š„Letās Do DevOps: Set GitHub Repo Permissions on Hundreds of Repos using GitHubās Rest API using a GitHub Action
--
This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!
Hey all!
Iām helping migrate a few teams from different places ā TFS, Azure DevOps, Stash/Bitbucket, into GitHub. And one feature that all those services offer is setting the default permissions for all repos created in different organizations or projects. Stuff like, set the number of reviewers whom need to approve a PR before it can be merged, or set permissions for different teams to new repos.
GitHub interestingly doesnāt do that(!), and requests to our GitHub Enterprise team suggested we go and build it ourself. Iām surprised this is something I need to build myself ā shouldnāt Enterprises and Orgs have trickle-down permissions and settings that can be automatically enforced?
But build it myself is exactly what I did. Using GitHubās admittedly quite robust REST API, I built a GitHub Action that reads a CSV of repos and settings flags (more on this below), to send authenticated curl
s to GitHubās REST APIs to set permissions. Then we read the output of the curl to make sure it worked properly.
This lets us standardize permissions for dozens or hundreds of repos in a few minutes, and to keep those permissions in check.
Which is pretty cool, huh? Letās walk through the steps I took. And all code is linked in a public github repo at the end of this article if you want to skip ahead to the code and go build it yourself!
REST API Basics + cURL
REST (Representational State Transfer) APIs are standardized inputs for requests, usually using HTTP format, to send a message. Since weāre using HTTP, weāll use GET http requests to gather data, POST to send data, and PATCH to modify a setting. Youāll also see DELETE in some instances.
Curl (which youāll also see as cURL, the proper capitalization), is a linux-based tool that can send http requests. Itās available for linux, mac, and has even been released for Windows! The way curl specifies the type of request is with the -X
flag. So ifā¦