Add option to enforce org-level trust policies only (disable per-repository configs) #1162
Description
Perhaps this is already possible, but if not this is a feature request 😄
We would like to disable the ability to setup trust policies in individual repos, and only have them in a single org wide repo.
This allows us to have a single point to review/audit policies, rather then needing to chase them down in potentially many repos (or trust that telling developers "don't use repo config" will result in them not using it 😁 )
As an organization administrator, I want to:
- Require all trust policies to be managed centrally in our repository
- Prevent individual repository maintainers from creating their own trust policies
- Maintain security oversight by having a single, auditable location for all federation policies
- Still allow scoped access to individual repos using the repositories field in OrgTrustPolicy
I propose adding a new option that would disable repository scope exchange requests, and only accept org level scopes.
If you're open to a contribution for this, I'm interested in working on it!