GuideJanuary 26, 20276 min read

ConfigSync + GitHub Actions: Auto-Sync Configs on PR Merge

Use a GitHub Action to automatically push team configurations to ConfigSync when PRs merge to your config repo. Team members auto-pull the updates.

The Use Case: Config as Code

Some teams manage their shared configurations in a git repository. Editor settings, linter rules, git hooks, and shell aliases live in a repo where changes go through code review. This is great for visibility and collaboration, but it creates a distribution problem: after a PR merges, how do team members get the updated configs onto their machines?

The answer is usually "hope they remember to pull." With ConfigSync and GitHub Actions, you can automate the distribution. When a PR merges to your config repo, a GitHub Action pushes the updated configs to ConfigSync. Team members who have auto-pull enabled get the changes automatically.

Setting Up the Config Repo

First, create a repository that contains your team's shared configurations. This repo becomes the source of truth for team-wide settings.

Team config repo structure
team-configs/ ├── .github/ │ └── workflows/ │ └── sync-config.yml # GitHub Action ├── editor/ │ ├── .editorconfig │ ├── .eslintrc.json │ └── .prettierrc ├── git/ │ ├── .gitconfig-team │ └── .gitignore_global ├── shell/ │ └── team-aliases.zsh └── README.md

Team members submit PRs to change shared configs. The PR review process provides visibility and prevents unintended changes. Once merged, the GitHub Action handles distribution.

The GitHub Action Workflow

Here is the complete workflow file. It installs ConfigSync, authenticates with a service token, copies the repo configs to the right locations, and pushes a new snapshot.

.github/workflows/sync-config.yml
name: Sync Team Configs on: push: branches: [main] paths: - 'editor/**' - 'git/**' - 'shell/**' jobs: sync: runs-on: ubuntu-latest steps: - name: Checkout config repo uses: actions/checkout@v4 - name: Install ConfigSync run: npm install -g configsync - name: Authenticate run: configsync login --token ${{ secrets.CONFIGSYNC_TOKEN }} - name: Copy configs to expected locations run: | cp editor/.editorconfig ~/.editorconfig cp editor/.eslintrc.json ~/.eslintrc.json cp editor/.prettierrc ~/.prettierrc cp git/.gitconfig-team ~/.gitconfig-team cp git/.gitignore_global ~/.gitignore_global cp shell/team-aliases.zsh ~/.team-aliases.zsh - name: Track configs run: | configsync add config ~/.editorconfig configsync add config ~/.eslintrc.json configsync add config ~/.prettierrc configsync add config ~/.gitconfig-team configsync add config ~/.gitignore_global configsync add config ~/.team-aliases.zsh - name: Push to ConfigSync run: | configsync push -m "Team config update from ${{ github.sha }}" - name: Notify if: success() run: echo "Configs synced. Team members will receive updates on next pull."
Store your ConfigSync API token as a GitHub repository secret named CONFIGSYNC_TOKEN. Use a dedicated service token with push-only scope so the CI environment cannot pull secrets.

Creating the Service Token

Create a dedicated API token for GitHub Actions. This token should have permission to push configs but not to pull secrets.

Create a CI-scoped token
# Create a token specifically for CI $ configsync token create --name "github-actions" --scope push-only Token: cs_ci_abc123... # Add it to your GitHub repo: # Settings > Secrets > Actions > New repository secret # Name: CONFIGSYNC_TOKEN # Value: cs_ci_abc123...

Team Members Receiving Updates

Once the GitHub Action pushes new configs, team members receive them in one of two ways:

Receiving config updates
# Option 1: Manual pull $ configsync pull Pulling latest snapshot... Updated: .editorconfig (team standard) Updated: .eslintrc.json (new rule added) Updated: .prettierrc (unchanged) 3 files updated. # Option 2: Watch mode (auto-pull) $ configsync watch Watching for remote changes... [14:22] Remote snapshot updated. Pulling... Updated: .eslintrc.json (new rule added) [14:22] Up to date. # Option 3: Post-pull hook for notifications $ configsync config set hooks.post-pull "echo 'Team configs updated!'" # Team members always have the latest configs # without remembering to do anything manually.

Triggering on Specific File Changes

The workflow uses path filters so it only runs when configuration files change. Changes to the README or other non-config files do not trigger a sync.

Path filtering
# The workflow only triggers on changes to config directories: on: push: branches: [main] paths: - 'editor/**' # Editor configs changed - 'git/**' # Git configs changed - 'shell/**' # Shell configs changed # Does NOT trigger on: # - README.md # - .github/workflows/ (prevent infinite loops) # - docs/

The Complete Flow

Putting it all together, the workflow is:

  1. A team member submits a PR to change .eslintrc.json in the config repo.
  2. The team reviews and approves the change.
  3. The PR merges to main.
  4. The GitHub Action triggers, installs ConfigSync, authenticates, and pushes the updated config.
  5. Team members with watch mode receive the update automatically. Others pull manually.
  6. Everyone's linter now uses the same rules, without anyone manually copying files.

This pattern treats team configurations as code: version controlled, reviewed, and automatically distributed. It eliminates the gap between "we agreed on new linter rules" and "everyone is actually using the new linter rules." The GitHub Action is the bridge that makes config standardization self-enforcing.

Ready to try ConfigSync?

Sync your entire dev environment across machines in minutes. Free forever for up to 3 devices.

Get StartedRead the Docs