đ„Letâs Do DevOps: Set GitHub Repo Permissions on Hundreds of Repos using GitHubâs Rest API using a GitHub Action
--
This blog series focuses on presenting complex DevOps projects as simple and approachable via plain language and lots of pictures. You can do it!
Hey all!
Iâm helping migrate a few teams from different places â TFS, Azure DevOps, Stash/Bitbucket, into GitHub. And one feature that all those services offer is setting the default permissions for all repos created in different organizations or projects. Stuff like, set the number of reviewers whom need to approve a PR before it can be merged, or set permissions for different teams to new repos.
GitHub interestingly doesnât do that(!), and requests to our GitHub Enterprise team suggested we go and build it ourself. Iâm surprised this is something I need to build myself â shouldnât Enterprises and Orgs have trickle-down permissions and settings that can be automatically enforced?
But build it myself is exactly what I did. Using GitHubâs admittedly quite robust REST API, I built a GitHub Action that reads a CSV of repos and settings flags (more on this below), to send authenticated curls to GitHubâs REST APIs to set permissions. Then we read the output of the curl to make sure it worked properly.
This lets us standardize permissions for dozens or hundreds of repos in a few minutes, and to keep those permissions in check.
Which is pretty cool, huh? Letâs walk through the steps I took. And all code is linked in a public github repo at the end of this article if you want to skip ahead to the code and go build it yourself!
REST API Basics + cURL
REST (Representational State Transfer) APIs are standardized inputs for requests, usually using HTTP format, to send a message. Since weâre using HTTP, weâll use GET http requests to gather data, POST to send data, and PATCH to modify a setting. Youâll also see DELETE in some instances.
Curl (which youâll also see as cURL, the proper capitalization), is a linux-based tool that can send http requests. Itâs available for linux, mac, and has even been released for Windows! The way curl specifies the type of request is with the -X flag. So ifâŠ
