Skip to content

Commit 5568ead

Browse files
zkoppertzkoppert
authored
Merge pull request #242 from github/filter-by-team
feat: filter repos by team ownership
2 parents 07c314f + 1d94cf6 commit 5568ead

File tree

5 files changed

+167
-12
lines changed

5 files changed

+167
-12
lines changed

README.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/github/evergreen/badge)](https://scorecard.dev/viewer/?uri=github.com/github/evergreen)
77
[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9523/badge)](https://www.bestpractices.dev/projects/9523)
88

9-
This is a GitHub Action that given an organization or specified repositories, opens an issue/PR if dependabot is not enabled, or there are more package ecosystems that could be. It also enables [automated security updates](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#managing-dependabot-security-updates-for-your-repositories) for the repository.
9+
This is a GitHub Action that given an organization, team, or specified repositories, opens an issue/PR if dependabot is not enabled, or there are more package ecosystems that could be. It also enables [automated security updates](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#managing-dependabot-security-updates-for-your-repositories) for the repository.
1010

1111
This action was developed by the GitHub OSPO for our own use and developed in a way that we could open source it that it might be useful to you as well! If you want to know more about how we use it, reach out in an issue in this repository.
1212

@@ -28,7 +28,7 @@ All feedback regarding our GitHub Actions, as a whole, should be communicated th
2828
1. Create a repository to host this GitHub Action or select an existing repository.
2929
1. Select a best fit workflow file from the [examples below](#example-workflows).
3030
1. Copy that example into your repository (from step 1) and into the proper directory for GitHub Actions: `.github/workflows/` directory with the file extension `.yml` (ie. `.github/workflows/evergreen.yml`)
31-
1. Edit the values (`ORGANIZATION`, `REPOSITORY`, `EXEMPT_REPOS`, `TYPE`, `TITLE`, `BODY`) from the sample workflow with your information. If running on a whole organization then no repository is needed. If running the action on just one repository or a list of repositories, then no organization is needed. The type should be either `issue` or `pull` representing the action that you want taken after discovering a repository that should enable dependabot.
31+
1. Edit the values (`ORGANIZATION`, `TEAM_NAME`, `REPOSITORY`, `EXEMPT_REPOS`, `TYPE`, `TITLE`, `BODY`) from the sample workflow with your information. If running on a whole organization then no repository is needed. If running the action on just one repository or a list of repositories, then no organization is needed. If running the action on a team, then an organization is required and no repository is needed. The type should be either `issue` or `pull` representing the action that you want taken after discovering a repository that should enable dependabot.
3232
1. Optionally, edit the value (`CREATED_AFTER_DATE`) if you are setting up this action to run regularly and only want newly created repositories to be considered. Otherwise, if you want all specified repositories regardless of when they were created to be considered, then leave blank.
3333
1. Optionally edit the value (`UPDATE_EXISTING`) if you want to update existing dependabot configuration files. If set to `true`, the action will update the existing dependabot configuration file with any package ecosystems that are detected but not configured yet. If set to `false`, the action will only create a new dependabot configuration file if there is not an existing one. The default value is `false`.
3434
1. Also edit the value for `GH_ENTERPRISE_URL` if you are using a GitHub Server and not using github.com. For github.com users, don't put anything in here.
@@ -65,6 +65,7 @@ This action can be configured to authenticate with GitHub App Installation or Pe
6565
| -------------------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
6666
| `GH_ENTERPRISE_URL` | False | "" | The `GH_ENTERPRISE_URL` is used to connect to an enterprise server instance of GitHub. github.com users should not enter anything here. |
6767
| `ORGANIZATION` | Required to have `ORGANIZATION` or `REPOSITORY` | | The name of the GitHub organization which you want this action to work from. ie. github.com/github would be `github` |
68+
| `TEAM_NAME` | Requires `ORGANIZATION` | | The name of the organization's team which you want this action to work from. ie. For a team like github/engineering would be `engineering` |
6869
| `REPOSITORY` | Required to have `ORGANIZATION` or `REPOSITORY` | | The name of the repository and organization which you want this action to work from. ie. `github/evergreen` or a comma separated list of multiple repositories `github/evergreen,super-linter/super-linter` |
6970
| `EXEMPT_REPOS` | False | "" | These repositories will be exempt from this action considering them for dependabot enablement. ex: If my org is set to `github` then I might want to exempt a few of the repos but get the rest by setting `EXEMPT_REPOS` to `github/evergreen,github/contributors` |
7071
| `TYPE` | False | pull | Type refers to the type of action you want taken if this workflow determines that dependabot could be enabled. Valid values are `pull` or `issue`. |

env.py

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -117,6 +117,7 @@ def get_env_vars(
117117
dict,
118118
str,
119119
str,
120+
str | None,
120121
list[str],
121122
]:
122123
"""
@@ -149,6 +150,7 @@ def get_env_vars(
149150
repo_specific_exemptions (dict): A dictionary of per repository ecosystem exemptions
150151
schedule (str): The schedule to run the action on
151152
schedule_day (str): The day of the week to run the action on if schedule is daily
153+
team_name (str): The team to search for repositories in
152154
labels (list[str]): A list of labels to be added to dependabot configuration
153155
"""
154156

@@ -159,15 +161,16 @@ def get_env_vars(
159161

160162
organization = os.getenv("ORGANIZATION")
161163
repositories_str = os.getenv("REPOSITORY")
164+
team_name = os.getenv("TEAM_NAME")
162165
# Either organization or repository must be set
163166
if not organization and not repositories_str:
164167
raise ValueError(
165168
"ORGANIZATION and REPOSITORY environment variables were not set. Please set one"
166169
)
167-
168-
if repositories_str and repositories_str.find("/") == 0:
170+
# Team name and repository are mutually exclusive
171+
if repositories_str and team_name:
169172
raise ValueError(
170-
"REPOSITORY environment variable was not set correctly. Please set it to a comma separated list of repositories in the format org/repo"
173+
"TEAM_NAME environment variable cannot be used with REPOSITORY"
171174
)
172175

173176
# Separate repositories_str into a list based on the comma separator
@@ -356,5 +359,6 @@ def get_env_vars(
356359
repo_specific_exemptions,
357360
schedule,
358361
schedule_day,
362+
team_name,
359363
labels_list,
360364
)

evergreen.py

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
"""This file contains the main() and other functions needed to open an issue/PR dependabot is not enabled but could be"""
22

3+
import sys
34
import uuid
45
from datetime import datetime
56

@@ -39,6 +40,7 @@ def main(): # pragma: no cover
3940
repo_specific_exemptions,
4041
schedule,
4142
schedule_day,
43+
team_name,
4244
labels,
4345
) = env.get_env_vars()
4446

@@ -61,8 +63,10 @@ def main(): # pragma: no cover
6163
)
6264
project_id = get_global_project_id(token, organization, project_id)
6365

64-
# Get the repositories from the organization or list of repositories
65-
repos = get_repos_iterator(organization, repository_list, github_connection)
66+
# Get the repositories from the organization, team name, or list of repositories
67+
repos = get_repos_iterator(
68+
organization, team_name, repository_list, github_connection
69+
)
6670

6771
# Iterate through the repositories and open an issue/PR if dependabot is not enabled
6872
count_eligible = 0
@@ -258,11 +262,18 @@ def enable_dependabot_security_updates(owner, repo, access_token):
258262
print("\tFailed to enable Dependabot security updates.")
259263

260264

261-
def get_repos_iterator(organization, repository_list, github_connection):
262-
"""Get the repositories from the organization or list of repositories"""
265+
def get_repos_iterator(organization, team_name, repository_list, github_connection):
266+
"""Get the repositories from the organization, team_name, or list of repositories"""
263267
repos = []
264-
if organization and not repository_list:
268+
if organization and not repository_list and not team_name:
265269
repos = github_connection.organization(organization).repositories()
270+
elif team_name and organization:
271+
# Get the repositories from the team
272+
team = github_connection.organization(organization).team_by_name(team_name)
273+
if team.repos_count == 0:
274+
print(f"Team {team_name} has no repositories")
275+
sys.exit(1)
276+
repos = team.repositories()
266277
else:
267278
# Get the repositories from the repository_list
268279
for repo in repository_list:

0 commit comments

Comments
 (0)