paroxp · March 30, 2019 12:31
diff --git a/setup-repositories.sh b/setup-repositories.sh
 #!/bin/bash

 set -euo pipefail

 : "${GITHUB_TOKEN:?}"

 ORGANISATION="${ORGANISATION:-alphagov}"
 TEAM="${TEAM:-2971998}"
 QUERY_REPO="${QUERY_REPO:-gsp-}"

 repos=$(curl -s "https://api.github.com/search/repositories?access_token=${GITHUB_TOKEN}&per_page=100&q=org:${ORGANISATION}+${QUERY_REPO}+in:name" | jq -r '.items[].name')

 echo "Will update the following repositories:"
 echo "${repos}"

 read -p "Continue? [y/n] " -n 1 -r
 echo ""

 if [[ ! $REPLY =~ ^[Yy]$ ]]; then
 	echo "Aborting..."
 	[[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1
 fi

 settings='{
 	"default_branch": "master",
 	"allow_merge_commit": true,
 	"allow_squash_merge": false,
 	"allow_rebase_merge": false
 }'

 branch_portection='{
 	"required_status_checks": null,
 	"enforce_admins": true,
 	"required_pull_request_reviews": {
 		"dismiss_stale_reviews": true,
 		"required_approving_review_count": 2
 	},
 	"restrictions": null
 }'

 collaborators='{"permission": "push"}'

 for repo in $repos; do
 	echo "Updating: ${repo}"

 	echo "Applying settings..."
 	curl --fail -X PATCH -s "https://api.github.com/repos/${ORGANISATION}/${repo}?access_token=${GITHUB_TOKEN}" -d "${settings}" | jq .

 	echo "Setting up branch protection..."
 	curl --fail -X PUT -s "https://api.github.com/repos/${ORGANISATION}/${repo}/branches/master/protection?access_token=${GITHUB_TOKEN}" -d "${branch_portection}" -H "Accept: application/vnd.github.luke-cage-preview+json" | jq .

 	echo "Enforcing signatures..."
 	curl --fail -X POST -s "https://api.github.com/repos/${ORGANISATION}/${repo}/branches/master/protection/required_signatures?access_token=${GITHUB_TOKEN}" -H "Accept: application/vnd.github.zzzax-preview+json" | jq .

 	echo "Checking collaborators..."
 	users=$(curl --fail -s "https://api.github.com/repos/${ORGANISATION}/${repo}/collaborators?access_token=${GITHUB_TOKEN}&per_page=1000&affiliation=direct" -H "Access: application/vnd.github.hellcat-preview+json" | jq -r '.[].login')

 	for user in $users; do
 		echo "Deleting ${user} from ${repo}..."
 		curl --fail -X DELETE -s "https://api.github.com/repos/${ORGANISATION}/${repo}/collaborators/${user}?access_token=${GITHUB_TOKEN}"
 	done

 	echo "Allowing team write access..."
 	curl --fail -X PUT -s "https://api.github.com/teams/${TEAM}/repos/${ORGANISATION}/${repo}?access_token=${GITHUB_TOKEN}"  -d "${collaborators}" | jq .
 done

 echo "ALL DONE!"
	#!/bin/bash

	set -euo pipefail

	: "${GITHUB_TOKEN:?}"

	ORGANISATION="${ORGANISATION:-alphagov}"
	TEAM="${TEAM:-2971998}"
	QUERY_REPO="${QUERY_REPO:-gsp-}"

	repos=$(curl -s "https://api.github.com/search/repositories?access_token=${GITHUB_TOKEN}&per_page=100&q=org:${ORGANISATION}+${QUERY_REPO}+in:name" \| jq -r '.items[].name')

	echo "Will update the following repositories:"
	echo "${repos}"

	read -p "Continue? [y/n] " -n 1 -r
	echo ""

	if [[ ! $REPLY =~ ^[Yy]$ ]]; then
	echo "Aborting..."
	[[ "$0" = "$BASH_SOURCE" ]] && exit 1 \|\| return 1
	fi

	settings='{
	"default_branch": "master",
	"allow_merge_commit": true,
	"allow_squash_merge": false,
	"allow_rebase_merge": false
	}'

	branch_portection='{
	"required_status_checks": null,
	"enforce_admins": true,
	"required_pull_request_reviews": {
	"dismiss_stale_reviews": true,
	"required_approving_review_count": 2
	},
	"restrictions": null
	}'

	collaborators='{"permission": "push"}'

	for repo in $repos; do
	echo "Updating: ${repo}"

	echo "Applying settings..."
	curl --fail -X PATCH -s "https://api.github.com/repos/${ORGANISATION}/${repo}?access_token=${GITHUB_TOKEN}" -d "${settings}" \| jq .

	echo "Setting up branch protection..."
	curl --fail -X PUT -s "https://api.github.com/repos/${ORGANISATION}/${repo}/branches/master/protection?access_token=${GITHUB_TOKEN}" -d "${branch_portection}" -H "Accept: application/vnd.github.luke-cage-preview+json" \| jq .

	echo "Enforcing signatures..."
	curl --fail -X POST -s "https://api.github.com/repos/${ORGANISATION}/${repo}/branches/master/protection/required_signatures?access_token=${GITHUB_TOKEN}" -H "Accept: application/vnd.github.zzzax-preview+json" \| jq .

	echo "Checking collaborators..."
	users=$(curl --fail -s "https://api.github.com/repos/${ORGANISATION}/${repo}/collaborators?access_token=${GITHUB_TOKEN}&per_page=1000&affiliation=direct" -H "Access: application/vnd.github.hellcat-preview+json" \| jq -r '.[].login')

	for user in $users; do
	echo "Deleting ${user} from ${repo}..."
	curl --fail -X DELETE -s "https://api.github.com/repos/${ORGANISATION}/${repo}/collaborators/${user}?access_token=${GITHUB_TOKEN}"
	done

	echo "Allowing team write access..."
	curl --fail -X PUT -s "https://api.github.com/teams/${TEAM}/repos/${ORGANISATION}/${repo}?access_token=${GITHUB_TOKEN}" -d "${collaborators}" \| jq .
	done

	echo "ALL DONE!"