// Govern your repositories with push rulesets

Chris Nesbitt-Smith traces how governance policies are typically born — emotionally, reactively, and as one-shot documents — then shows how applying software engineering principles transforms policy into a living, versioned artefact. The talk covers iterative policy management, Kubernetes admission control, open-source policy tooling, and the cultural shift required to make policy genuinely effective rather than just technically compliant.

Once you have a working GitHub Actions workflow, the next challenge is safely deploying across dev, staging, and production with the right secrets in the right places. This episode deep-dives into GitHub Actions Environments: how to scope secrets per environment to enforce the principle of least privilege, configure required reviewers and wait timers as production gates, and assign service principals with minimal Azure RBAC permissions. A live demo deploys the cloudwithchris.com Hugo site to Azure Storage, making every concept concrete.

Introduces enterprise repository policies in GitHub, a governance feature that lets administrators restrict repository operations—including visibility changes, creations, deletions, transfers, and naming—across all organizations in an enterprise account. The video also demonstrates repository properties defined at the enterprise level, giving organization admins consistent, inherited property values and requiring them at repository creation time to enforce compliance from day one.