debedb · December 12, 2024 06:28
diff --git a/check-actions-for-org.sh b/check-actions-for-org.sh
 #!/bin/bash

 # Variables
 GITHUB_ORG=reddrummer
 GITHUB_TOKEN=$DRUMWAVE_GITHUB_TOKEN

 # Set GitHub CLI authentication
 export GH_TOKEN=$GITHUB_TOKEN

 # Check if `gh` CLI is installed
 if ! command -v gh &> /dev/null; then
    echo "GitHub CLI (gh) is not installed. Please install it and try again."
    exit 1
 fi

 # Function to fetch all repositories with pagination
 fetch_repositories() {
    local org="$1"
    local page=1
    local per_page=30
    local repos=()

    while :; do
        # echo "Fetching repositories (page $page)..."
        page_repos=$(gh api -H "Authorization: token $GITHUB_TOKEN" \
            "/orgs/$org/repos?per_page=$per_page&page=$page" \
            --jq '.[].name')

        if [[ -z "$page_repos" ]]; then
            break
        fi

        repos+=($page_repos)
        page=$((page + 1))
    done

    echo "${repos[@]}"
 }

 # Fetch all repositories
 repos=$(fetch_repositories "$GITHUB_ORG")

 # repos="ddv-profiler"

 # Loop through each repository
 for repo in $repos; do
    echo "Checking actions in repository: $repo"
    
    # Get workflows for the repository
    workflows=$(gh api -H "Authorization: token $GITHUB_TOKEN" \
        "/repos/$GITHUB_ORG/$repo/actions/workflows" \
        --jq '.workflows[] | {id, name, path}')
    
    # Loop through each workflow
    echo "$workflows" | jq -c '.' | while read -r workflow; do
        workflow_id=$(echo "$workflow" | jq -r '.id')
        workflow_name=$(echo "$workflow" | jq -r '.name')
        workflow_path=$(echo "$workflow" | jq -r '.path')

        echo "Checking workflow: $workflow_name ($workflow_path)"

        # Get the YAML content of the workflow
        workflow_meta=$(gh api -H "Authorization: token $GITHUB_TOKEN" \
            "/repos/$GITHUB_ORG/$repo/actions/workflows/$workflow_id" \
            --jq '. | @base64' | base64 --decode )
 	html_url=$(echo "$workflow_meta" | jq -r '.html_url')
 	raw_url=$(echo "$html_url" | sed -e 's|github.com|raw.githubusercontent.com|' -e 's|/blob/|/|')
 	workflow_content=$(curl -s -H "Authorization: token $GITHUB_TOKEN" "$raw_url")
 	
        # Check if the workflow uses upload-artifact v3 or download-artifact v3
        if echo "$workflow_content" | fgrep  "actions/upload-artifact@v3"; then
            echo "XXX Repo: $repo, Workflow: $workflow_name uses upload-artifact@v3"
        fi
        if echo "$workflow_content" | fgrep  "actions/download-artifact@v3"; then
            echo "XXX Repo: $repo, Workflow: $workflow_name uses download-artifact@v3"
        fi
    done
 done
	#!/bin/bash

	# Variables
	GITHUB_ORG=reddrummer
	GITHUB_TOKEN=$DRUMWAVE_GITHUB_TOKEN

	# Set GitHub CLI authentication
	export GH_TOKEN=$GITHUB_TOKEN

	# Check if `gh` CLI is installed
	if ! command -v gh &> /dev/null; then
	echo "GitHub CLI (gh) is not installed. Please install it and try again."
	exit 1
	fi

	# Function to fetch all repositories with pagination
	fetch_repositories() {
	local org="$1"
	local page=1
	local per_page=30
	local repos=()

	while :; do
	# echo "Fetching repositories (page $page)..."
	page_repos=$(gh api -H "Authorization: token $GITHUB_TOKEN" \
	"/orgs/$org/repos?per_page=$per_page&page=$page" \
	--jq '.[].name')

	if [[ -z "$page_repos" ]]; then
	break
	fi

	repos+=($page_repos)
	page=$((page + 1))
	done

	echo "${repos[@]}"
	}

	# Fetch all repositories
	repos=$(fetch_repositories "$GITHUB_ORG")

	# repos="ddv-profiler"

	# Loop through each repository
	for repo in $repos; do
	echo "Checking actions in repository: $repo"

	# Get workflows for the repository
	workflows=$(gh api -H "Authorization: token $GITHUB_TOKEN" \
	"/repos/$GITHUB_ORG/$repo/actions/workflows" \
	--jq '.workflows[] \| {id, name, path}')

	# Loop through each workflow
	echo "$workflows" \| jq -c '.' \| while read -r workflow; do
	workflow_id=$(echo "$workflow" \| jq -r '.id')
	workflow_name=$(echo "$workflow" \| jq -r '.name')
	workflow_path=$(echo "$workflow" \| jq -r '.path')

	echo "Checking workflow: $workflow_name ($workflow_path)"

	# Get the YAML content of the workflow
	workflow_meta=$(gh api -H "Authorization: token $GITHUB_TOKEN" \
	"/repos/$GITHUB_ORG/$repo/actions/workflows/$workflow_id" \
	--jq '. \| @base64' \| base64 --decode )
	html_url=$(echo "$workflow_meta" \| jq -r '.html_url')
	raw_url=$(echo "$html_url" \| sed -e 's\|github.com\|raw.githubusercontent.com\|' -e 's\|/blob/\|/\|')
	workflow_content=$(curl -s -H "Authorization: token $GITHUB_TOKEN" "$raw_url")

	# Check if the workflow uses upload-artifact v3 or download-artifact v3
	if echo "$workflow_content" \| fgrep "actions/upload-artifact@v3"; then
	echo "XXX Repo: $repo, Workflow: $workflow_name uses upload-artifact@v3"
	fi
	if echo "$workflow_content" \| fgrep "actions/download-artifact@v3"; then
	echo "XXX Repo: $repo, Workflow: $workflow_name uses download-artifact@v3"
	fi
	done
	done