chore: add script to write branchprotector checks

from the format of ./hack/list-checks.sh
GeoNet · Oct 10, 2023 · 157a59b · 157a59b
1 parent 918fb8e
commit 157a59b
Showing 1 changed file with 43 additions and 0 deletions.
diff --git a/hack/set-bp-yaml-checks.sh b/hack/set-bp-yaml-checks.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+# NOTE must be in format from ./hack/list-checks.sh
+INPUT="$(< /dev/stdin yq e)"
+# NOTE only manages the fields
+# .branch-protection.orgs.ORG.repos.REPO.branches.DEFAULT
+#   - .protect
+#   - .required_status_checks.contexts
+OUTPUT="${1:-}"
+
+if [ -z "$OUTPUT" ]; then
+    cat <<EOF
+usage: $0 OUTPUTFILE.yaml
+EOF
+    exit 1
+fi
+
+if [ ! -f "$OUTPUT" ]; then
+    touch "$OUTPUT"
+fi
+
+for REPO in $(echo "$INPUT" | yq e '. | keys | .[]'); do
+    ORG="$(gh api repos/$REPO --jq '.owner.login')"
+    export ORG
+    REPO="$(gh api repos/$REPO --jq '.name')"
+    export REPO
+    DEFAULT_BRANCH="$(gh api "repos/$ORG/$REPO" --jq .default_branch)"
+    export DEFAULT_BRANCH
+    CHECKS="$(echo "$INPUT" | yq e '.[env(ORG) + "/" + env(REPO)]' -o json | jq -rcM)"
+    export CHECKS
+    echo "$REPO : $CHECKS"
+
+    yq e -i '.branch-protection.orgs[env(ORG)].repos[env(REPO)].branches[env(DEFAULT_BRANCH)] = {
+               "protect": true,
+               "required_status_checks": {
+                 "contexts": env(CHECKS)
+                }
+             }' "$OUTPUT"
+done