blob: b4bfdb23e7ebd798a1eb603e53fabb2d089c2578 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
#!/bin/bash
set -eux
ORGANIZATION="openSUSE-Python"
# cd /home/pymirrors/repos/
cd /home/matej/repos/pymirrors/
ORIG_REPO="$1"
# Argument can be both full URL as well as just owner/reponame string
if [[ "$ORIG_REPO" =~ "http" ]]; then
OR="${ORIG_REPO##*.com/}"
ORIG_REPO="${OR%%.git}"
fi
GH_TMP_DATA=$(mktemp /tmp/gh_data.XXXXXX.json) || exit 1
trap 'rm -f "${GH_TMP_DATA}"' EXIT
DIRNAME="$(basename "${ORIG_REPO}")"
NEW_REPO="${ORGANIZATION}/${DIRNAME}"
# Repository has been already checked out
[ -d "$DIRNAME" ] && exit 0
git clone "https://github.com/${ORIG_REPO}.git"
cd "${DIRNAME}"
# Get credentials
# This is still not sufficiently general: git-credential(1) cannot provide
# anything else than login/password duo, and we need GH personal access
# token.
# PASSWORD=$(echo 'url=https://github.com/${ORIG_REPO}.git'|git credential fill| \
# awk -F= '/password/ { print $2 ; exit }')
# So, I use this directly, but it is not general enough
PASSWORD=$(pass show dev/github.com|awk '/^token:/ {print $2}')
# Fork repository
curl -s -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \
--json "{ \"organization\": \"${ORGANIZATION}\" , \
\"default_branch_only\": \"true\" }" \
"https://api.github.com/repos/${ORIG_REPO}/forks" >"${GH_TMP_DATA}"
# Set defaults of the repository (we have to first switch alerts on, to switch off fixes)
curl -s -X PUT -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \
"https://api.github.com/repos/${NEW_REPO}/vulnerability-alerts"
curl -s -X DELETE -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \
"https://api.github.com/repos/${NEW_REPO}/automated-security-fixes"
curl -s -X DELETE -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \
"https://api.github.com/repos/${NEW_REPO}/vulnerability-alerts"
# Set the main branch protected
# DEF_BRANCH=$(awk -F '"' '/default_branch/ {print $4; exit}' "${GH_TMP_DATA}")
# Somehow doesn't work FIXME
# curl -s -X POST -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${PASSWORD}" \
# "https://api.github.com/repos/${NEW_REPO}/branches/${DEF_BRANCH}/protection/enforce_admins"
# Set remotes correctly
git remote add github \
"$(awk -F '"' '/clone_url/ {print $4 ; exit}' "${GH_TMP_DATA}")"
git remote set-url --push github \
"$(awk -F '"' '/ssh_url/ {print $4 ; exit}' "${GH_TMP_DATA}")"
git remote update
git remote -v
|