forked from kbrashears5/github-action-repo-settings-sync
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathentrypoint.sh
executable file
·200 lines (172 loc) · 7.34 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
#!/bin/bash
STATUS=0
# remember last error code
trap 'STATUS=$?' ERR
# problem matcher must exist in workspace
cp /error-matcher.json $HOME/settings-sync-error-matcher.json
echo "::add-matcher::$HOME/settings-sync-error-matcher.json"
echo "Repository: [$GITHUB_REPOSITORY]"
# log inputs
echo "Inputs"
echo "---------------------------------------------"
RAW_REPOSITORIES="$INPUT_REPOSITORIES"
REPOSITORIES=($RAW_REPOSITORIES)
echo "Repositories : $REPOSITORIES"
ALLOW_ISSUES=$INPUT_ALLOW_ISSUES
echo "Allow Issues : $ALLOW_ISSUES"
ALLOW_PROJECTS=$INPUT_ALLOW_PROJECTS
echo "Allow Projects : $ALLOW_PROJECTS"
ALLOW_WIKI=$INPUT_ALLOW_WIKI
echo "Allow Wiki : $ALLOW_WIKI"
SQUASH_MERGE=$INPUT_SQUASH_MERGE
echo "Squash Merge : $SQUASH_MERGE"
MERGE_COMMIT=$INPUT_MERGE_COMMIT
echo "Merge Commit : $MERGE_COMMIT"
REBASE_MERGE=$INPUT_REBASE_MERGE
echo "Rebase Merge : $REBASE_MERGE"
AUTO_MERGE=$INPUT_AUTO_MERGE
echo "Auto-Merge : $AUTO_MERGE"
DELETE_HEAD=$INPUT_DELETE_HEAD
echo "Delete Head : $DELETE_HEAD"
BRANCH_PROTECTION_ENABLED=$INPUT_BRANCH_PROTECTION_ENABLED
echo "Branch Protection (BP) : $BRANCH_PROTECTION_ENABLED"
BRANCH_PROTECTION_NAME=$INPUT_BRANCH_PROTECTION_NAME
echo "BP: Name : $BRANCH_PROTECTION_NAME"
BRANCH_PROTECTION_REQUIRED_REVIEWERS=$INPUT_BRANCH_PROTECTION_REQUIRED_REVIEWERS
echo "BP: Required Reviewers : $BRANCH_PROTECTION_REQUIRED_REVIEWERS"
BRANCH_PROTECTION_DISMISS=$INPUT_BRANCH_PROTECTION_DISMISS
echo "BP: Dismiss Stale : $BRANCH_PROTECTION_DISMISS"
BRANCH_PROTECTION_CODE_OWNERS=$INPUT_BRANCH_PROTECTION_CODE_OWNERS
echo "BP: Code Owners : $BRANCH_PROTECTION_CODE_OWNERS"
BRANCH_PROTECTION_ENFORCE_ADMINS=$INPUT_BRANCH_PROTECTION_ENFORCE_ADMINS
echo "BP: Enforce Admins : $BRANCH_PROTECTION_ENFORCE_ADMINS"
BRANCH_PROTECTION_REQUIRED_STATUS_CHECKS=$INPUT_BRANCH_PROTECTION_REQUIRED_STATUS_CHECKS
echo "BP: Require Status Checks: $BRANCH_PROTECTION_REQUIRED_STATUS_CHECKS"
BRANCH_PROTECTION_RESTRICT_PUSHES_TEAM_ALLOWED=$INPUT_BRANCH_PROTECTION_RESTRICT_PUSHES_TEAM_ALLOWED
echo "BP: Team Allowed : $BRANCH_PROTECTION_RESTRICT_PUSHES_TEAM_ALLOWED"
GITHUB_TOKEN="$INPUT_TOKEN"
echo "---------------------------------------------"
echo " "
# set temp path
TEMP_PATH="/ghars/"
cd /
mkdir "$TEMP_PATH"
cd "$TEMP_PATH"
echo "Temp Path : $TEMP_PATH"
echo " "
# find username and repo name
REPO_INFO=($(echo $GITHUB_REPOSITORY | tr "/" "\n"))
USERNAME=${REPO_INFO[0]}
echo "Username: [$USERNAME]"
echo " "
# get all repos, if specified
if [ "$REPOSITORIES" == "ALL" ]; then
echo "Getting all repositories for [${USERNAME}]"
PAGE=1
REPOSITORIES=()
while true; do
REPOSITORIES_STRING=$(curl -X GET -H "Accept: application/vnd.github.v3+json" -u ${USERNAME}:${GITHUB_TOKEN} --silent "${GITHUB_API_URL}/user/repos?affiliation=owner&per_page=100&page=${PAGE}" | jq '.[].full_name')
# If the latest reponse contains no repositories, exit the loop
[[ ! -z "$REPOSITORIES_STRING" ]] || break
# Append results to REPOSITORIES array, increment page number
readarray -t -O "${#REPOSITORIES[@]}" REPOSITORIES <<< "$REPOSITORIES_STRING"
PAGE=$((PAGE+1))
done
fi
# loop through all the repos
for repository in "${REPOSITORIES[@]}"; do
echo "::group:: $repository"
# trim the quotes
repository="${repository//\"}"
echo "Repository name: [$repository]"
echo " "
echo "Setting repository options"
# the argjson instead of just arg lets us pass the values not as strings
jq -n \
--argjson allowIssues $ALLOW_ISSUES \
--argjson allowProjects $ALLOW_PROJECTS \
--argjson allowWiki $ALLOW_WIKI \
--argjson squashMerge $SQUASH_MERGE \
--argjson mergeCommit $MERGE_COMMIT \
--argjson rebaseMerge $REBASE_MERGE \
--argjson autoMerge $AUTO_MERGE \
--argjson deleteHead $DELETE_HEAD \
'{
has_issues:$allowIssues,
has_projects:$allowProjects,
has_wiki:$allowWiki,
allow_squash_merge:$squashMerge,
allow_merge_commit:$mergeCommit,
allow_rebase_merge:$rebaseMerge,
allow_auto_merge:$autoMerge,
delete_branch_on_merge:$deleteHead,
}' \
| curl -d @- \
-X PATCH \
-H "Accept: application/vnd.github.v3+json" \
-H "Content-Type: application/json" \
-u ${USERNAME}:${GITHUB_TOKEN} \
--silent \
${GITHUB_API_URL}/repos/${repository}
echo " "
if [ "$BRANCH_PROTECTION_ENABLED" == "true" ]; then
echo "Setting [${BRANCH_PROTECTION_NAME}] branch protection rules"
# get the existing branch protection rules, as we want to keep them the same
REQUIRED_STATUS_CHECKS=$(curl -H "Accept: application/vnd.github.luke-cage-preview+json" \
-H "Content-Type: application/json" \
-u ${USERNAME}:${GITHUB_TOKEN} \
${GITHUB_API_URL}/repos/${repository}/branches/${BRANCH_PROTECTION_NAME}/protection/required_status_checks)
EXISTING_CHECKS=$(echo "$REQUIRED_STATUS_CHECKS" | jq -rc '.checks')
if [ "$EXISTING_CHECKS" == "null" ]; then
echo "Check here the reason of there is no existing checks at this branch."
echo $( echo "$REQUIRED_STATUS_CHECKS" | jq -c '.message')
CURRENT_CHECKS=[]
else
CURRENT_CHECKS=$EXISTING_CHECKS;
fi;
# the argjson instead of just arg lets us pass the values not as strings
jq -n \
--argjson enforceAdmins $BRANCH_PROTECTION_ENFORCE_ADMINS \
--argjson dismissStaleReviews $BRANCH_PROTECTION_DISMISS \
--argjson codeOwnerReviews $BRANCH_PROTECTION_CODE_OWNERS \
--argjson reviewCount $BRANCH_PROTECTION_REQUIRED_REVIEWERS \
--argjson requiredStatusChecks $BRANCH_PROTECTION_REQUIRED_STATUS_CHECKS \
--argjson existingChecks "$CURRENT_CHECKS" \
--arg restrictPushesTeamAllowed $BRANCH_PROTECTION_RESTRICT_PUSHES_TEAM_ALLOWED \
'{
required_status_checks:{
strict: $requiredStatusChecks,
checks: $existingChecks
},
enforce_admins:$enforceAdmins,
required_pull_request_reviews:{
dismiss_stale_reviews:$dismissStaleReviews,
require_code_owner_reviews:$codeOwnerReviews,
required_approving_review_count:$reviewCount
},
restrictions:{
users:[""],
apps:[""],
teams:[$restrictPushesTeamAllowed]
}
}' \
| curl -d @- \
-X PUT \
-H "Accept: application/vnd.github.luke-cage-preview+json" \
-H "Content-Type: application/json" \
-u ${USERNAME}:${GITHUB_TOKEN} \
--silent \
${GITHUB_API_URL}/repos/${repository}/branches/${BRANCH_PROTECTION_NAME}/protection
elif [ "$BRANCH_PROTECTION_ENABLED" == "false" ]; then
curl \
-X DELETE \
-H "Accept: application/vnd.github.luke-cage-preview+json" \
-H "Content-Type: application/json" \
-u ${USERNAME}:${GITHUB_TOKEN} \
--silent \
${GITHUB_API_URL}/repos/${repository}/branches/${BRANCH_PROTECTION_NAME}/protection
fi
echo "Completed [${repository}]"
echo "::endgroup::"
done
exit $STATUS