|
| 1 | +name: 'Read Custom Properties' |
| 2 | +description: 'Read all the custom properties and values of all repos in an organization' |
| 3 | +author: 'Andrew Brandt <[email protected]>' |
| 4 | +organization: 'PandasWhoCode' |
| 5 | +branding: |
| 6 | + icon: 'check-circle' |
| 7 | + color: 'black' |
| 8 | + |
| 9 | +inputs: |
| 10 | + token: |
| 11 | + description: 'Personal Access Token' |
| 12 | + required: true |
| 13 | + overwrite-existing-file: |
| 14 | + description: 'Overwrite existing repo-properties.yaml with read values' |
| 15 | + type: boolean |
| 16 | + default: false |
| 17 | + required: false |
| 18 | + dry-run-enabled: |
| 19 | + description: 'Dry run the script' |
| 20 | + type: boolean |
| 21 | + default: false |
| 22 | + required: false |
| 23 | + commit-author-name: |
| 24 | + description: 'Author of commit name:' |
| 25 | + required: true |
| 26 | + commit-author-email: |
| 27 | + description: 'Author of commit email address:' |
| 28 | + required: true |
| 29 | + commit-author-gpg-key-contents: |
| 30 | + description: 'GPG Key Contents' |
| 31 | + required: true |
| 32 | + commit-author-gpg-key-passphrase: |
| 33 | + description: 'GPG Key Passphrase' |
| 34 | + required: true |
| 35 | + |
| 36 | +runs: |
| 37 | + using: "composite" |
| 38 | + steps: |
| 39 | + - name: Install yq (mikefarah's version) |
| 40 | + shell: bash |
| 41 | + run: | |
| 42 | + sudo wget --quiet https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq |
| 43 | + sudo chmod +x /usr/bin/yq |
| 44 | + yq --version # confirm installed |
| 45 | +
|
| 46 | + - name: List all repos in org |
| 47 | + shell: bash |
| 48 | + env: |
| 49 | + GH_TOKEN: ${{ inputs.token }} |
| 50 | + run: | |
| 51 | + ORG_NAME=$(echo "$GITHUB_REPOSITORY" | cut -d'/' -f1) |
| 52 | + echo "Org name is: ${ORG_NAME}" |
| 53 | + echo "${ORG_NAME}" > org-name.txt |
| 54 | + echo "Fetching repos for organization: ${{ inputs.org }}" |
| 55 | + gh api --paginate "orgs/$ORG_NAME/repos" --jq '.[].name' > repo-list.txt |
| 56 | + echo "Repos written to repo-list.txt" |
| 57 | +
|
| 58 | + - name: Extract property names into a JSON file |
| 59 | + shell: bash |
| 60 | + env: |
| 61 | + GH_TOKEN: ${{ inputs.token }} |
| 62 | + run: | |
| 63 | + ORG=$(cat org-name.txt) |
| 64 | + echo "Fetching property schema for org: $ORG" |
| 65 | + gh api --paginate "orgs/$ORG/properties/schema" | jq 'map(.property_name)' > property-names.json |
| 66 | + echo "Property names written to property-names.json" |
| 67 | +
|
| 68 | + - name: Fetch custom properties for each repo |
| 69 | + shell: bash |
| 70 | + env: |
| 71 | + GH_TOKEN: ${{ inputs.token }} |
| 72 | + run: | |
| 73 | + ORG_NAME="${GITHUB_REPOSITORY%%/*}" |
| 74 | + echo "Fetching custom properties for repos in org: ${ORG_NAME}" |
| 75 | + |
| 76 | + echo "{" > read-repo-properties.json |
| 77 | + FIRST=1 |
| 78 | + while IFS= read -r REPO_NAME; do |
| 79 | + echo "Getting properties for ${REPO_NAME}..." |
| 80 | + RESPONSE=$(gh api "repos/${ORG_NAME}/${REPO_NAME}/properties/values" || echo "{}") |
| 81 | + |
| 82 | + # If not the first, prepend a comma to separate JSON entries |
| 83 | + if [ "$FIRST" -eq 0 ]; then |
| 84 | + echo "," >> read-repo-properties.json |
| 85 | + fi |
| 86 | + FIRST=0 |
| 87 | + |
| 88 | + # Output as "repo-name": { ...props... } |
| 89 | + echo "\"${REPO_NAME}\": $RESPONSE" >> read-repo-properties.json |
| 90 | + done < repo-list.txt |
| 91 | + echo "}" >> read-repo-properties.json |
| 92 | + |
| 93 | + echo "Custom properties written to read-repo-properties.json" |
| 94 | +
|
| 95 | + - name: Convert repo properties to YAML using template |
| 96 | + shell: bash |
| 97 | + run: | |
| 98 | + ORG_NAME=$(cat org-name.txt) |
| 99 | +
|
| 100 | + TEMPLATE=$(cat property-names.json) |
| 101 | +
|
| 102 | + { |
| 103 | + echo "org: $ORG_NAME" |
| 104 | + echo "repositories:" |
| 105 | + jq -r --argjson fields "$TEMPLATE" ' |
| 106 | + to_entries[] | |
| 107 | + .key as $repoName | |
| 108 | + .value as $props | |
| 109 | + ( |
| 110 | + " - name: \($repoName)\n" + |
| 111 | + ( |
| 112 | + $fields |
| 113 | + | map( |
| 114 | + . as $key | |
| 115 | + ( |
| 116 | + ($props | map({(.property_name): .value}) | add)[$key] // "" |
| 117 | + | " \($key): \"\(.)\"" |
| 118 | + ) |
| 119 | + ) |
| 120 | + | join("\n") |
| 121 | + ) |
| 122 | + ) |
| 123 | + ' read-repo-properties.json |
| 124 | + } > read-repo-properties.yaml |
| 125 | +
|
| 126 | + echo "YAML written to read-repo-properties.yaml" |
| 127 | +
|
| 128 | + - name: Print out the read-repo-properties.yaml |
| 129 | + shell: bash |
| 130 | + run: | |
| 131 | + echo "" |
| 132 | + echo "Full read-repo-properties.yaml file is:" |
| 133 | + cat read-repo-properties.yaml |
| 134 | + echo "" |
| 135 | +
|
| 136 | + - name: Overwrite existing file (if applicable) |
| 137 | + if: ${{ inputs.overwrite-existing-file == 'true' }} |
| 138 | + shell: bash |
| 139 | + run: | |
| 140 | + echo "Overwriting existing repo-properties.yaml" |
| 141 | + mv read-repo-properties.yaml repo-properties.yaml |
| 142 | + echo "Overwrite complete" |
| 143 | +
|
| 144 | + - name: Commit values to repo-properties.yaml |
| 145 | + if: ${{ inputs.dry-run-enabled != 'true' }} |
| 146 | + shell: bash |
| 147 | + env: |
| 148 | + GPG_PRIVATE_KEY: ${{ inputs.commit-author-gpg-key-contents }} |
| 149 | + GPG_PASSPHRASE: ${{ inputs.commit-author-gpg-key-passphrase }} |
| 150 | + run: | |
| 151 | + # Import GPG key |
| 152 | + echo "${GPG_PRIVATE_KEY}" | gpg --batch --import |
| 153 | + |
| 154 | + # Get key ID |
| 155 | + KEY_ID=$(gpg --list-secret-keys --with-colons | awk -F: '/^sec/{print $5}' | head -n1) |
| 156 | + |
| 157 | + # Trust the key |
| 158 | + echo -e "5\ny\n" | gpg --batch --yes --command-fd 0 --edit-key "$KEY_ID" trust |
| 159 | + |
| 160 | + # Configure GPG for non-interactive use |
| 161 | + mkdir -p ~/.gnupg |
| 162 | + echo "use-agent" >> ~/.gnupg/gpg.conf |
| 163 | + echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf |
| 164 | + echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf |
| 165 | + echo RELOADAGENT | gpg-connect-agent |
| 166 | + export GPG_TTY=$(tty) |
| 167 | + |
| 168 | + # Configure Git |
| 169 | + git config --global user.name "${{ inputs.commit-author-name }}" |
| 170 | + git config --global user.email "${{ inputs.commit-author-email }}" |
| 171 | + git config --global commit.gpgsign true |
| 172 | + git config --global user.signingkey "${KEY_ID}" |
| 173 | + git config --global gpg.program gpg |
| 174 | + |
| 175 | + # Set passphrase environment variable for Git GPG signing |
| 176 | + export GIT_COMMITTER_NAME="${{ inputs.commit-author-name }}" |
| 177 | + export GIT_COMMITTER_EMAIL="${{ inputs.commit-author-email }}" |
| 178 | + export GPG_TTY=$(tty) |
| 179 | + |
| 180 | + # Create the commit (sign with loopback) |
| 181 | + echo "${GPG_PASSPHRASE}" | \ |
| 182 | + gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback \ |
| 183 | + --local-user "${KEY_ID}" \ |
| 184 | + --output /dev/null --sign - 2>/dev/null |
| 185 | + |
| 186 | + git add repo-properties.yaml |
| 187 | + git commit -sS -m "chore: commit repo custom properties to properties file" || echo "Nothing to commit" |
| 188 | + git push |
0 commit comments