Skip to content

Commit

Permalink
WIP script to update action.yml with permissions based on https://g…
Browse files Browse the repository at this point in the history
  • Loading branch information
gr2m and parkerbxyz committed Sep 5, 2024
1 parent 9ccc6db commit 580a7f4
Show file tree
Hide file tree
Showing 2 changed files with 86 additions and 0 deletions.
42 changes: 42 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,48 @@ inputs:
github-api-url:
description: The URL of the GitHub REST API.
default: ${{ github.api_url }}
# <START GENERATED PERMISSIONS INPUTS>
permission-metadata:
description: "Can be set to 'read'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#metadata"
permission-actions:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#actions"
permission-administration:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#administration"
permission-organization-user-blocking:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#organization-user-blocking"
permission-checks:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#checks"
permission-security-events:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#code-scanning-alerts"
permission-statuses:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#commit-statuses"
permission-contents:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#contents"
permission-vulnerability-alerts:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#dependabot-alerts"
permission-deployments:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#deployments"
permission-issues:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#issues"
permission-members:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#members"
permission-organization-administration:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#organization-administration"
permission-organization-projects:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#organization-projects"
permission-pages:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#pages"
permission-pull-requests:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#pull-requests"
permission-repository-projects:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#repository-projects"
permission-secrets:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#secrets"
permission-single-file:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#single-file"
permission-team-discussions:
description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#team-discussions"
# <END GENERATED PERMISSIONS INPUTS>
outputs:
token:
description: "GitHub installation access token"
Expand Down
44 changes: 44 additions & 0 deletions scripts/update-permission-inputs.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
import { readFile, writeFile } from "node:fs/promises";

import { request } from "@octokit/request";

const { data: permissionsSchemaString } = await request(
"GET /repos/{owner}/{repo}/contents/{path}",
{
owner: "octokit",
repo: "app-permissions",
path: "generated/api.github.com.json",
mediaType: {
format: "raw",
},
headers: {
authorization: `token ${process.env.GITHUB_TOKEN}`,
},
},
);

const permissionsSchema = JSON.parse(permissionsSchemaString);

const permissionsInputs = Object.entries(permissionsSchema.permissions).reduce(
(result, [key, value]) => {
const supportsWrite = value.write.length > 0;
const description = supportsWrite
? `Can be set to 'read' or 'write'. Learn more at ${value.url}`
: `Can be set to 'read'. Learn more at ${value.url}`;
return `${result}
permission-${key.replace(/_/g, "-")}:
description: "${description}"`;
},
"",
);

const actionsYamlContent = await readFile("action.yml", "utf8");

// In the action.yml file, replace the content between the `<START GENERATED PERMISSIONS INPUTS>` and `<END GENERATED PERMISSIONS INPUTS>` comments with the new content
const updatedActionsYamlContent = actionsYamlContent.replace(
/(?<=# <START GENERATED PERMISSIONS INPUTS>)(.|\n)*(?=# <END GENERATED PERMISSIONS INPUTS>)/,
permissionsInputs + "\n ",
);

await writeFile("action.yml", updatedActionsYamlContent, "utf8");
console.log("Updated action.yml with new permissions inputs");

0 comments on commit 580a7f4

Please sign in to comment.