Merge pull request #226 from gm3dmo/issue225

Adding permissions demo

add-collaborator-to-repo.sh

@@ -6,7 +6,7 @@
 # limits: https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository
 
 
-username=${1:-mona}
+username=${repo_collaborator}
 permission=${2:-push}
 
 JSON_TEMPLATE='{"permission":"%s"}'

add-repo-to-permissions-teams.sh

@@ -0,0 +1,39 @@
+.   ./.gh-api-examples.conf
+
+# https://docs.github.com/en/rest/reference/teams#add-or-update-team-membership-for-a-user
+# PUT /orgs/:org/teams/:team_slug/memberships/:username
+
+# https://docs.github.com/en/enterprise-cloud@latest/rest/teams/teams?apiVersion=2022-11-28#add-or-update-team-repository-permissions
+# PUT /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}
+
+if [ -z "$1" ]
+  then
+    repo=$repo
+  else
+    repo=$1
+fi
+
+declare -A permission_to_user
+permissions=("pull" "triage" "push" "maintain" "admin")
+
+prefix=pwr
+
+for team_permission in "${permissions[@]}"
+do
+    team_name=${prefix}-team-${team_permission}
+    team_slug=${team_name}
+    team_id=$(curl --silent -H "Authorization: Bearer ${GITHUB_TOKEN}" ${GITHUB_API_BASE_URL}/orgs/${org}/teams/$team_slug | jq '.id')
+
+    json_file=tmp/add-or-update-team-repository-permissions.json
+    jq -n \
+              --arg permission "${team_permission}" \
+              '{
+                permission: $permission,
+              }' > ${json_file}
+
+    curl ${curl_custom_flags} \
+        -X PUT \
+        -H "Accept: application/vnd.github.v3+json" \
+        -H "Authorization: Bearer ${GITHUB_TOKEN}" \
+           "${GITHUB_API_BASE_URL}/teams/${team_id}/repos/${org}/${repo}" --data @${json_file}
+done

add-users-to-teams-for-repository-permission.sh

@@ -23,6 +23,7 @@ do
     team_slug=${team_name}
     team_id=$(curl ${curl_custom_flags} -H "Authorization: Bearer ${GITHUB_TOKEN}" ${GITHUB_API_BASE_URL}/orgs/${org}/teams/$team_slug | jq '.id')
     team_member="${permission_to_user[$team_permission]}"
+    echo "${team_member} ---> ${team_permission}"
 
     curl ${curl_custom_flags} \
          -X PUT \

build-testcase-permissions

@@ -0,0 +1,86 @@
+normal=$(tput sgr0)
+highlight=$(tput setaf 2)
+
+printf "$highlight"
+
+cat << EOF
+
+  ________            ____                         
+ /_  __/ /_  ___     / __ \____ _      _____  _____
+  / / / __ \/ _ \   / /_/ / __ \ | /| / / _ \/ ___/
+ / / / / / /  __/  / ____/ /_/ / |/ |/ /  __/ /    
+/_/ /_/ /_/\___/  /_/    \____/|__/|__/\___/_/     
+
+EOF
+
+printf "${normal}"
+
+     printf "${highlight} - Creating repo: ${normal}"
+    ./create-repo-testrepo.sh | jq -r '.name'
+     printf "${highlight} - Creating webhook: ${normal}"
+    ./create-webhook.sh  | jq -r '.id'
+    sleep 5
+
+     printf "${highlight} - Clean the slate and delete teams (if they exist): ${normal}"
+    echo
+    echo
+    ./delete-teams-for-permissions.sh
+    echo
+
+     printf "${highlight} - Create the teams named based on permissions:  ${normal}"
+    echo
+    echo
+    ./create-teams-for-repository-permission.sh
+    echo
+
+     printf "${highlight} - Add users to teams:  ${normal}"
+    echo
+    echo
+    ./add-users-to-teams-for-repository-permission.sh
+    echo
+
+     printf "${highlight} - Add repo to teams:  ${normal}"
+    echo
+    echo
+    ./add-repo-to-permissions-teams.sh
+    echo
+     printf "${highlight} - Delete team_admin user from created teams:  ${normal}"
+     echo
+     echo
+    ./delete-admin-from-teams-for-permissions.sh
+     echo
+
+     printf "${highlight} - Add/Invite repo_collaborator user to repo:  ${normal}"
+    ./add-collaborator-to-repo.sh | jq -r '.invitee.login'
+
+     printf "${highlight} - Creating docs/README.md: ${normal}"
+    ./create-commit-readme.sh | jq -r ".content.html_url"
+     printf "${highlight} - Creating CODEOWNERS: ${normal}"
+    ./create-commit-codeowners.sh| jq -r ".content.html_url"
+     printf "${highlight} - Creating requirements.txt: ${normal}"
+    ./create-commit-python-pip.sh| jq -r ".content.html_url"
+    sleep 2
+     printf "${highlight} - Creating new branch: ${normal}"
+    ./create-branch-newbranch.sh | jq -r '.url'
+     printf "${highlight} - Creating a commit on the new branch: ${normal}"
+    ./create-commit-on-new-branch.sh | jq -r ".content.html_url"
+     printf "${highlight} - Creating an update commit to docs/README.md: ${normal}"
+    ./create-commit-update-readme.sh | jq -r ".content.html_url"
+     printf "${highlight} - Creating an issue: ${normal}"
+    ./create-an-issue.sh | jq -r '.html_url'
+     printf "${highlight} - Creating a pull request: ${normal}"
+    ./create-pull-request.sh | jq -r '.html_url'
+    # set the branch protection rules for main
+     printf "${highlight} - Setting branch protection rules on default branch: ${normal}"
+    ./set-branch-protection.sh | jq -r '.url'
+
+     printf "${highlight} - Creating a release: ${normal}"
+    ./create-release.sh  | jq -r '.html_url'
+     printf "${highlight} - Adding a .gitattributes file to new branch: ${normal}"
+    ./create-commit-gitattributes.sh | jq -r ".content.html_url"
+     echo 
+
+
+    # If you have the appropriate token set in `pr_approver_token`
+    # then you can provide an approving review:
+    # ./create-approving-review-for-a-pull-request.sh

configure.py

@@ -112,6 +112,8 @@ def main(args):
 operator="starts_with" 
 enforcement="evaluate"
 bypass_mode="always"
+repo_collaborator="mona"
+issue_assignee="hubot"
 
 
 ### [Team](https://docs.github.com/en/rest/teams)
@@ -123,6 +125,8 @@ def main(args):
 team_admin="${team_admin}"
 team_privacy="closed"
 team_permission="admin"
+available_team_permissions="pull triage push maintain admin"
+team_permission_prefix="pwr"
 
 
 ### [Issues](https://docs.github.com/en/rest/issues/issues)

create-an-issue.sh

@@ -3,6 +3,7 @@
 # https://docs.github.com/en/enterprise-cloud@latest/rest/issues/issues?apiVersion=2022-11-28#create-an-issue
 # POST /repos/{owner}/{repo}/issues
 
+
 if [ -z "$1" ]
   then
     repo=$repo
@@ -21,15 +22,14 @@ lorem_append="<br><br><br>The @${org}/${team_slug} will be interested in this. $
 timestamp=$(date +%s)
 
 json_file=tmp/create-an-issue.json
-rm -f ${json_file}
 
 jq -n \
-        --arg title "Security vulnerability in access control software allowing unauthorized access by dogs ($timestamp) " \
+        --arg title "Security vulnerability in access control software allowing unauthorized access by dogs ($timestamp)" \
         --arg body "${lorem_text}${lorem_append}" \
-        --arg assignees "${default_committer}" \
+        --arg assignees "${default_issue_assignee}" \
         --arg milestone 1 \
-        --arg labels "bug" \
-	'{"title": $title, "body": $body, "assignees": [ $assignees ], "labels": [ $labels ] }'  > ${json_file}
+        --argjson labels '["bug", "documentation"]' \
+	'{"title": $title, "body": $body, "assignees": [ $assignees ], "labels":  $labels  }' > ${json_file}
 
 curl ${curl_custom_flags} \
      -H "Accept: application/vnd.github.v3+json" \

create-teams-for-repository-permission.sh

@@ -6,27 +6,26 @@
 # Permissions for teams are from:
 # https://docs.github.com/en/enterprise-cloud@latest/rest/teams/teams?apiVersion=2022-11-28#add-or-update-team-repository-permissions
 
-for team_type in pull triage push maintain admin
+
+for team_type in ${available_team_permissions}
 do
 
-    prefix=pwr-team
-    team_name="${prefix}-${team_type}"
+    prefix=${team_permission_prefix}
+    team_name="${prefix}-team-${team_type}"
     team=$team_name
     privacy="closed"
     #privacy="secret"
     json_file=tmp/team-permission-data.json
 
      jq -n \
                     --arg name "${team}" \
-                    --arg description "${team} is a ${privacy} team. See: https://docs.github.com/en/enterprise-cloud@latest/rest/teams/teams?apiVersion=2022-11-28#add-or-update-team-repository-permissions" \
+                    --arg description "${prefix}: ${team} is a ${privacy} team. See: https://docs.github.com/en/enterprise-cloud@latest/rest/teams/teams?apiVersion=2022-11-28#add-or-update-team-repository-permissions" \
                     --arg privacy "$privacy" \
                     '{name: $name, description: $description, privacy: $privacy }' > ${json_file}
 
- cat $json_file | jq -r
-
     curl ${curl_custom_flags} \
          -H "Accept: application/vnd.github.v3+json" \
          -H "Authorization: Bearer ${GITHUB_TOKEN}" \
-            "${GITHUB_API_BASE_URL}/orgs/${org}/teams" --data @${json_file}
+            "${GITHUB_API_BASE_URL}/orgs/${org}/teams" --data @${json_file} > tmp/create-team-${team}.json
 
 done

delete-admin-from-teams-for-permissions.sh

@@ -0,0 +1,21 @@
+.  ./.gh-api-examples.conf
+
+# https://docs.github.com/en/rest/reference/teams#remove-team-membership-for-a-user
+# DELETE /orgs/{org}/teams/{team_slug}/memberships/{username}
+
+team_member=${team_admin}
+prefix=pwr
+
+for team_permission in ${available_team_permissions}
+do
+    team_name=${prefix}-team-${team_permission}
+    team_slug=${team_name}
+    team_id=$(curl ${curl_custom_flags} -H "Authorization: Bearer ${GITHUB_TOKEN}" ${GITHUB_API_BASE_URL}/orgs/${org}/teams/$team_slug | jq '.id')
+    echo "${team_member} delete ----X> from ${team_name}"
+
+    curl ${curl_custom_flags} \
+        -X DELETE \
+        -H "Authorization: Bearer ${GITHUB_TOKEN}" \
+           "${GITHUB_API_BASE_URL}/orgs/${org}/teams/${team_slug}/memberships/${team_member}"
+
+done

delete-teams-for-permissions.sh

@@ -0,0 +1,17 @@
+.  ./.gh-api-examples.conf
+
+
+
+
+
+for permission in ${available_team_permissions}
+do
+   team_name="${team_permission_prefix}-team-${permission}"
+   team_slug=${team_name}
+   echo deleting ${team_slug} >&2
+
+   curl ${curl_custom_flags} \
+        -X DELETE \
+        -H "Authorization: Bearer ${GITHUB_TOKEN}" \
+           "${GITHUB_API_BASE_URL}/orgs/${org}/teams/${team_slug}"
+done

docs/setup.md

@@ -5,20 +5,39 @@
 * A GitHub Enterprise Server or dotcom org with a Enterprise admin user name and password 
 * A `jq` command on your client:
 
+#### A note about Bash
+
+A few scripts use arrays in bash and for those you'll need to have bash 5.x. The bash delivered on Mac OS is 3.2 so `brew install bash` may be needed if you want to use scripts that contain `declare -A` then you can use `/opt/homebrew/bin/bash`. These scripts were tested with 5.2.37 on Mac:
+
+```
+bash --version
+GNU bash, version 5.2.37(1)-release (aarch64-apple-darwin24.0.0)
+Copyright (C) 2022 Free Software Foundation, Inc.
+License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
+```
+
+#### jq
+
 ```
 brew install jq
 ```
+
+#### Python
 
 * A Python >3.6 interpreter on your Mac.
+
+####  Ruby Gems 
+
 * The [JWT Rubygem](https://rubygems.org/gems/jwt) required for [GitHub App authentication](https://github.com/gm3dmo/the-power/blob/main/docs/setting-up-a-gh-app.md#using-a-github-app-with-the-power):
 
 ```
 sudo gem install jwt
 ```
 
-* [Create your token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). In GitHub Enterprise (give it all the scopes. Be careful and give the token an expiry date if running on github.com. Strongly recommend a token with short expiry time. If creating a lot of tokens, then this tip for [selecting all checkboxes on](https://gist.github.com/gm3dmo/e085294a622c1c72eec0e8b48d72b092) may be useful.
+#### Personal Access Token (PAT)
+* [Create your token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). In GitHub Enterprise (give it all the scopes. Be careful and give the token an expiry date if running on github.com. Strongly recommend a token with short expiry time. If you find yourself creating a lot of tokens on a regular basis, then this tip for [selecting all checkboxes on](https://gist.github.com/gm3dmo/e085294a622c1c72eec0e8b48d72b092) may be useful.
 
-### Setup
+### Configure The Power with `configure.py`
 
 ### Client side setup
 - Download the [latest release](https://github.com/gm3dmo/the-power/releases/latest).