Github API Integration

Created the above shell script which will list no.of users for a organisation's repository in Github.

It basically helps to list users who have read access in your repo and so it'll help u in identifying the list and also revoke the access for any user who left's the org/project or so on.

Explanation of code:

API_URL="https://api.github.com":

• This variable defines the base URL of the GitHub API, which will be used to make requests

GitHub Username and Token:

• USERNAME=$username: This will hold the GitHub username.
• TOKEN=$token: This will hold the GitHub personal access token (which is needed to authenticate requests to GitHub's API). You need to assign your actual username and token to these variables when running the script.

Repository Information:

• REPO_OWNER=$1: This represents the owner of the repository (the first argument when running the script).
• REPO_NAME=$2: This represents the name of the repository (the second argument).

function github_api_get { local endpoint="$1" local url="${API_URL}/${endpoint}" curl -s -u "${USERNAME}:${TOKEN}" "$url" }

• A function is like a small reusable program inside the script. You can run this program whenever you need it, without writing the same code again and again.The function name is github_api_get. You can think of this as a command you're defining.

local endpoint="$1":

• local means this variable (called endpoint) exists only inside this function.
• "$1" is just the first piece of information passed to the function (called a parameter). This piece of information is the API endpoint (a specific part of the GitHub website).
• Example: If we pass repos/username/repo/collaborators, it will replace "$1" with this text.

local url="${API_URL}/${endpoint}":

• ${API_URL} is a variable defined earlier, which holds https://api.github.com (the website for GitHub's API).
• The whole line means: combine API_URL (the website) with the endpoint (the part of the website you want to access).
• Example: If API_URL is https://api.github.com and endpoint is repos/username/repo/collaborators, the complete URL will be: https://api.github.com/repos/username/repo/collaborators

curl -s -u "${USERNAME}:${TOKEN}" "$url":

• curl: This is a command that talks to websites and gets data.
• -s: Run quietly (without showing unnecessary details).
• -u "${USERNAME}:${TOKEN}": This is for authentication. It means, "Tell the website my username and password (or token)".
• "$url": This is the full URL that the command is connecting to (e.g., https://api.github.com/repos/username/repo/collaborators).

2. Function to List Users with Read Access

function list_users_with_read_access { local endpoint="repos/${REPO_OWNER}/${REPO_NAME}/collaborators" collaborators="$(github_api_get "$endpoint" | jq -r '.[] | select(.permissions.pull == true) | .login')" if [[ -z "$collaborators" ]]; then echo "No users with read access found for ${REPO_OWNER}/${REPO_NAME}." else echo "Users with read access to ${REPO_OWNER}/${REPO_NAME}:" echo "$collaborators" fi }

local endpoint="repos/${REPO_OWNER}/${REPO_NAME}/collaborators":

• The endpoint here is the specific part of the GitHub website we want to connect to, to get the list of collaborators (people who can access the repository).
• ${REPO_OWNER} is replaced by the repository owner's username, and ${REPO_NAME} is the name of the repository.
• Example: If the repo owner is octocat and the repo name is Hello-World, the endpoint will become: repos/octocat/Hello-World/collaborators

collaborators="$(github_api_get "$endpoint" | jq -r '.[] | select(.permissions.pull == true) | .login')":

• collaborators="...": We're creating a new variable called collaborators. This will store the result (the list of users who can read the repository).
• github_api_get "$endpoint": This is calling the function we defined earlier, sending a GET request to GitHub's API to fetch the collaborators.

| jq -r '.[] | select(.permissions.pull == true) | .login':

• The jq tool is used to process the JSON data (this is the format GitHub uses to send information).
• '.[]': This looks at every item in the list of collaborators.
• select(.permissions.pull == true): This keeps only those collaborators who have read access (pull permission).
• .login: This selects the username of each person who has read access.

if [[ -z "$collaborators" ]]; then:

-z checks if collaborators is empty. If it’s empty, it means there are no users with read access.

Github Link - https://github.com/sayan754/Shell-Script/blob/main/Github-API.sh

#devops

#SRE

#ShellScripting