-
Notifications
You must be signed in to change notification settings - Fork 13
/
entrypoint.sh
170 lines (145 loc) · 5.76 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
#!/bin/bash
STATUS=0
# remember last error code
trap 'STATUS=$?' ERR
# problem matcher must exist in workspace
cp /error-matcher.json $HOME/settings-sync-error-matcher.json
echo "::add-matcher::$HOME/settings-sync-error-matcher.json"
echo "Repository: [$GITHUB_REPOSITORY]"
# log inputs
echo "Inputs"
echo "---------------------------------------------"
RAW_REPOSITORIES="$INPUT_REPOSITORIES"
REPOSITORIES=($RAW_REPOSITORIES)
echo "Repositories : $REPOSITORIES"
ALLOW_ISSUES=$INPUT_ALLOW_ISSUES
echo "Allow Issues : $ALLOW_ISSUES"
ALLOW_PROJECTS=$INPUT_ALLOW_PROJECTS
echo "Allow Projects : $ALLOW_PROJECTS"
ALLOW_WIKI=$INPUT_ALLOW_WIKI
echo "Allow Wiki : $ALLOW_WIKI"
SQUASH_MERGE=$INPUT_SQUASH_MERGE
echo "Squash Merge : $SQUASH_MERGE"
MERGE_COMMIT=$INPUT_MERGE_COMMIT
echo "Merge Commit : $MERGE_COMMIT"
REBASE_MERGE=$INPUT_REBASE_MERGE
echo "Rebase Merge : $REBASE_MERGE"
AUTO_MERGE=$INPUT_AUTO_MERGE
echo "Auto-Merge : $AUTO_MERGE"
DELETE_HEAD=$INPUT_DELETE_HEAD
echo "Delete Head : $DELETE_HEAD"
BRANCH_PROTECTION_ENABLED=$INPUT_BRANCH_PROTECTION_ENABLED
echo "Branch Protection (BP) : $BRANCH_PROTECTION_ENABLED"
BRANCH_PROTECTION_NAME=$INPUT_BRANCH_PROTECTION_NAME
echo "BP: Name : $BRANCH_PROTECTION_NAME"
BRANCH_PROTECTION_REQUIRED_REVIEWERS=$INPUT_BRANCH_PROTECTION_REQUIRED_REVIEWERS
echo "BP: Required Reviewers : $BRANCH_PROTECTION_REQUIRED_REVIEWERS"
BRANCH_PROTECTION_DISMISS=$INPUT_BRANCH_PROTECTION_DISMISS
echo "BP: Dismiss Stale : $BRANCH_PROTECTION_DISMISS"
BRANCH_PROTECTION_CODE_OWNERS=$INPUT_BRANCH_PROTECTION_CODE_OWNERS
echo "BP: Code Owners : $BRANCH_PROTECTION_CODE_OWNERS"
BRANCH_PROTECTION_ENFORCE_ADMINS=$INPUT_BRANCH_PROTECTION_ENFORCE_ADMINS
echo "BP: Enforce Admins : $BRANCH_PROTECTION_ENFORCE_ADMINS"
GITHUB_TOKEN="$INPUT_TOKEN"
echo "---------------------------------------------"
echo " "
# set temp path
TEMP_PATH="/ghars/"
cd /
mkdir "$TEMP_PATH"
cd "$TEMP_PATH"
echo "Temp Path : $TEMP_PATH"
echo " "
# find username and repo name
REPO_INFO=($(echo $GITHUB_REPOSITORY | tr "/" "\n"))
USERNAME=${REPO_INFO[0]}
echo "Username: [$USERNAME]"
echo " "
# get all repos, if specified
if [ "$REPOSITORIES" == "ALL" ]; then
echo "Getting all repositories for [${USERNAME}]"
PAGE=1
REPOSITORIES=()
while true; do
REPOSITORIES_STRING=$(curl -X GET -H "Accept: application/vnd.github.v3+json" -u ${USERNAME}:${GITHUB_TOKEN} --silent "${GITHUB_API_URL}/user/repos?affiliation=owner&per_page=100&page=${PAGE}" | jq '.[].full_name')
# If the latest reponse contains no repositories, exit the loop
[[ ! -z "$REPOSITORIES_STRING" ]] || break
# Append results to REPOSITORIES array, increment page number
readarray -t -O "${#REPOSITORIES[@]}" REPOSITORIES <<< "$REPOSITORIES_STRING"
PAGE=$((PAGE+1))
done
fi
# loop through all the repos
for repository in "${REPOSITORIES[@]}"; do
echo "::group:: $repository"
# trim the quotes
repository="${repository//\"}"
echo "Repository name: [$repository]"
echo " "
echo "Setting repository options"
# the argjson instead of just arg lets us pass the values not as strings
jq -n \
--argjson allowIssues $ALLOW_ISSUES \
--argjson allowProjects $ALLOW_PROJECTS \
--argjson allowWiki $ALLOW_WIKI \
--argjson squashMerge $SQUASH_MERGE \
--argjson mergeCommit $MERGE_COMMIT \
--argjson rebaseMerge $REBASE_MERGE \
--argjson autoMerge $AUTO_MERGE \
--argjson deleteHead $DELETE_HEAD \
'{
has_issues:$allowIssues,
has_projects:$allowProjects,
has_wiki:$allowWiki,
allow_squash_merge:$squashMerge,
allow_merge_commit:$mergeCommit,
allow_rebase_merge:$rebaseMerge,
allow_auto_merge:$autoMerge,
delete_branch_on_merge:$deleteHead,
}' \
| curl -d @- \
-X PATCH \
-H "Accept: application/vnd.github.v3+json" \
-H "Content-Type: application/json" \
-u ${USERNAME}:${GITHUB_TOKEN} \
--silent \
${GITHUB_API_URL}/repos/${repository}
echo " "
if [ "$BRANCH_PROTECTION_ENABLED" == "true" ]; then
echo "Setting [${BRANCH_PROTECTION_NAME}] branch protection rules"
# the argjson instead of just arg lets us pass the values not as strings
jq -n \
--argjson enforceAdmins $BRANCH_PROTECTION_ENFORCE_ADMINS \
--argjson dismissStaleReviews $BRANCH_PROTECTION_DISMISS \
--argjson codeOwnerReviews $BRANCH_PROTECTION_CODE_OWNERS \
--argjson reviewCount $BRANCH_PROTECTION_REQUIRED_REVIEWERS \
'{
required_status_checks:null,
enforce_admins:$enforceAdmins,
required_pull_request_reviews:{
dismiss_stale_reviews:$dismissStaleReviews,
require_code_owner_reviews:$codeOwnerReviews,
required_approving_review_count:$reviewCount
},
restrictions:null
}' \
| curl -d @- \
-X PUT \
-H "Accept: application/vnd.github.luke-cage-preview+json" \
-H "Content-Type: application/json" \
-u ${USERNAME}:${GITHUB_TOKEN} \
--silent \
${GITHUB_API_URL}/repos/${repository}/branches/${BRANCH_PROTECTION_NAME}/protection
elif [ "$BRANCH_PROTECTION_ENABLED" == "false" ]; then
curl \
-X DELETE \
-H "Accept: application/vnd.github.luke-cage-preview+json" \
-H "Content-Type: application/json" \
-u ${USERNAME}:${GITHUB_TOKEN} \
--silent \
${GITHUB_API_URL}/repos/${repository}/branches/${BRANCH_PROTECTION_NAME}/protection
fi
echo "Completed [${repository}]"
echo "::endgroup::"
done
exit $STATUS