Notes by Thay
Day 8 of My 100-Day DevOps Challenge: Automated Repository Management

Day 8 of My 100-Day DevOps Challenge: Automated Repository Management

Thay's photo
Thay
·

4 min read

Table of contents

Introduction

In the dynamic world of DevOps, efficiency and automation stand as cornerstone principles. Managing GitHub repositories manually can quickly become a time-consuming and error-prone process. Shell scripting provides an efficient way to automate and manage tasks that otherwise require repetitive manual intervention. Let’s delve into a practical use case: managing access and permissions in a GitHub repository. This blog will guide you through the steps and explain key concepts to make your automation seamless and secure.

The Problem: Managing Repository Access

Imagine you own a GitHub repository for your organization. You need to:

  • Add or revoke access for team members as they join or leave.

  • Manage read and write permissions for collaborators.

  • Automate routine tasks like adding collaborators, checking permissions, or generating access reports.

Logging into the GitHub web interface repeatedly to manage these tasks can be tedious and time-consuming. Instead, you can leverage shell scripting and GitHub’s API to automate these operations.

Understanding API Interaction in DevOps

When interacting with sophisticated platforms like GitHub, developers and DevOps engineers have multiple approaches to communication. Traditionally, two primary methods have emerged:

  1. API: The GitHub API allows seamless interaction using HTTP methods. It can be accessed through tools like curl or programming languages like Python.

  2. CLI: GitHub CLI is another option, but for scripting flexibility, APIs often offer more control and customization.

With shell scripting, you can use curl to send HTTP requests following the API's documentation. As a DevOps developer, you may not create APIs, but you must know how to interact with them effectively.

Setting Up the Environment

Step 1: Launch an EC2 Instance

  1. Create an EC2 instance on AWS.

  2. Connect to the instance via SSH:

     ssh -i Downloads/key.pem ubuntu@<public_ip>

    Replace <public_ip> with the instance's public IP address.

Step 2: Clone the Repository

  1. Use Git to clone the repository you want to manage:

     git clone https://github.com/<organization>/<repository>.git

  2. Navigate to the repository folder:

     cd <repository>

Step 3: Export Credentials

  1. Set environment variables for your GitHub username and personal access token (PAT):

     export USERNAME="<your_username>"
 export TOKEN="<your_token>"

    Ensure your PAT has the necessary scopes, such as repo or admin:org. Use environment variables and secure token management techniques to protect sensitive information.

Writing the Script

Below is a script to automate access management in a GitHub repository.

Example Script

#!/bin/bash

# GitHub API URL
API_URL="https://api.github.com"

# Repository details
REPO_OWNER="$1"
REPO_NAME="$2"

# Function to make authenticated GET requests to the GitHub API
function github_api_get() {
    local endpoint="$1"
    local url="${API_URL}/${endpoint}"
    curl -s -u "${USERNAME}:${TOKEN}" "$url"
}

# Function to list users with read access
function list_users_with_read_access() {
    local endpoint="repos/${REPO_OWNER}/${REPO_NAME}/collaborators"
    collaborators=$(github_api_get "$endpoint" | jq -r '.[] | select(.permissions.pull == true) | .login')

    if [[ -z "$collaborators" ]]; then
        echo "No users with read access found for ${REPO_OWNER}/${REPO_NAME}."
    else
        echo "Users with read access to ${REPO_OWNER}/${REPO_NAME}:"
        echo "$collaborators"
    fi
}

# Execute the function
echo "Listing users with read access to ${REPO_OWNER}/${REPO_NAME}..."
list_users_with_read_access

Steps to Run the Script

  1. Save the script to a file, e.g., manage_access.sh.

  2. Make it executable:

     chmod +x manage_access.sh

  3. Execute the script, providing repository owner and name as arguments:

     ./manage_access.sh <repo_owner> <repo_name>

Managing Permissions

Adding a Collaborator

To add a collaborator with write access, use the GitHub API’s PUT method:

curl -X PUT -u "${USERNAME}:${TOKEN}" \
  -H "Accept: application/vnd.github.v3+json" \
  "https://api.github.com/repos/${REPO_OWNER}/${REPO_NAME}/collaborators/<collaborator_username>" \
  -d '{"permission": "push"}'

Removing a Collaborator

To remove a collaborator:

curl -X DELETE -u "${USERNAME}:${TOKEN}" \
  "https://api.github.com/repos/${REPO_OWNER}/${REPO_NAME}/collaborators/<collaborator_username>"

Best Practices for Secure Scripting

  • Avoid Hardcoding Credentials: Use environment variables or secret management tools.

  • Token Management: Regularly rotate PATs to minimize exposure risk.

  • Logging: Log critical events for auditing but avoid logging sensitive data.

  • Error Handling: Include error checks to handle API failures gracefully.

Example:

if [[ $? -ne 0 ]]; then
    echo "API request failed. Check your credentials and repository details."
    exit 1
fi

Key Learnings

  • Understanding GitHub APIs: API documentation is your guide to automating tasks effectively.

  • Flexibility with Shell Scripting: Tasks like permission management and user tracking become streamlined.

  • Security Awareness: Proper credential handling is critical in automation scripts.

Conclusion

Shell scripting for GitHub repository management represents more than just a technical skill—it's a transformative approach to team collaboration and operational efficiency. By automating complex tasks, reducing human error, and providing scalable solutions, these scripts enable DevOps teams to focus on innovation rather than getting bogged down by repetitive administrative tasks.

DevopsDevops articlesDevOps Journey#Devopscommunity