What This Guide Is
This guide walks you through how to set up a public GitHub repository that’s safe, open to contributors, and structured for long-term sustainability.
You’ll learn how to open your project to issues and pull requests, keep everything organized, and require approval before changes are made, the foundation of a healthy Open Source workflow.
Why GitHub Setup Matters
A GitHub repository isn’t just a place to store code, it’s your project’s public face.
If it’s messy, confusing, or wide open without guardrails, people won’t know how to contribute, or worse, might break things accidentally.
Setting up your repo correctly helps you:
- Welcome contributors without losing control
- Avoid accidental changes to critical code
- Set expectations clearly
- Build community the right way
This is your first step toward a sustainable project.
Step-by-Step: Creating a Safe, Open Repo
1. Create the Repository
- Go to GitHub and click New Repository
- Give it a clear name and description
- Set it to Public
- Initialize with:
- A
README.md - A
.gitignorefile (appropriate to your language/framework) - An Open Source license (MIT, GPL, etc.)
- A
2. Enable Community Features
- Make sure Issues and Pull Requests are enabled (default)
- Consider enabling GitHub Discussions for community feedback
3. Set Branch Protection Rules
Go to Settings > Branches > Add Rule and set the following for main:
- Require pull request reviews before merging
- (Optional) Require status checks to pass (if using CI)
- Prevent force pushes
- Prevent deletion of the branch
- (Optional) Require linear history for clean commit logs
4. Add Community Files
Create a .github folder with:
CONTRIBUTING.md: How to contribute, issue/PR format, approval processCODE_OF_CONDUCT.md: Respectful, inclusive behavior expectations
These help people contribute confidently, and help you manage them smoothly.
5. Set Repository Permissions
Go to Settings > Manage Access:
- Set the default permission to Read
- Only trusted maintainers should have Write, Maintain, or Admin access
- This ensures only project leads can approve and merge pull requests
6. (Optional) Set Auto-cleanup and Security
- Turn on auto-delete branches after merge (Settings > General)
- Enable Dependabot alerts and updates (Settings > Security)
Full Setup Checklist
| Step | Task | Status |
|---|---|---|
| Visibility | Public repo with license | [ ] |
| Files | README.md, .gitignore, LICENSE | [ ] |
.github/CONTRIBUTING.md, CODE_OF_CONDUCT.md | [ ] | |
| Features | Issues and PRs enabled | [ ] |
| GitHub Discussions enabled (optional) | [ ] | |
| Branch Rules | Require PR reviews to merge | [ ] |
| Prevent force pushes and deletion | [ ] | |
| Require status checks (optional) | [ ] | |
| Permissions | Default permission: Read | [ ] |
| Maintainers only: Write/Merge | [ ] | |
| Extras | Auto-delete branches after merge | [ ] |
| Dependabot alerts on | [ ] |
You can copy this checklist into your project wiki or README to stay organized.
Keep It Open, Keep It Organized
The best Open Source projects welcome contributors, but set clear boundaries.
This setup gives you the structure to invite help, manage quality, and stay in control.
TL;DR
- Make your repo public with the right files
- Use branch protection and permission settings
- Require review before any changes
- Start with structure, grow with confidence
At Software for Progress Foundation, we help you build Open Source projects that last. This is where that journey begins.