-
Notifications
You must be signed in to change notification settings - Fork 51
/
Copy pathcopy-repository-environments.sh
executable file
·141 lines (114 loc) · 5.92 KB
/
copy-repository-environments.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
#!/bin/bash
if [ $# -lt 3 ]; then
echo "Usage: $0 <source org> <source_repo> <target org> [target_repo]"
exit 1
fi
if [ -z "$SOURCE_TOKEN" ]; then
echo "SOURCE_TOKEN must be set"
exit 1
fi
if [ -z "$TARGET_TOKEN" ]; then
echo "TARGET_TOKEN must be set"
exit 1
fi
source_org=$1
source_repo=$2
target_org=$3
target_repo=${4:-$source_repo}
if [ -z "$MAP_USER_SCRIPT" ]; then
echo "WARNING: MAP_USER_SCRIPT is not set. No mapping will be performed."
echo "Add a script to the environment variable MAP_USER_SCRIPT to map users from $source_org to $target_org"
else
if [ ! -f "$MAP_USER_SCRIPT" ]; then
echo "MAP_USER_SCRIPT is set to $MAP_USER_SCRIPT"
echo "ERROR: MAP_USER_SCRIPT is not a file"
exit 1
fi
fi
function getReviewersLogins() {
local source_org=$1
local target_org=$2
local reviewers_json=$3
}
GH_TOKEN=$SOURCE_TOKEN gh api --paginate "repos/$source_org/$source_repo/environments" -H "X-GitHub-Api-Version: 2022-11-28" --jq '.environments.[].name' | while read -r environment_name; do
environment_json=$(GH_TOKEN=$SOURCE_TOKEN gh api "repos/$source_org/$source_repo/environments/$environment_name" \
--jq '{protection_rules,can_admins_bypass,deployment_branch_policy }')
echo "Creating or updating environment: $environment_name"
can_admins_bypass=$(jq -r '.can_admins_bypass' <<<"$environment_json")
payload=$(jq -c --argjson can_admins_bypass "$can_admins_bypass" '{"can_admins_bypass": $can_admins_bypass}' <<<"{}")
# check if there is a wait wait
wait_timer=$(jq -r '.protection_rules[] | select(.type == "wait_timer") | .wait_timer' <<<"$environment_json")
if [ -n "$wait_timer" ]; then
# append to payload
payload=$(jq -c --argjson wait_timer "$wait_timer" '.wait_timer = $wait_timer' <<<"$payload")
fi
# check if there is a reviewers
reviewers=$(jq -c '.protection_rules[] | select(.type == "required_reviewers") | .reviewers' <<<"$environment_json")
if [ -n "$reviewers" ]; then
reviewers_json="[]"
while read -r reviewer_json; do
reviewer_type=$(jq -r '.type' <<<"$reviewer_json")
#check if reviewer is a team
if [ "$reviewer_type" = "Team" ]; then
reviewer_slug=$(jq -r '.reviewer.slug' <<<"$reviewer_json")
# check if team has access to repo
reviewer_id=$(GH_TOKEN=$TARGET_TOKEN gh api "orgs/$target_org/teams/$reviewer_slug" --jq '.id')
if [ $? != 0 ]; then
echo " ERROR: Team $reviewer_slug does not exist at target org $target_org. Ignoring it."
else
if ! GH_TOKEN=$TARGET_TOKEN gh api \
"orgs/$target_org/teams/$reviewer_slug/repos/$target_org/$target_repo" \
-H "X-GitHub-Api-Version: 2022-11-28" --silent >/dev/null 2>&1; then
echo " ERROR: Team $reviewer_slug does not have access to repo $target_org/$target_repo. Ignoring it."
else
echo " Adding team $reviewer_slug to reviewers"
reviewers_json=$(jq -c --argjson reviewer_id "$reviewer_id" '. += [{"type": "Team", "id": $reviewer_id}]' <<<"$reviewers_json")
fi
fi
fi
# if reviewer is a user
if [ "$reviewer_type" = "User" ]; then
# get user id at the target
reviewer_login=$(jq -r '.reviewer.login' <<<"$reviewer_json")
if [ -n "$MAP_USER_SCRIPT" ]; then
reviewer_login=$($MAP_USER_SCRIPT "$reviewer_login")
fi
reviewer_id=$(GH_TOKEN=$TARGET_TOKEN gh api "orgs/$target_org/memberships/$reviewer_login" --jq '.user.id')
if [ $? != 0 ]; then
echo "ERROR: User $reviewer_login does not exist at target org $target_org. Ignoring it."
else
echo " Adding user $reviewer_login to reviewers"
reviewers_json=$(jq -c --argjson reviewer_id "$reviewer_id" '. += [{"type": "User", "id": $reviewer_id}]' <<<"$reviewers_json")
fi
fi
done < <(jq -c '.[]' <<<"$reviewers")
# append to payload
payload=$(jq -c --argjson "reviewers_json" "$reviewers_json" '. += {"reviewers": $reviewers_json}' <<<"$payload")
fi
deployment_branch_policy=$(jq -c '.deployment_branch_policy' <<<"$environment_json")
if [ -n "$deployment_branch_policy" ]; then
payload=$(jq -c --argjson deployment_branch_policy "$deployment_branch_policy" '. += {"deployment_branch_policy": $deployment_branch_policy}' <<<"$payload")
fi
GH_TOKEN=$TARGET_TOKEN gh api --silent --method PUT \
"repos/$target_org/$target_repo/environments/$environment_name" \
-H "X-GitHub-Api-Version: 2022-11-28" \
--input - <<<"$payload"
# We only support branch policies
# https://docs.github.com/pt/rest/deployments/branch-policies?apiVersion=2022-11-28
if [ "$deployment_branch_policy" != "null" ]; then
while read -r branch_name; do
echo " Creating branch policy for $branch_name"
if ! GH_TOKEN=$TARGET_TOKEN gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"repos/$target_org/$target_repo/environments/$environment_name/deployment-branch-policies" \
-f name="$branch_name" --silent; then
echo " Error: Failed to create branch policy for $branch_name"
fi
done < <(GH_TOKEN=$SOURCE_TOKEN gh api --paginate \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"repos/$source_org/$source_repo/environments/$environment_name/deployment-branch-policies" --jq .branch_policies[].name)
fi
done