Last active
November 19, 2024 19:02
-
-
Save wgarunap/08001737694d8ce7a494929cdda54b54 to your computer and use it in GitHub Desktop.
Script to Automate GitHub Repository Updates and Pull Requests - This shell script will open draft PR's for all the repositories mentioned in the repos.txt and replace all the snyk --severity-threshold with github actions variable
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/wgarunap/some-repo.git | |
| https://github.com/wgarunap/some-repo-2.git |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Install and authenticate github cli | |
| # to login run "gh auth login" | |
| # Input: File containing a list of GitHub repository URLs (one per line) | |
| REPO_LIST_FILE="repos.txt" | |
| FAILED_REPOS_FILE="failed_repos.txt" | |
| # Clear the failed repos log file | |
| > "$FAILED_REPOS_FILE" | |
| # Check if input file exists | |
| if [[ ! -f $REPO_LIST_FILE ]]; then | |
| echo "Repository list file '$REPO_LIST_FILE' not found!" | |
| exit 1 | |
| fi | |
| # Loop through each repository in the list | |
| while IFS= read -r REPO_URL; do | |
| # Extract repo name | |
| REPO_NAME=$(basename -s .git "$REPO_URL") | |
| echo "Processing repository: $REPO_URL" | |
| # Clone the repository if it doesn't exist | |
| if [[ ! -d "$REPO_NAME" ]]; then | |
| echo "Cloning $REPO_URL..." | |
| if ! git clone "$REPO_URL"; then | |
| echo "Failed to clone $REPO_URL" | |
| echo "$REPO_URL" >> "$FAILED_REPOS_FILE" | |
| continue | |
| fi | |
| fi | |
| # Navigate to the repository directory | |
| cd "$REPO_NAME" || { echo "Failed to enter $REPO_NAME"; echo "$REPO_URL" >> "$FAILED_REPOS_FILE"; continue; } | |
| # Determine the default branch dynamically | |
| DEFAULT_BRANCH=$(git symbolic-ref refs/remotes/origin/HEAD | sed 's@^refs/remotes/origin/@@') | |
| if [[ -z "$DEFAULT_BRANCH" ]]; then | |
| echo "Failed to determine the default branch in $REPO_NAME" | |
| echo "$REPO_URL" >> "$FAILED_REPOS_FILE" | |
| cd .. | |
| continue | |
| fi | |
| # Checkout the default branch | |
| if ! git checkout "$DEFAULT_BRANCH"; then | |
| echo "Failed to checkout default branch ($DEFAULT_BRANCH) in $REPO_NAME" | |
| echo "$REPO_URL" >> "$FAILED_REPOS_FILE" | |
| cd .. | |
| continue | |
| fi | |
| # Stash changes, fetch updates, and pull latest code | |
| git stash --quiet | |
| if ! git fetch --quiet; then | |
| echo "Failed to fetch updates in $REPO_NAME" | |
| echo "$REPO_URL" >> "$FAILED_REPOS_FILE" | |
| cd .. | |
| continue | |
| fi | |
| if ! git pull --quiet; then | |
| echo "Failed to pull latest changes in $REPO_NAME" | |
| echo "$REPO_URL" >> "$FAILED_REPOS_FILE" | |
| cd .. | |
| continue | |
| fi | |
| # Define the branch name | |
| NEW_BRANCH="snyk-severity-config-script-branch" | |
| # Delete the branch locally and remotely if it already exists | |
| if git show-ref --verify --quiet "refs/heads/$NEW_BRANCH"; then | |
| echo "Branch $NEW_BRANCH exists locally. Deleting..." | |
| git branch -D "$NEW_BRANCH" | |
| fi | |
| if git ls-remote --heads origin "$NEW_BRANCH" | grep -q "$NEW_BRANCH"; then | |
| echo "Branch $NEW_BRANCH exists remotely. Deleting..." | |
| git push origin --delete "$NEW_BRANCH" | |
| fi | |
| # Create and checkout the new branch | |
| if ! git checkout -b "$NEW_BRANCH"; then | |
| echo "Failed to create branch $NEW_BRANCH in $REPO_NAME" | |
| echo "$REPO_URL" >> "$FAILED_REPOS_FILE" | |
| cd .. | |
| continue | |
| fi | |
| # Search and replace strings in .github folder and subfolders | |
| if [[ -d .github ]]; then | |
| find .github -type f \( -name '*.yaml' -o -name '*.yml' -o -name '*.json' \) | while read -r file; do | |
| sed -i '' 's/--severity-threshold=high/--severity-threshold=${{ vars.SNYK_SEVERITY }}/g; | |
| s/--severity-threshold=medium/--severity-threshold=${{ vars.SNYK_SEVERITY }}/g' "$file" | |
| done | |
| echo "Updated severity threshold in .github folder and subfolders for $REPO_NAME" | |
| else | |
| echo "No .github folder in $REPO_NAME. Skipping replacement." | |
| continue | |
| fi | |
| # Check if changes exist | |
| if git diff --quiet; then | |
| echo "No changes to commit in $REPO_NAME" | |
| cd .. | |
| continue | |
| fi | |
| # Commit changes | |
| if ! git add .github || ! git commit -m "chore: sync severity GitHub Action config added"; then | |
| echo "Failed to commit changes in $REPO_NAME" | |
| echo "$REPO_URL" >> "$FAILED_REPOS_FILE" | |
| cd .. | |
| continue | |
| fi | |
| # Push changes to new branch | |
| if ! git push -u origin "$NEW_BRANCH"; then | |
| echo "Failed to push branch $NEW_BRANCH in $REPO_NAME" | |
| echo "$REPO_URL" >> "$FAILED_REPOS_FILE" | |
| cd .. | |
| continue | |
| fi | |
| # Create a pull request using GitHub CLI | |
| if ! gh pr create --title "chore: sync severity GitHub Action config added" \ | |
| --body "This PR updates the severity threshold configuration for GitHub Actions." \ | |
| --draft; then | |
| echo "Failed to create PR for $REPO_NAME" | |
| echo "$REPO_URL" >> "$FAILED_REPOS_FILE" | |
| cd .. | |
| continue | |
| fi | |
| echo "Successfully processed $REPO_NAME" | |
| # Checkout default branch | |
| git checkout "$DEFAULT_BRANCH" | |
| # Return to the parent directory | |
| cd .. | |
| done < "$REPO_LIST_FILE" | |
| echo "Script completed! Failed repositories are listed in '$FAILED_REPOS_FILE'." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment