aboutsummaryrefslogblamecommitdiffstats
path: root/gh-clone.sh
blob: 04c3f3d66119d1029938594d50059994a8a60bfc (plain) (tree) 
484d7e5

7a21420


484d7e5

7a21420




7886d6d






7a21420


484d7e5

7886d6d






7a21420

484d7e5

7886d6d

484d7e5

c8464d1

ce071d4







c8464d1



7886d6d


7a21420

c8464d1
















7a21420




484d7e5


1

2
3

4

5
6
7
8

9
10
11
12
13
14

15
16

17

18
19
20
21
22
23

24

25

26

27

28

29
30
31
32
33
34
35

36
37
38

39
40

41

42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

58
59
60
61

62
63

           

        
                              



                         





                                                                     

                                                        
 





                                         
                                               
 
               
 
                 






                                                                                  


                                                                                         

                                                        
                                                                       















                                                                                                   



                                                                    

                 
#!/bin/bash
set -eux

ORGANIZATION="openSUSE-Python"
cd /home/pymirrors/repos/

ORIG_REPO="$1"

# Argument can be both full URL as well as just owner/reponame string
if [[ "$ORIG_REPO" =~ "http" ]]; then
    OR="${ORIG_REPO##*.com/}"
    ORIG_REPO="${OR%%.git}"
fi

GH_TMP_DATA=$(mktemp /tmp/gh_data.XXXXXX.json) || exit 1
trap 'rm -f "${GH_TMP_DATA}"' EXIT

DIRNAME="$(basename "${ORIG_REPO}")"
NEW_REPO="${ORGANIZATION}/${DIRNAME}"

# Repository has been already checked out
[ -d "$DIRNAME" ] && exit 0

git clone "https://github.com/${ORIG_REPO}.git"

cd "${DIRNAME}"

# Get credentials
# This is still not sufficiently general: git-credential(1) cannot provide
# anything else than login/password duo, and we need GH personal access
# token.
# PASSWORD=$(echo 'url=https://github.com/${ORIG_REPO}.git'|git credential fill| \
#    awk -F= '/password/ { print $2 ; exit }')
# So, I use this directly, but it is not general enough
PASSWORD=$(pass show dev/github.com|awk '/^token:/ {print $2}')

# Fork repository
curl -s -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \
     --json "{ \"organization\": \"${ORGANIZATION}\" , \
               \"default_branch_only\": \"true\" }" \
    "https://api.github.com/repos/${ORIG_REPO}/forks" >"${GH_TMP_DATA}"

# Set defaults of the repository (we have to first switch alerts on, to switch off fixes)
curl -s -X PUT -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \
    "https://api.github.com/repos/${NEW_REPO}/vulnerability-alerts"
curl -s -X DELETE -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \
    "https://api.github.com/repos/${NEW_REPO}/automated-security-fixes"
curl -s -X DELETE -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \
    "https://api.github.com/repos/${NEW_REPO}/vulnerability-alerts"

# Set the main branch protected
# DEF_BRANCH=$(awk -F '"' '/default_branch/ {print $4; exit}' "${GH_TMP_DATA}")
# Somehow doesn't work FIXME
# curl -s -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \
#     "https://api.github.com/repos/${NEW_REPO}/branches/${DEF_BRANCH}/protection/enforce_admins"

# Set remotes correctly
git remote add github \
    "$(awk -F '"' '/clone_url/ {print $4 ; exit}' "${GH_TMP_DATA}")"
git remote set-url --push github \
    "$(awk -F '"' '/ssh_url/ {print $4 ; exit}' "${GH_TMP_DATA}")"
git remote update
git remote -v
generated by cgit (git 2.34.1) at 2024-09-16 19:45:09 +0000