feat: workshop operator guide and provisioning scripts#3
Merged
Conversation
Add complete operator toolkit for provisioning Devin Enterprise workshops: - README.md: Full operator guide with architecture, workflow, and API findings - scripts/verify-auth.sh: Verify API credentials and display enterprise state - scripts/provision-workshop.sh: End-to-end provisioning (org + permissions + sessions) - scripts/teardown-workshop.sh: Post-workshop cleanup - scripts/lib/: Shared functions (common.sh, manage-org.sh, manage-repos.sh, invoke-setup.sh) - scripts/examples/mirror-repos.sh: GitHub repo mirroring helper - configs/: Template and DC April 2026 example config - docs/api-reference-cheatsheet.md: v3 API quick reference All scripts tested against the live Devin Enterprise API: - Verified auth as enterprise service user (Devin-PW-Internal-Shared) - Successfully created/deleted git permissions for mirror org - Successfully created a Devin session via API with create_as_user_id - Discovered ACU limit requirement (cycle limit must be > 0) - Full provision workflow tested with --skip-sessions on existing org
Author
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
⚙️ Control Options:
|
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
Without token auth in HTTPS URLs, git push --mirror fails silently. Use x-access-token pattern for both clone and push operations.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
- Add participant invitation (manage-members.sh library + invite-participants.sh) - Add mirror-github-org.sh with workflow stripping, include/exclude, config support - Add post-workshop cleanup suite: sanitize-pr-pii.sh, close-old-prs.sh, delete-stale-branches.sh, cleanup-all.sh orchestrator - Add PII enforcement CI workflow (.github/workflows/pr-pii-check.yml) and deploy-pr-pii-check.sh to roll it out across repos - Update provision-workshop.sh to support --emails-file and --skip-invites - Update config template with emails_file, enterprise_role_id, org_role_id - Remove curl -f flag from common.sh to preserve API error response bodies - Replace scripts/examples/mirror-repos.sh with scripts/mirror-github-org.sh - Update README with comprehensive coverage of all scripts and workflow phases
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
- sanitize-pr-pii.sh: make sed pattern fully case-insensitive to match the grep -Pi detection, preventing silent PII leaks on unusual casings - manage-members.sh: handle files without trailing newline so the last email is not silently dropped
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
Remove the sed that deleted 'Requested by:' lines before the grep check, which made the check ineffective for the most common PII format. The system footers (Link to Devin session, devin-review-badge) are already stripped by the preceding sed commands.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
Align the comment check with the PR body check by requiring the pattern to appear at the start of a line, preventing false positives on legitimate text like 'This fix was requested by: the product team'.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Workshop operator toolkit for automating the full lifecycle of Devin Enterprise workshops using the v3 API. Covers provisioning, participant management, environment setup, and post-workshop cleanup.
Core provisioning (Devin v3 API):
provision-workshop.sh— Config-driven end-to-end: create org → set git permissions → invite participants → invoke setup sessionsteardown-workshop.sh— Clear permissions and optionally delete the orgverify-auth.sh— Verify API credentials and list enterprise stateinvite-participants.sh— Batch invite users by email to enterprise + orgShared library (
scripts/lib/):common.sh— HTTP helpers, logging, config readersmanage-org.sh— Create/update/delete/list organizationsmanage-repos.sh— Git permission management (add/replace/clear)manage-members.sh— Invite users, assign to orgs with rolesinvoke-setup.sh— Create Devin sessions to configure env YAMLGitHub operations:
mirror-github-org.sh— Mirror repos between orgs with workflow stripping, include/exclude, config file supportcleanup-all.sh— Run all post-workshop cleanup tasks (PII + close PRs + delete branches)sanitize-pr-pii.sh— Remove "Requested by" PII from PRsclose-old-prs.sh— Close stale open PRsdelete-stale-branches.sh— Delete branches with no recent commitsdeploy-pr-pii-check.sh— Roll out PII check CI workflow to all repos in an org.github/workflows/pr-pii-check.yml— The CI workflow itselfConfig & docs:
configs/— JSON config templates per workshop event (with participant invite support)docs/api-reference-cheatsheet.md— Quick reference for all v3 API endpointsReview & Testing Checklist for Human
./scripts/verify-auth.shwith a validDEVIN_API_KEYand confirm it lists orgs, connections, and members./scripts/provision-workshop.sh --config configs/dc-april-2026.json --org-id <mirror-org-id> --skip-sessions --skip-invitesand confirm git permissions are set correctlyscripts/lib/manage-members.shinvite flow — the two-step enterprise invite + org assignment matches v3 API behavior but has not been tested against a live invite (no test emails available)sanitize-pr-pii.sh,close-old-prs.sh,delete-stale-branches.sh) — these useghCLI and operate destructively. Verify with--dry-runfirst./scripts/mirror-github-org.sh <source> <target> --dry-runto confirm repo listing and filter logicRecommended test plan: Run
verify-auth.sh→provision-workshop.sh --skip-sessions --skip-invitesagainst the mirror org →cleanup-all.sh --dry-runagainst the mirror GitHub org. This validates the Devin API integration and GitHub CLI operations without side effects.Notes
Key findings from live API testing:
max_cycle_acu_limitmust be > 0 or sessions are immediately suspended (org_usage_limit_exceeded)Link to Devin session: https://partner-workshops.devinenterprise.com/sessions/15d32ff046664f089dafa7dca446bd6c
Requested by: @bsmitches