Context
The .github meta-repo is currently public, exposing internal workflow logic, Claude Code hook scripts, policy enforcement configs, and org-internal automation details. Once all prep work is complete, the repo can safely be made private.
GitHub's auto-serving of community health files requires a public .github repo, but this org already bypasses that via sync-community-health.yml (explicit push to each target repo). Going private is safe because:
- Community health files are explicitly synced — no dependency on public serving
- Reusable workflows (
workflow_call) work from private repos in the same org
- Scheduled workflows continue running from private repos
- A public
profile repo will serve the org homepage
Pre-conditions (all must be complete before this issue)
Implementation
-
Change repo visibility to private
- Go to repo Settings → Danger Zone → Change repository visibility → Private
- Or via:
gh repo edit wcmchenry3-stack/.github --visibility private
-
Verify org homepage — visit https://github.com/wcmchenry3-stack
- Should show
wcmchenry3-stack/profile README content (not blank)
-
Verify reusable workflows — open a test PR in gaming_app or book_app
commitlint.yml should fire (tests workflow_call from private repo)
- All other called workflows should fire normally
-
Verify community health sync — trigger sync-community-health.yml via workflow_dispatch
- Should open PRs in all 6 target repos
COMMUNITY_HEALTH_SYNC_PAT should still be valid (visibility change does not invalidate PATs)
-
Verify scheduled workflows — check Actions tab
- All
scheduled-* workflows should still appear in the queue
-
Verify Claude Code gates — in a target repo, run gh pr create
lint-gate.sh should fire (via PreToolUse hook)
policy-gate.sh should fire
-
Document any regressions — if any workflow breaks, open a follow-up issue before declaring done
Acceptance Criteria
Dependencies
BLOCKED by: #78, #79, #80, #81, #82, #83, #84, #85, #86
Recommended: #87, #88
Part of Epic
#77
Context
The
.githubmeta-repo is currently public, exposing internal workflow logic, Claude Code hook scripts, policy enforcement configs, and org-internal automation details. Once all prep work is complete, the repo can safely be made private.GitHub's auto-serving of community health files requires a public
.githubrepo, but this org already bypasses that viasync-community-health.yml(explicit push to each target repo). Going private is safe because:workflow_call) work from private repos in the same orgprofilerepo will serve the org homepagePre-conditions (all must be complete before this issue)
profilerepo created and org homepage verifiedImplementation
Change repo visibility to private
gh repo edit wcmchenry3-stack/.github --visibility privateVerify org homepage — visit
https://github.com/wcmchenry3-stackwcmchenry3-stack/profileREADME content (not blank)Verify reusable workflows — open a test PR in
gaming_apporbook_appcommitlint.ymlshould fire (testsworkflow_callfrom private repo)Verify community health sync — trigger
sync-community-health.ymlviaworkflow_dispatchCOMMUNITY_HEALTH_SYNC_PATshould still be valid (visibility change does not invalidate PATs)Verify scheduled workflows — check Actions tab
scheduled-*workflows should still appear in the queueVerify Claude Code gates — in a target repo, run
gh pr createlint-gate.shshould fire (viaPreToolUsehook)policy-gate.shshould fireDocument any regressions — if any workflow breaks, open a follow-up issue before declaring done
Acceptance Criteria
https://github.com/wcmchenry3-stackshows profile README (not blank)commitlint.ymlsuccessfullysync-community-health.ymlruns successfully post-visibility changegh pr createin a target repo triggers lint-gate and policy-gate hooksDependencies
BLOCKED by: #78, #79, #80, #81, #82, #83, #84, #85, #86
Recommended: #87, #88
Part of Epic
#77