joshjohanning

# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
name: 'Dependency Review'
on: [pull_request]

permissions:

joshjohanning

{
    "SPDXID": "SPDXRef-DOCUMENT",
    "spdxVersion": "SPDX-2.3",
    "creationInfo": {
        "created": "2023-04-24T17:02:08Z",
        "creators": [
            "Tool: GitHub.com-Dependency-Graph"
        ]
    },
    "name": "com.github.joshjohanning-org/ghas-demo",

joshjohanning

#!/bin/bash

# usage:
# ./gitlab-export-users-in-group.sh 2 > users.csv

if [ "$#" -ne 1 ]; then
    echo "Usage: $0 <group_id> - obtain from the overview page of your group"
    exit 1
fi

joshjohanning

#!/bin/bash
GITLAB_URL="https://example.gitlab.com/"
PROJECT_ID="2" # get this id via the repo/project's overview page
ACCESS_TOKEN="glpat-abc"

# Create a new merge request
curl --header "Private-Token: $ACCESS_TOKEN" \
  "$GITLAB_URL/api/v4/projects/$PROJECT_ID/merge_requests" \
  --data "source_branch=my-branch" \
  --data "target_branch=main" \

joshjohanning

#!/bin/bash

# credits @tspascoal

if [ "$#" -ne 1 ]; then
    echo "Usage: $0 <project_id> - obtain the numeric project ID from the project/repo's home page"
    exit 1
fi

if [ -z "$GL_TOKEN" ]; then

joshjohanning

name: demo

on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]

  workflow_dispatch:

joshjohanning

# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
name: 'Dependency Review'
on: [pull_request]

permissions:

joshjohanning

ORG_NAME="joshjohanning-org"

# get a list of internal repos in my github org
repos=$(gh api "/orgs/$ORG_NAME/repos" -q '.[] | select(.visibility == "internal") | .name' --paginate)

# loop through repos
for repo in $repos; do
    echo "Changing visiblity to internal: $ORG_NAME/$repo"
    echo "Changing visiblity to internal: $ORG_NAME/$repo" >> change-repo-visiblity.log
    gh repo edit $ORG_NAME/$repo --visibility private

joshjohanning

Migrate git repos script

I used this for migrating git repos from Bitbucket to Github. It uses git's --mirror flag for cloning and pushing to also transfer all tags and branches.

It would be helpful to have SSH keys set up on both ends. Then all you should have to do is to make sure the hardcoded orgname is set to the appropriate one for both the source and destination.

Once I migrated repos, I used this to replace my origin url locally (assumes using ssh):

sed -i s/bitbucket.org:orgname/github.com:orgname/g .git/config

joshjohanning

"tar": "2.2.2"