Skip to content

SovereignCloudStack/github-manager

6 Branches0 Tags
This branch is 345 commits ahead of, 211 commits behind osism/github-manager:main.
#331

Folders and files

NameName
Last commit message
Last commit date

Latest commit

matofedermatofeder
Merge branch 'main' into get_stale
Mar 24, 2025
e78bba0 · Mar 24, 2025

History

345 Commits
.github
.github
Mar 24, 2025
orgs/SovereignCloudStack
orgs/SovereignCloudStack
Feb 26, 2025
.gitignore
.gitignore
Dec 6, 2023
.gitmodules
.gitmodules
Dec 6, 2023
.yamllint.yml
.yamllint.yml
Jun 29, 2021
CODEOWNERS
CODEOWNERS
Feb 24, 2025
LICENSE
LICENSE
Jul 28, 2022
Pipfile
Pipfile
Dec 6, 2023
Pipfile.lock
Pipfile.lock
Jan 24, 2025
README.md
README.md
Oct 2, 2024
apply_repository.yaml
apply_repository.yaml
Oct 5, 2022
check_consistency.py
check_consistency.py
Sep 26, 2024
config.yaml
config.yaml
Sep 13, 2024
manage.py
manage.py
Oct 5, 2023
playbook.yaml
playbook.yaml
Oct 5, 2022
process_repository_file.yaml
process_repository_file.yaml
Oct 5, 2022

Repository files navigation

GitHub permissions management through Ansible & Python

This repository manages the GitHub permissions for the SCS organization.

The CI is based on the great work contributed by OTC and OSISM.

Local usage

You can use the following procedure to test, debug or improve github manager on your local system.

  • Installation 
    git clone git@github.com:SovereignCloudStack/github-manager.git
cd github-manager
rm -rf ansible-collection-gitcontrol
git submodule update --init --recursive
python3 -m pip install --upgrade pip
python3 -m pip install pipenv wheel
pipenv install
pipenv run ansible-galaxy collection install git+https://github.com/opentelekomcloud/ansible-collection-gitcontrol.git
  • Create a personal access token - classic (PAT) This should only have a short validity and must be renewed regularly. (The rights repo and admin:org are required)
  • Execute Manager 
    export API_TOKEN="<github-token>"
pipenv run ansible-playbook playbook.yaml -e api_token=${API_TOKEN}

# Debugging with Ansiballs: https://docs.ansible.com/ansible/latest/dev_guide/debugging.html
ANSIBLE_KEEP_REMOTE_FILES=1 pipenv run ansible-playbook playbook.yaml -e api_token=${API_TOKEN} -vvv
  • Execute Consistency Check 
    pipenv run ./check_consistency.py

Limitiations

  • It is not possible to add already created, but still empty, repositories here. Before this is possible, at least one commit must have been made on the main branch.

  • It is not possible to remove members from the organization or any team. Please first delete the corresponding lines in data.yaml here in this repository and delete the user afterwards via the GitHub UI.

We're working on these issues upstream: https://github.com/opentelekomcloud/ansible-collection-gitcontrol and https://github.com/opentelekomcloud-infra/gitstyring

Github Actions

For the Github Action workflows a repository secret GHP_{{github_username}} needs to be provided. i This should only have a short validity and must be renewed regularly. Add the created token of the second step in the topic "Local usage" to REPOSITORTY_SECRETS (Name: "GHP_<GITHUB_ID_IN_UPPERCASE>")

If the following error in the logs comes from Manage github repositoriesx the token has expired and must be renewed.

About

GitHub repository management through Ansible & Python

scs.community/contribute/

Topics

github community

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%