-
Notifications
You must be signed in to change notification settings - Fork 3
/
get_all_dependabot.sh
executable file
·117 lines (83 loc) · 2.79 KB
/
get_all_dependabot.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#/bin/bash
# usage:
#
# ./get_all_dependabot.sh <organization_name>
#
# Requires gh cli and to be logged in with appropriate permissions to read
# (retrieve) all repo from an organization
#
# Queries all of the repos from a list created, then retrieve
# any dependabot information from each repo
#
OUTPUT_DIR="./output"
function get_repos {
TEMP_REPO_OUTPUT="$1_temp_repo_list.txt"
REPO_OUTPUT="$1_repo_list.txt"
echo "Getting all non-archived repos from $1."
gh repo list "$1" -L 500 --no-archived >> "${TEMP_REPO_OUTPUT}"
# remove all other information, make only a list of the active repos
awk -F "\t" '{print $1}' "${TEMP_REPO_OUTPUT}" | awk -F "/" '{print $2}' > \
"${REPO_OUTPUT}"
echo "List of repos written to the file ${REPO_OUTPUT}"
rm $TEMP_REPO_OUTPUT
}
function get_dependabot_info {
TEMP_OUTPUT="repo_temp.json"
echo "Checking if ./output folder exists"
if [[ ! -d "${OUTPUT_DIR}" ]]; then
echo "Output folder does not exist, creating ${OUTPUT_DIR}"
mkdir "${OUTPUT_DIR}"
fi
while IFS= read -r line; do
echo "Obtaining dependabot information for: $line"
gh api \
-H "Accept: application/vnd.github+json" \
/repos/$1/$line/dependabot/alerts --paginate > \
"${OUTPUT_DIR}/${TEMP_OUTPUT}"
jq -r '.' "${OUTPUT_DIR}/${TEMP_OUTPUT}" > "${OUTPUT_DIR}/${line}.json"
done < "${REPO_OUTPUT}"
if [[ -f "${OUTPUT_DIR}/${TEMP_OUTPUT}" ]]; then
echo
echo Removing temporary file "${OUTPUT_DIR}/${TEMP_OUTPUT}"
rm "${OUTPUT_DIR}/${TEMP_OUTPUT}"
fi
echo
echo "Dependabot information for each repo is stored in ${OUTPUT_DIR}"
echo
# remove files less than 5 bytes; repos without any dependabot alerts
#find $OUTPUT_DIR -type f -size -5c -print0 | xargs -0 rm
# determine repos with dependabot disabled
# find ./input/ -type f -print0 | xargs -0 grep '"message": "Dependabot"*'
}
function test_json {
# To Do. Fix paginated via BASH instead of python script
JSON_LIST="${1}_json_list.txt"
find "${OUTPUT_DIR}" -type f -iname *.json > "${JSON_LIST}"
while IFS= read -r line; do
echo "Checking for paginated json in file: ${line}"
VALID_JSON=$(python3 -m json.tool "${line}" > /dev/null)
if [[ $? -ne 0 ]]; then
echo "invalid json file: $line"
fi
done < "${JSON_LIST}"
}
function main {
echo "Verifying loging status via github (gh) cli"
GH_STATUS=$(gh auth status)
if [[ $? -ne 0 ]]; then
echo "Please ensure you are logged into github via github cli before running this script."
echo
echo "Refer to: https://cli.github.com/manual/gh_auth_login"
exit 1
fi
if [ $# -eq 0 ]; then
echo "Please provide an organization name"
echo
echo "Example: ./get_all_dependabot.sh google"
exit 1
fi
get_repos "$@"
get_dependabot_info "$@"
#test_json "$@"
}
main "$@"