ghad ("gad") is a command-line tool for managing a large number of GitHub repositories. It currently allows you to:
- Archive repositories that haven't been updated in a specified number of days unless they have the
MAINTAINEDtopic - Enable security alerts for vulnerable dependencies
- Enable automated security fixes
It can be run manually, or set up to run from a continuous integration system - see the CircleCI configuration.
-
Install Node.js 10+.
-
Clone this repository.
-
Set your GitHub token.
export GITHUB_TOKEN=... -
View the documentation.
npx ghad --help
-
Run the script as a dry run.
npx ghad archive --org <something>
-
To actually archive repositories:
npx ghad archive --org <something> --apply
The --org is optional. See npx ghad archive --help for more info.
See the CircleCI automation configuration.
Warning: Keep write access to this repository restricted. The associated GitHub token is that of an Owner, so being able to run arbitrary commands in CI allows privilege escalation.
ghad is run across TTS GitHub repositories by the @tts-bot. The bot is a member of the GSA/tts-admins team. To include a repository to ghad's scope, give the GSA/tts-admins team admin access to the repository.