{"id":27201043,"url":"https://github.com/katiem0/gh-migrate-rulesets","last_synced_at":"2025-04-09T21:46:21.537Z","repository":{"id":253821384,"uuid":"844623836","full_name":"katiem0/gh-migrate-rulesets","owner":"katiem0","description":"GitHub CLI extension to create and generate a report of repository rulesets for repos and orgs.","archived":false,"fork":false,"pushed_at":"2024-09-03T16:00:01.000Z","size":64,"stargazers_count":3,"open_issues_count":3,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-11-13T13:34:52.512Z","etag":null,"topics":["gh-extension","go","golang","rulesets"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/katiem0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-08-19T16:30:47.000Z","updated_at":"2024-10-09T18:31:04.000Z","dependencies_parsed_at":"2024-08-23T22:34:35.710Z","dependency_job_id":null,"html_url":"https://github.com/katiem0/gh-migrate-rulesets","commit_stats":null,"previous_names":["katiem0/gh-migrate-rulesets"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/katiem0%2Fgh-migrate-rulesets","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/katiem0%2Fgh-migrate-rulesets/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/katiem0%2Fgh-migrate-rulesets/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/katiem0%2Fgh-migrate-rulesets/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/katiem0","download_url":"https://codeload.github.com/katiem0/gh-migrate-rulesets/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248119439,"owners_count":21050754,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gh-extension","go","golang","rulesets"],"created_at":"2025-04-09T21:46:20.829Z","updated_at":"2025-04-09T21:46:21.523Z","avatar_url":"https://github.com/katiem0.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gh-migrate-rulesets\n\nA GitHub `gh` [CLI](https://cli.github.com/) extension to create a report containing repository rulesets for a single repository, list of repositories, and/or organization, as well as create repository rulesets from a file.\n\n\u003e [!NOTE]\n\u003e The authenticated user must be an organization owner and a GitHub Personal Access Token needs the `admin:read` scope at the organization level to use this CLI extension to it's fullest.\n\n## Installation\n\n1. Install the `gh` CLI - see the [installation](https://github.com/cli/cli#installation) instructions.\n\n2. Install the extension:\n   ```sh\n   gh extension install katiem0/gh-migrate-rulesets\n   ```\n\nFor more information: [`gh extension install`](https://cli.github.com/manual/gh_extension_install).\n\n## Usage\n\nThe `gh-migrate-rulesets` extension supports `GitHub.com` and GitHub Enterprise Server, through the use of `--hostname` and the following commands:\n\n```sh\n$ gh migrate-rulesets -h\nList and create repository/organization level rulesets for repositories in an organization.\n\nUsage:\n  migrate-rules [command]\n\nAvailable Commands:\n  create      Create repository rulesets\n  list        Generate a report of rulesets for repositories and/or organization.\n\nFlags:\n  -h, --help   help for migrate-rules\n\nUse \"migrate-rules [command] --help\" for more information about a command.\n```\n\n### List Repository Rulesets\n\nThe `gh migrate-rulesets list` command will create a csv report of repository rulesets for the specified `\u003corganization\u003e` and/or `[repo ..]` list, with the ability to specify the `--host-name` and `--token` associated to a Server instance. If only `\u003corganization\u003e` is provided, all repositories will be used.\n\nTo specify the type of ruleset to list, setting the `--ruleType` flag will either list:\n\n- `all`: Organization level, and repository level rulesets\n- `repoOnly`: Repository level rulesets for list of repos or all repos under `\u003corganization\u003e`\n- `orgOnly`: Organization level rulesets only\n\n```sh\n$ gh migrate-rulesets list -h\nGenerate a report of rulesets for a list of repositories and/or organization.\n\nUsage:\n  migrate-rules list [flags] \u003corganization\u003e [repo ...]\n\nFlags:\n  -d, --debug                To debug logging\n  -h, --help                 help for list\n      --hostname string      GitHub Enterprise Server hostname (default \"github.com\")\n  -o, --output-file string   Name of file to write CSV list to (default \"ruleset-20240819094546.csv\")\n  -r, --ruleType string      List rulesets for a specific application or all: {all|repoOnly|orgOnly} (default \"all\")\n  -t, --token string         GitHub Personal Access Token (default \"gh auth token\")\n```\n\nThe output `csv` file contains the following information:\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eClick to Expand output \u003ccode\u003ecsv\u003c/code\u003e file contents\u003c/b\u003e\u003c/summary\u003e\n\u003ctable\u003e\n\u003ctr\u003e\u003cth\u003eField Name\u003c/th\u003e\u003cth\u003eDescription\u003c/th\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesetLevel\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eIndicates whether the ruleset is at the organization or repository level.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRepositoryName\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eIf repository level ruleset, the name of the repository where the data is extracted from. For Organization rulesets, this is `N/A`.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRuleID\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eUnique identifier for the rule.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesetName\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eName of the ruleset.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eTarget\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eIndicates the type of ruleset, can be `branch`, `tag`, or `push`.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eEnforcement\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eEnforcement level of the ruleset (e.g., `active`, `evaluate`, or `disabled`).\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eBypassActors\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eActors who can bypass the ruleset, specified in the format `ID;Role;Name;Condition`.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eConditionsRefNameInclude\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eArray of `ref` names to include in the ruleset conditions.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eConditionsRefNameExclude\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eArray of `ref` names to exclude from the ruleset conditions.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eConditionsRepoNameInclude\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eArray of repository names to include in the ruleset conditions.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eConditionsRepoNameExclude\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eArray of repository names to exclude from the ruleset conditions.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eConditionsRepoNameProtected\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eIndicates whether renaming of target repositories is prevented.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eConditionRepoPropertyInclude\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eArray of repository properties values to include in the ruleset conditions.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eConditionRepoPropertyExclude\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eArray of repository properties values to exclude from the ruleset conditions.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesCreation\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eOnly allow users with bypass permission to create matching refs.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesUpdate\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eOnly allow users with bypass permissions to delete matching refs.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesDeletion\u003c/code\u003e\u003c/td\u003e\u003ctd\u003ePrevent merge commits from being pushed to matching refs.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesRequiredLinearHistory\u003c/code\u003e\u003c/td\u003e\u003ctd\u003ePrevent merge commits from being pushed to matching refs.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesMergeQueue\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eMerges must be performed via a merge queue. In the format `check_response_timeout_minutes|grouping_strategy|max_entries_to_build|max_entries_to_merge|merge_method|min_entries_to_merge|min_entries_to_merge_wait_minutes`\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesRequiredDeployments\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eChoose which environments must be successfully deployed to before refs can be pushed into a ref that matches this rule. Includes `required_deployment_environments` array.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesRequiredSignatures\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eCommits pushed to matching refs must have verified signatures.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesPullRequest\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eRequire all commits be made to a non-target branch and submitted via a pull request before they can be merged. In the format `dismiss_stale_reviews_on_push|require_code_owner_review|require_last_push_approval|required_approving_review_count|required_review_thread_resolution`\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesRequiredStatusChecks\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eChoose which status checks must pass before the ref is updated. An array of required status check rules, in the format `do_not_enforce_on_create|required_status_checks:{context|integration}|strict_required_status_checks_policy`\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesNonFastForward\u003c/code\u003e\u003c/td\u003e\u003ctd\u003ePrevent users with push access from force pushing to refs.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesCommitMessagePattern\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eIndicates commit message patterns and matching. In the format `Name|Negate|Operator|Pattern`\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesCommitAuthorEmailPattern\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eIndicates commit author email patterns and matching. In the format `Name|Negate|Operator|Pattern`\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesCommitterEmailPattern\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eIndicates committer email patterns and matching. In the format `Name|Negate|Operator|Pattern`\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesBranchNamePattern\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eIndicates branch name patterns and matching. In the format `Name|Negate|Operator|Pattern`\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesTagNamePattern\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eIndicates tag name patterns and matching. In the format `Name|Negate|Operator|Pattern`\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesFilePathRestriction\u003c/code\u003e\u003c/td\u003e\u003ctd\u003ePrevent commits that include changes in specified file paths from being pushed to the commit graph.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesFilePathLength\u003c/code\u003e\u003c/td\u003e\u003ctd\u003ePrevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesFileExtensionRestriction\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eRestrictions on file extensions for the ruleset.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesMaxFileSize\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eMaximum file size allowed to be pushed to the commit.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesWorkflows\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eRequire all changes made to a targeted branch to pass the specified workflows before they can be merged. An array of workflow rules, in the format `do_not_enforce_on_create|workflows:{Path|ref|repository_id|sha}`\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eRulesCodeScanning\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eChoose which tools must provide code scanning results before the reference is updated. An array of code scanning rules in the format `{Tool|SecurityAlertsThreshold|AlertsThreshold}`\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eCreatedAt\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eTimestamp of when the ruleset was created.\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003e\u003ccode\u003eUpdatedAt\u003c/code\u003e\u003c/td\u003e\u003ctd\u003eTimestamp of when the ruleset was last updated.\u003c/td\u003e\u003c/tr\u003e\n\u003c/table\u003e\n\u003c/details\u003e\n   \n### Create Repository Rulesets\n\nRepository Rulesets can be created from a `csv` file using `--from-file` following the format outlined in [`gh-migrate-rulesets list`](#list-repository-rulesets), or specifying the `--source-org` and/or `--repos` to retrieve rulesets from.\n\n\u003e [!WARNING]\n\u003e If your rulesets include the following rules, ensure that the `csv` has been updated to point to the updated information under your organization:\n\u003e\n\u003e - Bypass Actors: Update Actor ID for Teams, Roles, and Integrations\n\u003e - Status Checks: Ensure Context name exists and update Integration ID\n\u003e - Code Scanning: Ensure Tool name exists\n\u003e - Workflows: Update Repository ID to point to the correct repo/workflow\n\u003e - Required Deployments: Ensure deployment names exist for the repository\n\n```sh\n$ gh migrate-rulesets create -h                                                   \nCreate repository rulesets at the repo and/or org level from a file or list.\n\nUsage:\n  migrate-rules create [flags] \u003corganization\u003e\n\nFlags:\n  -d, --debug                    To debug logging\n  -f, --from-file string         Path and Name of CSV file to create rulesets from\n  -h, --help                     help for create\n      --hostname string          GitHub Enterprise Server hostname (default \"github.com\")\n  -R, --repos strings            List of repositories names to recreate rulesets for separated by commas (i.e. repo1,repo2,repo3)\n  -r, --ruleType string          List rulesets for a specific application or all: {all|repoOnly|orgOnly} (default \"all\")\n      --source-hostname string   GitHub Enterprise Server hostname where rulesets are copied from (default \"github.com\")\n  -s, --source-org string        Name of the Source Organization to copy rulesets from\n  -p, --source-pat string        GitHub personal access token for Source Organization (default \"gh auth token\")\n  -t, --token string             GitHub personal access token for organization to write to (default \"gh auth token\")\n```\n\nIf specifying `--source-org` and/or `--repos`, the CLI extension will attempt to map the object based on name to the new ID under the target organization:\n\n- Bypass Actors\n  - Teams\n  - Custom Repository Roles\n  - Integrations\n- Status Checks\n  - Context\n- Required Workflow\n  - Repository\n\n\n\u003e [!NOTE]\n\u003e If a ruleset fails to be created, a ruleset's Source, Name, and Error will be written to a `csv` file in the current directory with the name format `\u003corg\u003e-ruleset-errors-\u003cdate\u003e.csv`.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkatiem0%2Fgh-migrate-rulesets","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkatiem0%2Fgh-migrate-rulesets","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkatiem0%2Fgh-migrate-rulesets/lists"}