closed` - visible to all members of this organization. \nDefault for child team: `closed`",
- "enum": [
- "secret",
- "closed"
- ]
- },
- "notification_setting": {
- "type": "string",
- "description": "The notification setting the team has chosen. The options are: \n * `notifications_enabled` - team members receive notifications when the team is @mentioned. \n * `notifications_disabled` - no one receives notifications. \nDefault: `notifications_enabled`",
- "enum": [
- "notifications_enabled",
- "notifications_disabled"
+ "allOf": [
+ {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "description": "The name of the team."
+ },
+ "description": {
+ "type": "string",
+ "description": "The description of the team."
+ },
+ "maintainers": {
+ "type": "array",
+ "description": "List GitHub usernames for organization members who will become team maintainers.",
+ "items": {
+ "type": "string"
+ }
+ },
+ "repo_names": {
+ "type": "array",
+ "description": "The full name (e.g., \"organization-name/repository-name\") of repositories to add the team to.",
+ "items": {
+ "type": "string"
+ }
+ },
+ "privacy": {
+ "type": "string",
+ "description": "The level of privacy this team should have. The options are: \n**For a non-nested team:** \n * `secret` - only visible to organization owners and members of this team. \n * `closed` - visible to all members of this organization. \nDefault: `secret` \n**For a parent or child team:** \n * `closed` - visible to all members of this organization. \nDefault for child team: `closed`",
+ "enum": [
+ "secret",
+ "closed"
+ ]
+ },
+ "notification_setting": {
+ "type": "string",
+ "description": "The notification setting the team has chosen. The options are: \n * `notifications_enabled` - team members receive notifications when the team is @mentioned. \n * `notifications_disabled` - no one receives notifications. \nDefault: `notifications_enabled`",
+ "enum": [
+ "notifications_enabled",
+ "notifications_disabled"
+ ]
+ },
+ "parent_team_id": {
+ "type": "integer",
+ "description": "The ID of a team to set as the parent team."
+ }
+ },
+ "required": [
+ "name"
]
},
- "parent_team_id": {
- "type": "integer",
- "description": "The ID of a team to set as the parent team."
+ {
+ "type": "object",
+ "properties": {
+ "exclude": {
+ "description": "You can exclude a list of repos for this team and all repos except these repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "include": {
+ "description": "You can include a list of repos for this team and only those repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
}
- },
- "required": [
- "name"
]
}
},
@@ -1248,53 +1271,76 @@
},
"TeamSettings": {
"description": "A team entry",
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "description": "The name of the team."
- },
- "description": {
- "type": "string",
- "description": "The description of the team."
- },
- "maintainers": {
- "type": "array",
- "description": "List GitHub usernames for organization members who will become team maintainers.",
- "items": {
- "type": "string"
- }
- },
- "repo_names": {
- "type": "array",
- "description": "The full name (e.g., \"organization-name/repository-name\") of repositories to add the team to.",
- "items": {
- "type": "string"
- }
- },
- "privacy": {
- "type": "string",
- "description": "The level of privacy this team should have. The options are: \n**For a non-nested team:** \n * `secret` - only visible to organization owners and members of this team. \n * `closed` - visible to all members of this organization. \nDefault: `secret` \n**For a parent or child team:** \n * `closed` - visible to all members of this organization. \nDefault for child team: `closed`",
- "enum": [
- "secret",
- "closed"
- ]
- },
- "notification_setting": {
- "type": "string",
- "description": "The notification setting the team has chosen. The options are: \n * `notifications_enabled` - team members receive notifications when the team is @mentioned. \n * `notifications_disabled` - no one receives notifications. \nDefault: `notifications_enabled`",
- "enum": [
- "notifications_enabled",
- "notifications_disabled"
+ "allOf": [
+ {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "description": "The name of the team."
+ },
+ "description": {
+ "type": "string",
+ "description": "The description of the team."
+ },
+ "maintainers": {
+ "type": "array",
+ "description": "List GitHub usernames for organization members who will become team maintainers.",
+ "items": {
+ "type": "string"
+ }
+ },
+ "repo_names": {
+ "type": "array",
+ "description": "The full name (e.g., \"organization-name/repository-name\") of repositories to add the team to.",
+ "items": {
+ "type": "string"
+ }
+ },
+ "privacy": {
+ "type": "string",
+ "description": "The level of privacy this team should have. The options are: \n**For a non-nested team:** \n * `secret` - only visible to organization owners and members of this team. \n * `closed` - visible to all members of this organization. \nDefault: `secret` \n**For a parent or child team:** \n * `closed` - visible to all members of this organization. \nDefault for child team: `closed`",
+ "enum": [
+ "secret",
+ "closed"
+ ]
+ },
+ "notification_setting": {
+ "type": "string",
+ "description": "The notification setting the team has chosen. The options are: \n * `notifications_enabled` - team members receive notifications when the team is @mentioned. \n * `notifications_disabled` - no one receives notifications. \nDefault: `notifications_enabled`",
+ "enum": [
+ "notifications_enabled",
+ "notifications_disabled"
+ ]
+ },
+ "parent_team_id": {
+ "type": "integer",
+ "description": "The ID of a team to set as the parent team."
+ }
+ },
+ "required": [
+ "name"
]
},
- "parent_team_id": {
- "type": "integer",
- "description": "The ID of a team to set as the parent team."
+ {
+ "type": "object",
+ "properties": {
+ "exclude": {
+ "description": "You can exclude a list of repos for this team and all repos except these repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "include": {
+ "description": "You can include a list of repos for this team and only those repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
}
- },
- "required": [
- "name"
]
},
"MilestoneSettings": {
diff --git a/schema/repos.json b/schema/repos.json
index 3a7c51301..2d7fa869d 100644
--- a/schema/repos.json
+++ b/schema/repos.json
@@ -190,7 +190,30 @@
},
"TeamSettings": {
"description": "A team entry",
- "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1orgs~1{org}~1teams/post/requestBody/content/application~1json/schema"
+ "allOf": [
+ {
+ "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1orgs~1{org}~1teams/post/requestBody/content/application~1json/schema"
+ },
+ {
+ "type": "object",
+ "properties": {
+ "exclude": {
+ "description": "You can exclude a list of repos for this team and all repos except these repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "include": {
+ "description": "You can include a list of repos for this team and only those repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ ]
},
"MilestoneSettings": {
"description": "A milestone entry",
diff --git a/schema/settings.json b/schema/settings.json
index 59d662d50..11d749127 100644
--- a/schema/settings.json
+++ b/schema/settings.json
@@ -197,7 +197,30 @@
},
"TeamSettings": {
"description": "A team entry",
- "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1orgs~1{org}~1teams/post/requestBody/content/application~1json/schema"
+ "allOf": [
+ {
+ "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1orgs~1{org}~1teams/post/requestBody/content/application~1json/schema"
+ },
+ {
+ "type": "object",
+ "properties": {
+ "exclude": {
+ "description": "You can exclude a list of repos for this team and all repos except these repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "include": {
+ "description": "You can include a list of repos for this team and only those repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ ]
},
"MilestoneSettings": {
"description": "A milestone entry",
diff --git a/schema/suborgs.json b/schema/suborgs.json
index 3a3c79def..23a408d1b 100644
--- a/schema/suborgs.json
+++ b/schema/suborgs.json
@@ -224,7 +224,30 @@
},
"TeamSettings": {
"description": "A team entry",
- "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1orgs~1{org}~1teams/post/requestBody/content/application~1json/schema"
+ "allOf": [
+ {
+ "$ref": "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.2026-03-10.json#/paths/~1orgs~1{org}~1teams/post/requestBody/content/application~1json/schema"
+ },
+ {
+ "type": "object",
+ "properties": {
+ "exclude": {
+ "description": "You can exclude a list of repos for this team and all repos except these repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "include": {
+ "description": "You can include a list of repos for this team and only those repos would have this team",
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ ]
},
"MilestoneSettings": {
"description": "A milestone entry",
diff --git a/test/unit/lib/plugins/teams.test.js b/test/unit/lib/plugins/teams.test.js
index de16965a6..1ae9b569c 100644
--- a/test/unit/lib/plugins/teams.test.js
+++ b/test/unit/lib/plugins/teams.test.js
@@ -103,4 +103,51 @@ describe('Teams', () => {
)
}
})
+
+ describe('filtering teams by include/exclude', () => {
+ beforeEach(() => {
+ github.rest.repos.listTeams.mockResolvedValue({ data: [] })
+ })
+
+ it('does not add a team when the repo matches an exclude glob', async () => {
+ const plugin = configure([
+ { name: addedTeamName, permission: 'pull', exclude: ['test*'] }
+ ])
+
+ await plugin.sync()
+
+ expect(github.rest.teams.addOrUpdateRepoPermissionsInOrg).not.toHaveBeenCalled()
+ })
+
+ it('does not add a team when the repo is not in an include glob', async () => {
+ const plugin = configure([
+ { name: addedTeamName, permission: 'pull', include: ['other-*'] }
+ ])
+
+ await plugin.sync()
+
+ expect(github.rest.teams.addOrUpdateRepoPermissionsInOrg).not.toHaveBeenCalled()
+ })
+
+ it('adds a team when the repo matches an include glob', async () => {
+ when(github.rest.teams.getByName)
+ .calledWith({ org, team_slug: addedTeamName })
+ .mockResolvedValue({ data: { id: addedTeamId } })
+
+ const plugin = configure([
+ { name: addedTeamName, permission: 'pull', include: ['test*'] }
+ ])
+
+ await plugin.sync()
+
+ expect(github.rest.teams.addOrUpdateRepoPermissionsInOrg).toHaveBeenCalledWith({
+ org,
+ team_id: addedTeamId,
+ team_slug: addedTeamName,
+ owner: org,
+ repo: 'test',
+ permission: 'pull'
+ })
+ })
+ })
})