diff options
| -rwxr-xr-x | gh-clone.sh | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/gh-clone.sh b/gh-clone.sh new file mode 100755 index 0000000..04c3f3d --- /dev/null +++ b/gh-clone.sh @@ -0,0 +1,63 @@ +#!/bin/bash +set -eux + +ORGANIZATION="openSUSE-Python" +cd /home/pymirrors/repos/ + +ORIG_REPO="$1" + +# Argument can be both full URL as well as just owner/reponame string +if [[ "$ORIG_REPO" =~ "http" ]]; then + OR="${ORIG_REPO##*.com/}" + ORIG_REPO="${OR%%.git}" +fi + +GH_TMP_DATA=$(mktemp /tmp/gh_data.XXXXXX.json) || exit 1 +trap 'rm -f "${GH_TMP_DATA}"' EXIT + +DIRNAME="$(basename "${ORIG_REPO}")" +NEW_REPO="${ORGANIZATION}/${DIRNAME}" + +# Repository has been already checked out +[ -d "$DIRNAME" ] && exit 0 + +git clone "https://github.com/${ORIG_REPO}.git" + +cd "${DIRNAME}" + +# Get credentials +# This is still not sufficiently general: git-credential(1) cannot provide +# anything else than login/password duo, and we need GH personal access +# token. +# PASSWORD=$(echo 'url=https://github.com/${ORIG_REPO}.git'|git credential fill| \ +# awk -F= '/password/ { print $2 ; exit }') +# So, I use this directly, but it is not general enough +PASSWORD=$(pass show dev/github.com|awk '/^token:/ {print $2}') + +# Fork repository +curl -s -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \ + --json "{ \"organization\": \"${ORGANIZATION}\" , \ + \"default_branch_only\": \"true\" }" \ + "https://api.github.com/repos/${ORIG_REPO}/forks" >"${GH_TMP_DATA}" + +# Set defaults of the repository (we have to first switch alerts on, to switch off fixes) +curl -s -X PUT -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \ + "https://api.github.com/repos/${NEW_REPO}/vulnerability-alerts" +curl -s -X DELETE -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \ + "https://api.github.com/repos/${NEW_REPO}/automated-security-fixes" +curl -s -X DELETE -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \ + "https://api.github.com/repos/${NEW_REPO}/vulnerability-alerts" + +# Set the main branch protected +# DEF_BRANCH=$(awk -F '"' '/default_branch/ {print $4; exit}' "${GH_TMP_DATA}") +# Somehow doesn't work FIXME +# curl -s -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \ +# "https://api.github.com/repos/${NEW_REPO}/branches/${DEF_BRANCH}/protection/enforce_admins" + +# Set remotes correctly +git remote add github \ + "$(awk -F '"' '/clone_url/ {print $4 ; exit}' "${GH_TMP_DATA}")" +git remote set-url --push github \ + "$(awk -F '"' '/ssh_url/ {print $4 ; exit}' "${GH_TMP_DATA}")" +git remote update +git remote -v |