Last active
December 19, 2024 19:26
-
-
Save yatharthranjan/ace159f2bfd38e6a5afd43a17c64ce54 to your computer and use it in GitHub Desktop.
A bash script for updating permissions of all the outside collaborators (not organisation members) to read for all public repositories in an organisation and remove them in case of private repositories.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Ask for GitHub organization name | |
| read -p "Enter GitHub organization name: " org | |
| # Ask for GitHub token | |
| read -sp "Enter GitHub token: " token | |
| echo | |
| # Set the number of repositories to fetch per page | |
| per_page=100 | |
| # Get all repositories in the organization | |
| repos=$(hub api "orgs/$org/repos?per_page=$per_page" -H "Authorization: token $token" | jq -r '.[].name') | |
| # organization_members=$(hub api "orgs/$org/members?per_page=$per_page" -H "Authorization: token $token" | jq -r '.[].login') | |
| # Loop through each repository | |
| for repo in $repos; do | |
| echo "Repository: $repo" | |
| # Get all outside collaborators for the repository | |
| collaborators=$(hub api "repos/$org/$repo/collaborators?per_page=$per_page&affiliation=outside" -H "Authorization: token $token" | jq -r '.[].login') | |
| # echo "Collaborators: $collaborators" | |
| # Loop through each collaborator | |
| for collaborator in $collaborators; do | |
| # Get initial permissions for the collaborator | |
| initial_permissions=$(hub api "repos/$org/$repo/collaborators/$collaborator/permission" -H "Authorization: token $token" | jq -r '.permission') | |
| # Check if the repository is public and not archived | |
| repo_info=$(hub api "repos/$org/$repo" -H "Authorization: token $token") | |
| is_public=$(echo "$repo_info" | jq -r '.private') | |
| is_archived=$(echo "$repo_info" | jq -r '.archived') | |
| if [ "$is_archived" == "true" ]; then | |
| # Remove permissions for archived repositories | |
| hub api -X DELETE "repos/$org/$repo/collaborators/$collaborator" -H "Authorization: token $token" | |
| echo "Removed permissions for $collaborator on archived repo $repo" | |
| continue | |
| fi | |
| if [ "$is_public" == "false" ]; then | |
| if [ "$initial_permissions" != "read" ]; then | |
| # Change permissions to read for public repositories | |
| hub api -X PUT "repos/$org/$repo/collaborators/$collaborator" -H "Authorization: token $token" -f permission=read | |
| echo "Changed permissions to read for $collaborator on $repo" | |
| # else | |
| # echo "Permissions for $collaborator on $repo are already read" | |
| fi | |
| else | |
| # Remove permissions for private repositories | |
| hub api -X DELETE "repos/$org/$repo/collaborators/$collaborator" -H "Authorization: token $token" | |
| echo "Removed permissions for $collaborator on $repo" | |
| fi | |
| done | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Update Permissions for All Outside Collaborators
This script updates the permissions for all outside collaborators in a GitHub organization. It changes their permissions for all public repositories to read and removes any permissions they have on private repositories.
Prerequisites
You can install
hubandjqusing Homebrew:Usage
Clone the repository or download the script.
Make the script executable:
Script Details
The script performs the following steps:
Notes
Example
$ ./update-permissions-all-collaborators.sh
Enter GitHub organization name: my-org
Enter GitHub token: ***************
Updating permissions for repo1
Collaborators: user1 user2
Initial permissions for user1 on repo1: write
Changed permissions to read for user1 on repo1
Initial permissions for user2 on repo1: read
Permissions for user2 on repo1 are already read
...