geforkt von LengKundee/NUNA
8,1 KiB
8,1 KiB
GitHub Copilot & Jules Agents: Organization Setup Guide
This guide explains how to enable GitHub Copilot coding agents and Jules (Google) at the organization level for multiple orgs and personal accounts.
Overview
| Account Type | Copilot Agent Support | Jules Support |
|---|---|---|
| Organization (Enterprise) | ✅ Full support | ✅ Full support |
| Organization (Team) | ⚠️ Limited | ⚠️ Limited |
| Personal Account | ❌ Business tier only | ❌ Not available |
Prerequisites
Before starting, ensure you have:
- Organization Owner/Admin permissions on each org
- GitHub Copilot Enterprise license (for full agent capabilities)
- GitHub CLI (
gh) installed and authenticated - For Jules: Google Cloud project with billing enabled
Part 1: Organization-Level Copilot Setup
Step 1: Enable Copilot Enterprise
- Navigate to your organization:
https://github.com/YOUR-ORG - Go to Settings → Copilot
- Select Copilot Enterprise plan
- Configure seat assignments (all members or specific teams)
Step 2: Install the Copilot SWE Agent
Install the agent app at the organization level (not per-repo):
# Install GitHub Copilot coding agent for your organization
gh extension install github/gh-copilot
# Verify installation
gh copilot --version
Or install via the GitHub Marketplace:
- Visit:
https://github.com/apps/copilot-swe-agent - Click Install → Select your organization
- Grant access to All repositories (recommended) or select specific repos
Step 3: Grant Repository Permissions
For agents to create branches and open PRs:
# Enable Copilot agent on a specific repository
gh api repos/YOUR-ORG/REPO-NAME/copilot \
-X PATCH \
-f agent_enabled=true
Or via UI:
- Go to repo Settings → Copilot
- Enable Allow Copilot to make changes
- Set permission level to Write
Part 2: Jules Agent Setup (Google)
Step 1: Connect Google Cloud to Your Org
- Visit:
https://jules.google/org-setup - Sign in with your Google Workspace admin account
- Link to your GitHub organization
- Authorize required OAuth scopes
Step 2: Configure Jules Permissions
# .github/jules.yml (in each repo or at org level)
jules:
enabled: true
permissions:
- write:code
- create:pr
allowed_branches:
- feature/*
- fix/*
- jules/*
Part 3: Multi-Organization Strategy
For users managing multiple organizations:
┌─────────────────────────────────────────────────────────────┐
│ Org 1 (Primary) │
│ ├── Copilot Enterprise ✅ │
│ ├── Jules Agent ✅ │
│ └── All repos inherit agent access │
├─────────────────────────────────────────────────────────────┤
│ Org 2 (Secondary) │
│ ├── Copilot Enterprise ✅ │
│ ├── Jules Agent ✅ │
│ └── Same setup as Org 1 │
├─────────────────────────────────────────────────────────────┤
│ Personal Account │
│ ├── Copilot Business only (no Enterprise agents) │
│ └── Manual PR workflow │
└─────────────────────────────────────────────────────────────┘
Quick Setup Commands for Multiple Orgs
# Set your orgs
ORG1="your-primary-org"
ORG2="your-secondary-org"
# Enable Copilot for both orgs
for ORG in $ORG1 $ORG2; do
echo "Enabling Copilot for $ORG..."
gh api orgs/$ORG/copilot/billing \
-X PATCH \
-f plan="enterprise"
done
Part 4: Branch Protection (Critical for Security)
⚠️ IMPORTANT: Agents should never push directly to
main/master.
Required Branch Protection Rules
Configure these rules on your default branch:
| Rule | Setting | Purpose |
|---|---|---|
| Require pull request | ✅ Enabled | Agents must use PRs |
| Required reviewers | 1+ humans | Human approval gate |
| Dismiss stale approvals | ✅ Enabled | Re-review after changes |
| Restrict pushes | Admins only | Prevent direct commits |
| Require status checks | ✅ Enabled | CI must pass |
Setup via GitHub CLI
# Apply branch protection to main branch
gh api repos/YOUR-ORG/REPO-NAME/branches/main/protection \
-X PUT \
-H "Accept: application/vnd.github+json" \
-f required_pull_request_reviews='{"required_approving_review_count":1,"dismiss_stale_reviews":true}' \
-f restrictions='{"users":[],"teams":[]}' \
-f required_status_checks='{"strict":true,"contexts":["ci"]}'
Agent Workflow Diagram
┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐
│ Agent │───▶│ Branch │───▶│ PR │───▶│ Review │
│ Works │ │ feature/ │ │ Created │ │ Human │
└──────────┘ └──────────┘ └──────────┘ └────┬─────┘
│
▼
┌──────────┐
│ Merge │
│ to main │
└──────────┘
Result: Agents work on feature branches → Humans review and approve → Controlled merges to main.
Part 5: Quick Reference Commands
Copilot Agent Commands
# Check Copilot status for an org
gh api orgs/YOUR-ORG/copilot/billing
# List repos with Copilot enabled
gh api orgs/YOUR-ORG/copilot/repos --paginate
# Enable agent on specific repo
gh api repos/YOUR-ORG/REPO-NAME/copilot -X PATCH -f agent_enabled=true
Monitoring Agent Activity
# View recent PRs created by Copilot agent
gh pr list --author="app/copilot-swe-agent" --state=all
# Check agent workflow runs
gh run list --workflow=copilot-agent.yml
Troubleshooting
Agent Not Creating PRs
- Check permissions: Ensure agent has
writeaccess to the repo - Verify installation: Agent must be installed at org level
- Branch protection: Ensure feature branches are not protected
Agent PRs Failing CI
- Review the agent's code changes carefully
- Provide clearer instructions in your prompt
- Consider adding a
.github/copilot-instructions.mdfile
Rate Limits
- Enterprise: 500 agent requests/hour/org
- Team: 100 agent requests/hour/org
Security Best Practices
- ✅ Never disable branch protection for agents
- ✅ Require human review on all agent PRs
- ✅ Use allowlists for sensitive repos
- ✅ Audit agent activity regularly via GitHub audit log
- ✅ Rotate credentials used by agents periodically