Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mozilla/github-org-scripts

Some helper scripts to manage github orgs via API.
https://github.com/mozilla/github-org-scripts

Last synced: 30 days ago
JSON representation

Some helper scripts to manage github orgs via API.

Host: GitHub
URL: https://github.com/mozilla/github-org-scripts
Owner: mozilla
License: mpl-2.0
Created: 2015-01-08T22:48:04.000Z (almost 10 years ago)
Default Branch: main
Last Pushed: 2023-08-02T00:18:21.000Z (over 1 year ago)
Last Synced: 2024-10-02T03:26:37.419Z (about 1 month ago)
Language: Jupyter Notebook
Size: 3.66 MB
Stars: 33
Watchers: 7
Forks: 26
Open Issues: 21
Metadata Files:
- Readme: README.md
- Contributing: contributing.py
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Audit: audit-log/audit-log-export.js

Awesome Lists containing this project

awesome-ospo - github org scripts - Some helper scripts to manage github orgs via API. (GitHub Management)

README

# github org helper scripts

Current minimums: python 3.7; GitHub3.py 1.3.0

***Please use [poetry](https://pypi.org/project/poetry/) to manage virtual environments - `requirements.txt` may be out of date, and does not include development dependencies.***

These are some API helper scripts for sanely managing a github org. For now this is somewhat hardcoded for the mozilla org; no need for it to remain that way though. Many scripts support the `--help` option. That information should be more up to date than information in this document.

## Credentials

Supplying credentials for execution is done by passing a PAT token as the value
of the environment variable `GITHUB_TOKEN` (preferred) or `GITHUB_PAT`.

The recommended way to set `GITHUB_TOKEN` is via cli access to your password
manager. For example, using [pass]:
```bash
GITHUB_TOKEN=$(pass show myPAT) script args
```
[pass]: https://www.passwordstore.org/

## Jupyter Notebooks
### Docker Images

Our Jupyter Notebooks have a farely simple environment as regards dependencies. The recommended way to
deal with this is by using a docker container.

The Makefile contains targets for building and running the docker images. Invoke
`make` without arguments to see those targets

- **NOTE**: the docker image allows credentials to be supplied via [sops].
The environment variable "`SECOPS_SOPS_PATH`" must be set appropriately.

[sops]: https://github.com/mozilla/sops

When started, the docker container will serve notebooks from the `notebooks/`
directory, but they will be available at the top level. Current notebooks include:

- **`User Search.ipynb`** --
Given a set of possible GitHub logins, determine if they might have any
permissions in various organizations. Links are provided for hits, so easy
to examine more closely.

N.B.: Both this script and the GitHub search interface make assumptions. It
is *your* responsibility to ensure any possible match is a valid match.

There is now a section which will search for usernames in any non-documentation source file. The intent is to spot cases where app, login, or other permissions may have been granted via that file. Since such authorization usage is adhoc, there are likely to be many false positives. (However teams may choose to use the list for "cleanup" of unmaintained documents.) Typically, the user will want to supply both ldap and GitHub logins to be the search targets.

## Scripts

Scripts should now work with Python 3. Please open issues for any problems you
encounter.

### auditlog.py
Download audit log for $ORG via headless firefox via selenium
([`geckodriver`][gd_url] must be installed). Credentials as environment
variables, and 2FA token passed as input when requested.

### contributing.py
Analyze all the "sources" repositories (i.e., those that aren't forks) in a github org and list the repositories that do *NOT* have a CONTRIBUTING file.

### get_active_hooks.py
Find all hooks configured for an organization -- see --help for details

### get_org_info.py
Output basic info about an org, more if you have permissions. See --help for details

### manage_invitations.py
Cancel all org & repository invitations older than a specified age (default 2
weeks). See --help for details.

### team_update.py
Update administrative teams so they can be used for the new GitHub discussion
feature. Use the ``--help`` option for more information.

#### hooks.py
Analyzes a list of audit log export files (from the JS script) for hook/service creation/deletion and provides a summary. Use it to show commonly used apps/services/webhooks across the org.

### old_repos.py
Generate a list of empty (should be deleted) repositories as well as untouched repos (might need to be archived).

## BUGS

- Some of these scripts are no longer relevent.

## License
This code is free software and licensed under an MPL-2.0 license. © 2015-2021 Fred Wenzel and others. For more information read the file ``LICENSE``.

[gd_url]: https://github.com/mozilla/geckodriver/releases