DEVOPS-50 fixed the auth issue while addding repo togh app

Author: githubofkrishnadhas

.github/workflows/add_repositories_to_github_app.yaml

@@ -0,0 +1,42 @@
+name: add-repositories-to-github-app-automation
+on:
+  workflow_dispatch:
+    inputs:
+      organization:
+        description: 'GitHub organization Name'
+        required: true
+        type: string
+        default: 'devwithkrishna'
+      search-string:
+        description: 'github repo name search string'
+        required: true
+        type: string
+      github-app-name:
+        description: 'github app name'
+        required: true
+        type: string
+
+jobs:
+  add-repositories-to-github-app-automation:
+    runs-on: ubuntu-latest
+    steps:
+      - name: git checkout
+        uses: actions/checkout@v4
+      - name: set up python 3.11
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+      - name: package installations
+        run: |
+         pip install pipenv
+         pipenv install
+      - name: execute python program
+        env:
+          ORGANIZATION: ${{ inputs.organization }}
+          GH_TOKEN: ${{ secrets.DEVWITHKRISHNA_PERSONAL_ACCESS_TOKEN }}
+          GH_TOKEN_CLASSIC: ${{ secrets.GH_TOKEN_CLASSIC }}
+        run: |
+          pipenv run python3 add_a_repo_to_github_app.py --search_string ${{ inputs.search-string }} --github_app_name ${{ inputs.github-app-name }}
+      - name: Completed
+        run: |
+          echo "program completed successfully"

.github/workflows/github_app_installation_details.yaml

@@ -8,7 +8,7 @@ on:
         type: string
         default: 'devwithkrishna'
   schedule:
-    - cron: '0 0 1 * *' # Monthly once 12:00 AM
+    - cron: '0 0 * * *' # Everyday   # '0 0 1 * *' # Monthly once 12:00 AM
 
 jobs:
   github-app-installation-details:

.gitignore

@@ -158,4 +158,4 @@ cython_debug/
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 .idea/
-list_of_github_installations.json
+*.json

README.md

@@ -1,4 +1,38 @@
 # automation-to-add-repos-to-a-github-app
 create an automation to add repos to a github app
 
-* Reference : [list-app-installations-for-an-organization](https://docs.github.com/en/rest/orgs/orgs?apiVersion=2022-11-28#list-app-installations-for-an-organization)
+* Reference : [list-app-installations-for-an-organization](https://docs.github.com/en/rest/orgs/orgs?apiVersion=2022-11-28#list-app-installations-for-an-organization)
+
+# Credentials used for authorization
+
+| credential | purpose | check              |
+|------------|---------|--------------------|
+| fine grained personal access token | this is used for all purpose like listing repos, github app detailsetc | :heavy_check_mark: |
+| personal access token classic | this is used for api call to add repos to github app | :heavy_check_mark: |
+
+**personal access token classic - provide `all repo access`**
+![Screenshot_3-5-2024_234236_github.com.jpeg](..%2F..%2F..%2F..%2FDownloads%2FScreenshot_3-5-2024_234236_github.com.jpeg)
+
+# parameters 
+
+| input name | type | description |
+|------------|------|-------------|
+| organization | string | Github organizarion name. Default - `devwithkrishna` |
+| search-string | string | name of github repo starts with |
+| github-app-name | string | name of github app to which repositories will be added |
+
+
+# How code works
+
+* Based on the search string, the code will use the end point `https://api.github.com/orgs/{orgaization}/repos` to list all
+  repositories and get the ones matching. matching is done in a way that the seach string is considered as begining word of
+  Github repository name. - _list_repos_in_org.py_ & _list_github_app_matching_name.py_
+
+* Once its listed, later script pulls down all available github apps installed across the organization using the 
+  endpoint `https://api.github.com/orgs/{organization}/installations` - _list_all_github_app_in_org.py_
+
+* Based on the Github app name provided as input it gathers the installation id. This is later used.
+
+* using the matching repos based on search string and github app name provded, the script will use these details to the
+  endpoint `https://api.github.com/user/installations/{github_app_installation_id}/repositories/{repo_id}`. This uses 
+  the personal access token classic to add repositories to github app - _add_a_repo_to_github_app.py_

add_a_repo_to_github_app.py

@@ -12,16 +12,43 @@ def add_repository_to_github_app(organization:str,matching_repos: list[dict], ap
     :return:
     https://docs.github.com/en/rest/apps/installations?apiVersion=2022-11-28#add-a-repository-to-an-app-installation
     """
-    # Assuming that the Github app name doesnot contain any special cgharacters and github app name is same as app_slug.
-    print(f'Matching repos are:  {matching_repos}')
-    print(f'GitHub App details are:  {app_short_list}')
-    add_repo_to_github_app_endpoint = f'https://api.github.com/user/installations/{id}/repositories/REPOSITORY_ID
-'
-    headers = {
-        "Accept": "application/vnd.github+json",
-        "Authorization": f"Bearer {os.getenv('GH_TOKEN')}",
-        "X-GitHub-Api-Version": "2022-11-28"
-    }
+    # Assuming that the Github app name doesnot contain any special characters and github app name is same as app_slug.
+    # print(f'Matching repos are:  {matching_repos}')
+    # print(f'GitHub App details are:  {app_short_list}')
+
+    # Getting Github app installation id
+    github_app_installation_id = app_short_list[0]['id']
+    github_app_name =  app_short_list[0]['app_slug']
+    print(f'Github App installation Id is : {github_app_installation_id}')
+    # Iterating through matching repos list
+    for repo in matching_repos:
+        repo_id = repo['id']
+        repo_name =  repo['name']
+        print(f'repository id of {repo_name} is : {repo_id}')
+        add_repo_to_github_app_endpoint = f'https://api.github.com/user/installations/{github_app_installation_id}/repositories/{repo_id}'
+        headers = {
+            "Accept": "application/vnd.github+json",
+            "Authorization": f"Bearer {os.getenv('GH_TOKEN_CLASSIC')}",
+            "X-GitHub-Api-Version": "2022-11-28"
+        }
+
+        #Status code   Description
+        # 204 - No Content
+        # 304 - Not Modified
+        # 403 - Forbidden
+        # 404 - Resource not found
+        response = requests.put(url=add_repo_to_github_app_endpoint, headers=headers)
+        response_code = response.status_code
+
+        if response_code == 204:
+            print(f'Repository {repo_name} added to {github_app_name}')
+        elif response_code == 304:
+            print(f'Repository {repo_name} Not added to {github_app_name}')
+        elif response_code == 403:
+            print(f'This action is forbidden. No permission!')
+        else:
+            print(f'Resource {repo_name} or {github_app_name} not found. {response.text}')
+            break
 
 
 def main():
@@ -30,15 +57,15 @@ def main():
     organization = os.getenv('ORGANIZATION')
     parser = argparse.ArgumentParser(description="Add specific repos matching a string in repo names to a github teams")
     parser.add_argument("--search_string", required=True, type=str, help="github repo name search string")
-    parser.add_argument("--github_app_name", required=True, type=str, help="github repo name search string")
+    parser.add_argument("--github_app_name", required=True, type=str, help="github app name")
     args = parser.parse_args()
     search_string = args.search_string
     github_app_name = args.github_app_name
     # Function call for repo list
     matching_repos = list_repos_in_github_org(organization, search_string)
     # Function call for github app details
     app_short_list = list_github_apps_in_organization_matching_name(organization, github_app_name)
-    # Fucntion call for adding repo to github app
+    # Function call for adding repo to github app
     add_repository_to_github_app(organization, matching_repos, app_short_list)