1ARdotNO · April 26, 2023 00:59
diff --git a/addCodeowners.ps1 b/addCodeowners.ps1
 param (
    [Parameter(Mandatory = $true)] $repoName,
    [Parameter(Mandatory = $true)] $teamName, #allows multiple teams speatated by comma
    [Parameter(Mandatory = $true)] $orgName,
    $CodeOwnerTeam, #allows multiple teams speatated by comma, use this to define what team has the rights to change the codeowners file itself
    $branch, #if not specified default branch is used
    [switch]$overwrite, #automatically overwrite the existing CODEOWNERS FILE
    [switch]$addperms, #automatically add the required perm for the select team. WILL OVERWRITE CURRENT PERMISSIONS
    [switch]$enablebranchprotectioncodeowners #automatically add the required perm for the select team. WILL OVERWRITE CURRENT PERMISSIONS
 )
 $pat = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$($env:GH_PAT)"))
 $file = ".github/CODEOWNERS"
 $teamName = $teamName.ToLower()

 if($CodeOwnerTeam){ #if codeownerteam is defined, also add a restriction for what team that can modify the CODEOWNERS file.
    $content = "* $($teamName | % {"@$orgName/$_ "})
 $file $($CodeOwnerTeam | % {"@$orgName/$_ "})
    "
 }else{
    $content = "* $($teamName | % {"@$orgName/$_ "})"
 }

 $b64Content = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("$($content)"))
 $body = @{
    message = "Added CODEOWNERS to Repo"
    content = $b64Content
 }
 if ($branch) {
    $body | add-member -MemberType NoteProperty -Name branch -Value $branch
 }
 if ($overwrite) {
    #check if file already exists, and if it does append the sha to the request body aswell. Required to overwrite the file
    $paramsexisting = @{
        'Uri'         = ('https://api.github.com/repos/{0}/{1}/contents/{2}' -f $orgName, $repoName, $file)
        'Headers'     = @{'Authorization' = 'Basic ' + $pat }
        'Method'      = 'Get'
        'ContentType' = 'application/json'
        'Body'        = ($body | ConvertTo-Json)
    }
    if ($branch){
        $paramsexisting | add-member -MemberType NoteProperty -Name branch -Value $branch
    }
    $existingresult = Invoke-RestMethod @paramsexisting -SkipHttpErrorCheck
    $body | add-member -MemberType NoteProperty -Name sha -Value $existingresult.sha
 }
 $params = @{
    'Uri' = ('https://api.github.com/repos/{0}/{1}/contents/{2}' -f $orgName, $repoName, $file)
    'Headers'     = @{'Authorization' = 'Basic ' + $pat }
    'Method'      = 'Put'
    'ContentType' = 'application/json'
    'Body'        = ($body | ConvertTo-Json)
 }
 #Add codeowners file
 Invoke-RestMethod @params

 #add team to permissions
 if ($addperms) {
    $teamName | foreach-object {
        $body = @{
            permission = "push"
        }
        $params = @{
            'Uri'         = ('https://api.github.com/orgs/{0}/teams/{1}/repos/{0}/{2}' -f $orgName, $_, $repoName)
            'Headers'     = @{'Authorization' = 'Basic ' + $pat }
            'Method'      = 'Put'
            'ContentType' = 'application/json'
            'Body'        = ($body | ConvertTo-Json)
        }
        #Add permissions for team
        Invoke-RestMethod @params
    }
    $CodeOwnerTeam | foreach-object {
        $body = @{
            permission = "push"
        }
        $params = @{
            'Uri'         = ('https://api.github.com/orgs/{0}/teams/{1}/repos/{0}/{2}' -f $orgName, $_, $repoName)
            'Headers'     = @{'Authorization' = 'Basic ' + $pat }
            'Method'      = 'Put'
            'ContentType' = 'application/json'
            'Body'        = ($body | ConvertTo-Json)
        }
        #Add permissions for team
        Invoke-RestMethod @params
    }
 }
 #enable rule in branch protection for codeowners
 if($enablebranchprotectioncodeowners){
    $body = @{
        required_status_checks = @{
            strict = $true
            contexts = @("continuous-integration/jenkins/pr-merge")
        }
        required_pull_request_reviews = @{
            dismiss_stale_reviews           = $true
            require_code_owner_reviews      = $true
            required_approving_review_count = 2
        }
        enforce_admins = $false
        restrictions = $null

    }
    $params = @{
        'Uri'         = ('https://api.github.com/repos/{0}/{1}/branches/{2}/protection' -f $orgName, $repoName, $branch)
        'Headers'     = @{'Authorization' = 'Basic ' + $pat }
        'Method'      = 'Put'
        'ContentType' = 'application/json'
        'Body'        = ($body | ConvertTo-Json)
    }
    #Add pbranch protection rules
    Invoke-RestMethod @params
 }
	param (
	[Parameter(Mandatory = $true)] $repoName,
	[Parameter(Mandatory = $true)] $teamName, #allows multiple teams speatated by comma
	[Parameter(Mandatory = $true)] $orgName,
	$CodeOwnerTeam, #allows multiple teams speatated by comma, use this to define what team has the rights to change the codeowners file itself
	$branch, #if not specified default branch is used
	[switch]$overwrite, #automatically overwrite the existing CODEOWNERS FILE
	[switch]$addperms, #automatically add the required perm for the select team. WILL OVERWRITE CURRENT PERMISSIONS
	[switch]$enablebranchprotectioncodeowners #automatically add the required perm for the select team. WILL OVERWRITE CURRENT PERMISSIONS
	)
	$pat = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$($env:GH_PAT)"))
	$file = ".github/CODEOWNERS"
	$teamName = $teamName.ToLower()

	if($CodeOwnerTeam){ #if codeownerteam is defined, also add a restriction for what team that can modify the CODEOWNERS file.
	$content = "* $($teamName \| % {"@$orgName/$_ "})
	$file $($CodeOwnerTeam \| % {"@$orgName/$_ "})
	"
	}else{
	$content = "* $($teamName \| % {"@$orgName/$_ "})"
	}

	$b64Content = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("$($content)"))
	$body = @{
	message = "Added CODEOWNERS to Repo"
	content = $b64Content
	}
	if ($branch) {
	$body \| add-member -MemberType NoteProperty -Name branch -Value $branch
	}
	if ($overwrite) {
	#check if file already exists, and if it does append the sha to the request body aswell. Required to overwrite the file
	$paramsexisting = @{
	'Uri' = ('https://api.github.com/repos/{0}/{1}/contents/{2}' -f $orgName, $repoName, $file)
	'Headers' = @{'Authorization' = 'Basic ' + $pat }
	'Method' = 'Get'
	'ContentType' = 'application/json'
	'Body' = ($body \| ConvertTo-Json)
	}
	if ($branch){
	$paramsexisting \| add-member -MemberType NoteProperty -Name branch -Value $branch
	}
	$existingresult = Invoke-RestMethod @paramsexisting -SkipHttpErrorCheck
	$body \| add-member -MemberType NoteProperty -Name sha -Value $existingresult.sha
	}
	$params = @{
	'Uri' = ('https://api.github.com/repos/{0}/{1}/contents/{2}' -f $orgName, $repoName, $file)
	'Headers' = @{'Authorization' = 'Basic ' + $pat }
	'Method' = 'Put'
	'ContentType' = 'application/json'
	'Body' = ($body \| ConvertTo-Json)
	}
	#Add codeowners file
	Invoke-RestMethod @params

	#add team to permissions
	if ($addperms) {
	$teamName \| foreach-object {
	$body = @{
	permission = "push"
	}
	$params = @{
	'Uri' = ('https://api.github.com/orgs/{0}/teams/{1}/repos/{0}/{2}' -f $orgName, $_, $repoName)
	'Headers' = @{'Authorization' = 'Basic ' + $pat }
	'Method' = 'Put'
	'ContentType' = 'application/json'
	'Body' = ($body \| ConvertTo-Json)
	}
	#Add permissions for team
	Invoke-RestMethod @params
	}
	$CodeOwnerTeam \| foreach-object {
	$body = @{
	permission = "push"
	}
	$params = @{
	'Uri' = ('https://api.github.com/orgs/{0}/teams/{1}/repos/{0}/{2}' -f $orgName, $_, $repoName)
	'Headers' = @{'Authorization' = 'Basic ' + $pat }
	'Method' = 'Put'
	'ContentType' = 'application/json'
	'Body' = ($body \| ConvertTo-Json)
	}
	#Add permissions for team
	Invoke-RestMethod @params
	}
	}
	#enable rule in branch protection for codeowners
	if($enablebranchprotectioncodeowners){
	$body = @{
	required_status_checks = @{
	strict = $true
	contexts = @("continuous-integration/jenkins/pr-merge")
	}
	required_pull_request_reviews = @{
	dismiss_stale_reviews = $true
	require_code_owner_reviews = $true
	required_approving_review_count = 2
	}
	enforce_admins = $false
	restrictions = $null

	}
	$params = @{
	'Uri' = ('https://api.github.com/repos/{0}/{1}/branches/{2}/protection' -f $orgName, $repoName, $branch)
	'Headers' = @{'Authorization' = 'Basic ' + $pat }
	'Method' = 'Put'
	'ContentType' = 'application/json'
	'Body' = ($body \| ConvertTo-Json)
	}
	#Add pbranch protection rules
	Invoke-RestMethod @params
	}