Skip to content

Commit

Permalink
Safeguarding archived repos (#168)
Browse files Browse the repository at this point in the history
  • Loading branch information
@pattacini
pattacini authored Feb 20, 2023
1 parent a6851d2 commit be5d8cb
Show file tree
Hide file tree
Showing 3 changed files with 103 additions and 88 deletions.
55 changes: 30 additions & 25 deletions scripts/check-automated-repositories.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,35 +75,40 @@ def check_user(user, permissions)

check_and_wait_until_reset
if $client.repository?(repo_full_name) then
# check collaborators
if repo_metadata then
repo_metadata.each { |user, props|
type = props["type"]
permissions = props["permissions"]
if (type.casecmp?("user")) then
check_user(user, permissions)
elsif (type.casecmp?("group")) then
if groups.key?(user) then
puts "- Listing collaborators in group \"#{user}\" 👥"
groups[user].each { |subuser|
if repo_metadata.key?(subuser) then
puts "- Detected group user \"#{subuser}\" handled individually"
else
check_user(subuser, permissions)
end
}
# check if archived
if !$client.repository(repo_full_name).archived then
# check collaborators
if repo_metadata then
repo_metadata.each { |user, props|
type = props["type"]
permissions = props["permissions"]
if (type.casecmp?("user")) then
check_user(user, permissions)
elsif (type.casecmp?("group")) then
if groups.key?(user) then
puts "- Listing collaborators in group \"#{user}\" 👥"
groups[user].each { |subuser|
if repo_metadata.key?(subuser) then
puts "- Detected group user \"#{subuser}\" handled individually"
else
check_user(subuser, permissions)
end
}
else
puts "- Unrecognized group \"#{user}\" ❌"
exit 1
end
else
puts "- Unrecognized group \"#{user}\" ❌"
puts "- Unrecognized type \"#{type}\" ❌"
exit 1
end
else
puts "- Unrecognized type \"#{type}\" ❌"
exit 1
end
}
end
}
end

puts "...done with \"#{repo_full_name}\" ✔"
puts "...done with \"#{repo_full_name}\" ✔"
else
puts "Skipping archived repository \"#{repo_full_name}\" ⚠️"
end
else
puts "Repository \"#{repo_full_name}\" does not exist ❌"
exit 1
Expand Down
39 changes: 22 additions & 17 deletions scripts/delete-invitations.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,24 +54,29 @@
if $client.repository?(repo_full_name) then
# check if we're required to deal with this repo
if repos_input.include?('*') || repos_input.include?(repo_name) then
# delete invitations
get_repo_invitations(repo_full_name).each { |invitation|
invitee = invitation["invitee"]
expired = invitation["expired"]
check_and_wait_until_reset
if !$client.org_member?($org, invitee) then
if only_expired.casecmp?('true') && !expired then
puts "- Skipping invitee \"#{invitee}\" whose invitation has not expired yet"
next
else
puts "- Removing invitee \"#{invitee}\""
check_and_wait_until_reset
$client.delete_repository_invitation(repo_full_name, invitation["id"])
# check if archived
if !$client.repository(repo_full_name).archived then
# delete invitations
get_repo_invitations(repo_full_name).each { |invitation|
invitee = invitation["invitee"]
expired = invitation["expired"]
check_and_wait_until_reset
if !$client.org_member?($org, invitee) then
if only_expired.casecmp?('true') && !expired then
puts "- Skipping invitee \"#{invitee}\" whose invitation has not expired yet"
next
else
puts "- Removing invitee \"#{invitee}\""
check_and_wait_until_reset
$client.delete_repository_invitation(repo_full_name, invitation["id"])
end
end
end
}

puts "...done with \"#{repo_full_name}\" ✔"
}

puts "...done with \"#{repo_full_name}\" ✔"
else
puts "Skipping archived repository \"#{repo_full_name}\" ⚠️"
end
else
puts "Repository \"#{repo_full_name}\" is not in the list ➖"
end
Expand Down
97 changes: 51 additions & 46 deletions scripts/outside-collaborators-handler.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,60 +153,65 @@ def add_repo_collaborator(repo, user, auth)

check_and_wait_until_reset
if $client.repository?(repo_full_name) then
# add collaborators
if repo_metadata then
repo_metadata.each { |user, props|
type = props["type"]
permissions = props["permissions"]
if (type.casecmp?("user")) then
if !add_repo_collaborator(repo_full_name, user, permissions) then
has_errors = true
end
elsif (type.casecmp?("group")) then
if groups.key?(user) then
puts "- Handling group \"#{user}\" 👥"
groups[user].each { |subuser|
if repo_metadata.key?(subuser) then
puts "- Detected group user \"#{subuser}\" handled individually"
elsif !add_repo_collaborator(repo_full_name, subuser, permissions) then
has_errors = true
end
}
# check if archived
if !$client.repository(repo_full_name).archived then
# add collaborators
if repo_metadata then
repo_metadata.each { |user, props|
type = props["type"]
permissions = props["permissions"]
if (type.casecmp?("user")) then
if !add_repo_collaborator(repo_full_name, user, permissions) then
has_errors = true
end
elsif (type.casecmp?("group")) then
if groups.key?(user) then
puts "- Handling group \"#{user}\" 👥"
groups[user].each { |subuser|
if repo_metadata.key?(subuser) then
puts "- Detected group user \"#{subuser}\" handled individually"
elsif !add_repo_collaborator(repo_full_name, subuser, permissions) then
has_errors = true
end
}
else
puts "- Unrecognized group \"#{user}\" ❌"
has_errors = true
end
else
puts "- Unrecognized group \"#{user}\" ❌"
puts "- Unrecognized type \"#{type}\" ❌"
has_errors = true
end
else
puts "- Unrecognized type \"#{type}\" ❌"
has_errors = true
end
}
end
}
end

# remove collaborators no longer requested
get_repo_collaborators(repo_full_name).each { |user|
check_and_wait_until_reset
if !$client.org_member?($org, user) &&
!repo_member(repo_metadata, groups, user) then
puts "- Removing collaborator \"#{user}\""
# remove collaborators no longer requested
get_repo_collaborators(repo_full_name).each { |user|
check_and_wait_until_reset
$client.remove_collaborator(repo_full_name, user)
end
}
if !$client.org_member?($org, user) &&
!repo_member(repo_metadata, groups, user) then
puts "- Removing collaborator \"#{user}\""
check_and_wait_until_reset
$client.remove_collaborator(repo_full_name, user)
end
}

# remove pending invitations of collaborators no longer requested
get_repo_invitations(repo_full_name).each { |invitation|
invitee = invitation["invitee"]
check_and_wait_until_reset
if !$client.org_member?($org, invitee) &&
!repo_member(repo_metadata, groups, invitee) then
puts "- Removing invitee \"#{invitee}\""
# remove pending invitations of collaborators no longer requested
get_repo_invitations(repo_full_name).each { |invitation|
invitee = invitation["invitee"]
check_and_wait_until_reset
$client.delete_repository_invitation(repo_full_name, invitation["id"])
end
}
if !$client.org_member?($org, invitee) &&
!repo_member(repo_metadata, groups, invitee) then
puts "- Removing invitee \"#{invitee}\""
check_and_wait_until_reset
$client.delete_repository_invitation(repo_full_name, invitation["id"])
end
}

puts "...done with \"#{repo_full_name}\" ✔"
puts "...done with \"#{repo_full_name}\" ✔"
else
puts "Skipping archived repository \"#{repo_full_name}\" ⚠️"
end
else
puts "Repository \"#{repo_full_name}\" does not exist ❌"
has_errors = true
Expand Down

0 comments on commit be5d8cb

Please sign in to comment.