GitHub repositories change hands constantly — they get transferred between orgs, renamed during rebrands, forked, archived, and sometimes deleted. Under the old model, the human or team who “owned” a repo was implied by who happened to have admin access at that moment. When a repo moved or an admin left, that implied ownership evaporated, and the security and compliance questions (“who is responsible for this code?”) had no reliable answer.
In 2026 GitHub introduced the durable owner: a persistent, explicitly-set owner (a user or team) recorded against the repository itself, designed to survive transfers, renames, and even deletion (The GitHub Blog, “How GitHub gave every repository a durable owner”). GitHub’s own engineering and security teams now run on it. This guide covers how to set an owner on a repo, how to do it across an entire org, and how to make “no owner” a failing condition in your pipelines.
First, understand what “durable” buys you
A durable owner is recorded as data on the repository, not derived from transient admin membership. That means:
- Transfers don’t lose it. Move a repo from
acme/webtoacme-legacy/weband the owner tag follows the code. - Renames don’t lose it. Rename
payments-apitobilling-api; the owner stays attached. - Deletion is gated. Because the owner is explicit, GitHub can flag or block teardown of repositories that still carry responsibility, instead of silently dropping them.
It is, in GitHub’s framing, the secure choice made the easy choice: ownership is something you set once and stop worrying about.
Set an owner through the repository settings (UI)
For a single repository:
- Open the repo and go to Settings → General (or Manage → Settings depending on your role).
- Find the Owner (or “Repository owner”) field in the repository metadata section.
- Select a user or team from your organization as the durable owner.
- Save.
That’s the whole manual flow. The value comes from doing it consistently, which is where the API and CLI matter.
Set an owner with the gh CLI
For one repo:
gh api -X PATCH repos/<org>/<repo> \
-f "owner_id=<team-or-user-node-id>"
You can resolve a team’s node ID first:
gh api orgs/<org>/teams/<team-slug> --jq '.node_id'
Then loop it across every repo in an org to backfill ownership in one pass:
gh repo list <org> --limit 1000 --json nameWithOwner,node_id \
| jq -r '.[] | .nameWithOwner' \
| while read repo; do
gh api -X PATCH repos/$repo -f "owner_id=<TEAM_NODE_ID>"
echo "set owner on $repo"
done
Run that as a scheduled job (or a post-repo-creation hook) so newly created repos are owned from birth.
Enforce it in CI (make “no owner” fail)
Setting owners is half the battle; the other half is refusing to ship code whose ownership is unknown. A lightweight enforcement step in your CI pipeline:
owner=$(gh api repos/$GITHUB_REPOSITORY --jq '.owner // empty')
if [ -z "$owner" ]; then
echo "ERROR: this repository has no durable owner set"
exit 1
fi
Wire that into a required status check and “no owner” becomes a merge-blocking condition rather than a spreadsheet you never open.
A note on the underlying mechanism
GitHub’s durable owner is backed by a registry-style record attached to the repository object — the same class of “durable metadata” pattern GitHub has been extending across its platform for governance and supply-chain hygiene. The exact field name and endpoint can vary by plan and dashboard build, so always confirm the current shape in GitHub’s REST/GraphQL reference for your tier before codifying it in automation. The steps above reflect the documented behavior as of mid-2026; if your enterprise plan exposes a different label, the workflow (set per repo → backfill via API → enforce in CI) stays the same.
The takeaway
Repository ownership used to be an accident of who had admin at a given moment. The durable owner makes it explicit, persistent, and automatable. Set it per repo in the UI, backfill your org with the gh CLI, and gate merges on it in CI — and “who owns this code?” stops being a mystery every time something moves.
Source: The GitHub Blog, “How GitHub gave every repository a durable owner” (2026).
