Merge branch 'dev'

Orange-OpenSource · Jun 28, 2023 · 0912b71 · 0912b71
2 parents 72a57a4 + d7d4e6c
commit 0912b71
Show file tree

Hide file tree

Showing 7 changed files with 79 additions and 11 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,9 +1,15 @@
 # CHANGELOG
 
-## Version 2.10.1
+## Version 2.11.0
 
 ### Features
 
+- [#82](https://github.com/Orange-OpenSource/floss-toolbox/issues/82) GitHub - Set teams permissions to read
+
+## Version 2.10.1
+
+### Bugs
+
 - [#80](https://github.com/Orange-OpenSource/floss-toolbox/issues/80) Diver - Path variables not protected
 
 ## Version 2.10.0

diff --git a/README.md b/README.md
@@ -258,8 +258,8 @@ _path/to/the/project_ points to the root of the project to analyse.
 
 ## Prerequisites
 
-- Ruby Gem: `octokit 4.20.0`
-- Ruby Gem: `git 1.8.1`
+- Ruby Gem: `octokit 6.1.1`
+- Ruby Gem: `git 1.18.0`
 - Ruby 2.7.1
 
 - Create a [GitHub personal token](https://github.com/settings/tokens) and define it in the _configuration.rb_ file for the `GITHUB_PERSONAL_ACCESS_TOKEN` variable.
@@ -268,9 +268,15 @@ _path/to/the/project_ points to the root of the project to analyse.
 
 ## Prepare project
 
-```ruby
+```shell
 gem install octokit
-gem intall git
+gem install git
+```
+
+of if you have _Bundler_:
+
+```shell
+bundle install
 ```
 
 ## Third-party elements
@@ -406,6 +412,17 @@ Permissions will be set to "push", i.e. "write".
 bash GitHubWizard.sh set-teams-permissions-to-push
 ```
 
+### Define teams permissions for all projects to "read"
+
+_Keywords: #organisation #GitHub #permissions #teams #read_
+
+Run the following command to update rights of all teams, for all projects.
+Permissions will be set to "read".
+
+```shell
+bash GitHubWizard.sh set-teams-permissions-to-read
+```
+
 # Play with GitHub CLI (GH)
 
 ## Prerequisites

diff --git a/toolbox/github/Gemfile b/toolbox/github/Gemfile
@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+gem 'git', '~>1.18'
+gem 'octokit', '~>6.1'
diff --git a/toolbox/github/Gemfile.lock b/toolbox/github/Gemfile.lock
@@ -0,0 +1,31 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.8.4)
+      public_suffix (>= 2.0.2, < 6.0)
+    faraday (2.7.8)
+      faraday-net_http (>= 2.0, < 3.1)
+      ruby2_keywords (>= 0.0.4)
+    faraday-net_http (3.0.2)
+    git (1.18.0)
+      addressable (~> 2.8)
+      rchardet (~> 1.8)
+    octokit (6.1.1)
+      faraday (>= 1, < 3)
+      sawyer (~> 0.9)
+    public_suffix (5.0.1)
+    rchardet (1.8.0)
+    ruby2_keywords (0.0.5)
+    sawyer (0.9.2)
+      addressable (>= 2.3.5)
+      faraday (>= 0.17.3, < 3)
+
+PLATFORMS
+  x86_64-darwin-21
+
+DEPENDENCIES
+  git (~> 1.18)
+  octokit (~> 6.1)
+
+BUNDLED WITH
+   2.4.13
diff --git a/toolbox/github/GitHubWizard.sh b/toolbox/github/GitHubWizard.sh
@@ -12,7 +12,7 @@
 # Parses the RUBY_CONFIGURATION_FILE to get the GitHub personal acces token to set as Ruby env. variable (OCTOKIT_ACCESS_TOKEN).
 
 #set -euxo pipefail
-VERSION="1.4.0"
+VERSION="1.5.0"
 
 # Common files
 # ------------
@@ -51,6 +51,7 @@ UsageAndExit(){
     echo -e "\t get-empty-projects.............................: Loads projects which may be empty"
     echo -e "\t set-users-permissions-to-push..................: For all projects update each user permission to 'push' except for teams and administrators"
     echo -e "\t set-teams-permissions-to-push..................: For all projects update each team permission to 'push'"
+    echo -e "\t set-teams-permissions-to-read..................: For all projects update each team permission to 'read'"
     echo -e "\t backup-all-repositories-from-org...............: Dump all repositories in GitHub to a specific location in the disk"
     echo -e "\t vulnerabilities-alerts-for-all-repositories....: Check if there are vulnerabilities alerts in repositories of the defined organisation"
     echo -e "\t look-for-leaks.................................: Checks with gitleaks if there are leaks in all repositories"
@@ -86,7 +87,7 @@ if [ -z "$feature_to_run" ]; then
 fi
 
 # TODO: Refactor this line. Some day. I have a very big screen. Haven't you?
-if [ $feature_to_run != "get-members-2fa-disabled" -a $feature_to_run != "get-all-members" -a $feature_to_run != "get-members-without-company" -a $feature_to_run != "get-projects-without-team" -a $feature_to_run != "get-users-with-bad-email" -a $feature_to_run != "get-users-with-bad-fullname" -a $feature_to_run != "get-projects-conformity" -a $feature_to_run != "get-projects-without-licenses" -a $feature_to_run != "get-empty-projects" -a $feature_to_run != "set-users-permissions-to-push" -a $feature_to_run != "set-teams-permissions-to-push" -a $feature_to_run != "backup-all-repositories-from-org" -a $feature_to_run != "vulnerabilities-alerts-for-all-repositories" -a $feature_to_run != "look-for-leaks" ]; then
+if [ $feature_to_run != "get-members-2fa-disabled" -a $feature_to_run != "get-all-members" -a $feature_to_run != "get-members-without-company" -a $feature_to_run != "get-projects-without-team" -a $feature_to_run != "get-users-with-bad-email" -a $feature_to_run != "get-users-with-bad-fullname" -a $feature_to_run != "get-projects-conformity" -a $feature_to_run != "get-projects-without-licenses" -a $feature_to_run != "get-empty-projects" -a $feature_to_run != "set-users-permissions-to-push" -a $feature_to_run != "set-teams-permissions-to-push" -a $feature_to_run != "set-teams-permissions-to-read" -a $feature_to_run != "backup-all-repositories-from-org" -a $feature_to_run != "vulnerabilities-alerts-for-all-repositories" -a $feature_to_run != "look-for-leaks" ]; then
     echo "ERROR: '$feature_to_run' is unknown feature. Exit now"
     UsageAndExit
     exit $EXIT_UNKNOWN_FEATURE

diff --git a/toolbox/github/utils/GitHubFacade.rb b/toolbox/github/utils/GitHubFacade.rb
@@ -13,7 +13,7 @@
 # Loads configuration elements from configuration.rb, writes outputs using FileManager.rb and calls GitHubWrapper.rb for requests
 #
 # Usage: ruby GitHubFacade.rb feature-to-launch
-# where feature-to-launch in: [get-members-2fa-disabled, get-all-members, get-members-without-company, get-projects-without-team, get-users-with-bad-email, get-users-with-bad-fullname, get_not_conform_repositories, get-unconform-projects, get-projects-without-licenses, set-users-permissions-to-push, set-teams-permissions-to-push]
+# where feature-to-launch in: [get-members-2fa-disabled, get-all-members, get-members-without-company, get-projects-without-team, get-users-with-bad-email, get-users-with-bad-fullname, get_not_conform_repositories, get-unconform-projects, get-projects-without-licenses, set-users-permissions-to-push, set-teams-permissions-to-push, set-teams-permissions-to-read]
 #
 # Note that some features need to have Ruby env. varibale set (OCTOKIT_ACCESS_TOKEN), use the Shell wizard to do so.
 # Shell wizard must be prefered than than using this Ruby file.
@@ -51,7 +51,7 @@
 end
 feature_to_run=ARGV[0]
 
-if feature_to_run != "get-members-2fa-disabled" && feature_to_run != "get-all-members" && feature_to_run != "get-members-without-company" && feature_to_run != "get-projects-without-team" && feature_to_run != "get-users-with-bad-email" && feature_to_run != "get-users-with-bad-fullname" && feature_to_run != "get-projects-conformity" && feature_to_run != "get-projects-without-licenses" && feature_to_run != "get-empty-projects" && feature_to_run != "set-users-permissions-to-push" && feature_to_run != "set-teams-permissions-to-push" 
+if feature_to_run != "get-members-2fa-disabled" && feature_to_run != "get-all-members" && feature_to_run != "get-members-without-company" && feature_to_run != "get-projects-without-team" && feature_to_run != "get-users-with-bad-email" && feature_to_run != "get-users-with-bad-fullname" && feature_to_run != "get-projects-conformity" && feature_to_run != "get-projects-without-licenses" && feature_to_run != "get-empty-projects" && feature_to_run != "set-users-permissions-to-push" && feature_to_run != "set-teams-permissions-to-push" && feature_to_run != "set-teams-permissions-to-read"
     Log.error "Unknown feature. Exit now."
     exit $EXIT_UNKNOWN_FEATURE
 end
@@ -265,4 +265,13 @@
     exit $EXIT_OK
 end
 
+# FEATURE: set-teams-permissions-to-read
+# For all projects, change right to 'read' for each team
+if feature_to_run == "set-teams-permissions-to-read"
+    Log.log "Updating all repositories with new permissions for teams..."
+    GitHubWrapper.set_permissions_for_teams(client, $GITHUB_ORGANIZATION_NAME, "pull")
+    Log.log "Task completed! Exits now."
+    exit $EXIT_OK
+end
+
 exit $EXIT_NO_FEATURE_STARTED
diff --git a/toolbox/github/utils/GitHubWrapper.rb b/toolbox/github/utils/GitHubWrapper.rb
@@ -18,7 +18,7 @@
 ##
 # Ruby module providing a quite small and simple wrapper for the GitHub API, here using only the Octokit library.
 # Allows to request the GitHub project to help projects and teams management.
-# Version: 1.1.0
+# Version: 121.0
 #
 # Written with Octokit version 4.20.0
 #
@@ -546,7 +546,7 @@ def self.set_permissions_for_teams(octokit_client, organization_name, permission
             return
         end
         if permission != "push" && permission != "pull" && permission != "admin"
-            Log.warning "Permission #{permission} is not managed. Returns now.s"
+            Log.warning "Permission #{permission} is not managed. Returns now."
             return
         end
         Log.debug "Get all projects of organization '#{organization_name}'..."