settings #136
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: settings | |
| on: | |
| push: | |
| branches: [main] | |
| schedule: | |
| - cron: '0 10 * * *' | |
| jobs: | |
| github: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Setup jq | |
| uses: dcarbone/[email protected] | |
| - name: Obtain a GitHub App Installation Access Token | |
| id: githubAppAuth | |
| run: | | |
| TOKEN="$(npx obtain-github-app-installation-access-token ci ${{ secrets.GH_APP_CREDENTIALS_TOKEN }})" | |
| echo token=${TOKEN} >> $GITHUB_OUTPUT | |
| - name: Get API | |
| id: api | |
| run: | | |
| echo repos=$(jq -e '.repos| del(.topics)' ${SETTINGS} >/dev/null; echo $?) >> $GITHUB_OUTPUT | |
| echo collaborators=$(jq -e '.collaborators' ${SETTINGS} >/dev/null; echo $?) >> $GITHUB_OUTPUT | |
| echo branches=$(jq -e '.branches' ${SETTINGS} >/dev/null; echo $?) >> $GITHUB_OUTPUT | |
| env: | |
| SETTINGS: .github/settings.json | |
| # needs administration permission on repository | |
| - name: Add repository Settings | |
| if: (steps.api.outputs.repos != 1) | |
| run: | | |
| DATA=$(jq '.repos| del(.topics)' ${SETTINGS}) | |
| DATA_TOPICS=$(jq '.repos.topics' ${SETTINGS}) | |
| curl -X PATCH -H 'Accept: application/vnd.github+json' -H "Authorization: Bearer ${GITHUB_TOKEN}" --url "https://api.github.com/repos/${{ github.repository }}" -d "${DATA}" | |
| curl -X PUT -H 'Accept: application/vnd.github+json' -H "Authorization: Bearer ${GITHUB_TOKEN}" --url "https://api.github.com/repos/${{ github.repository }}/topics" -d "${DATA_TOPICS}" | |
| env: | |
| GITHUB_TOKEN: ${{ steps.githubAppAuth.outputs.token }} | |
| SETTINGS: .github/settings.json | |
| - name: Add repository Collaborators | |
| if: (steps.api.outputs.collaborators != 1) | |
| run: | | |
| DATA=$(jq -e '.collaborators | to_entries | .[] | "\(.key).\(.value)"' ${SETTINGS} | tr -d '"') | |
| for COLLABORATOR in ${DATA}; do curl -X PUT -H 'Accept: application/vnd.github+json' -H "Authorization: Bearer ${GITHUB_TOKEN}" --url "https://api.github.com/repos/${{ github.repository }}/collaborators/$(echo ${COLLABORATOR} | cut -d '.' -f1)" -d '{"permission":"$(echo ${COLLABORATOR} | cut -d '.' -f2)"}'; done | |
| env: | |
| GITHUB_TOKEN: ${{ steps.githubAppAuth.outputs.token }} | |
| SETTINGS: .github/settings.json | |
| - name: Add repository branches Protection | |
| if: (steps.api.outputs.branches != 1) | |
| run: | | |
| DATA=$(jq -e '.branches | to_entries | .[] | "\(.key).\(.value)"' ${SETTINGS}) | |
| for BRANCH_DATA in ${DATA}; do BRANCH=$(echo ${BRANCH_DATA} | cut -d '.' -f1) && JSON_DATA=$(echo ${BRANCH_DATA//\\} | cut -d '.' -f2) && curl -X PUT -H 'Accept: application/vnd.github+json' -H "Authorization: Bearer ${GITHUB_TOKEN}" --url "https://api.github.com/repos/${{ github.repository }}/branches/${BRANCH:1}/protection" -d "${JSON_DATA:0:-1}"; done | |
| env: | |
| GITHUB_TOKEN: ${{ steps.githubAppAuth.outputs.token }} | |
| SETTINGS: .github/settings.json |