feat(globalrepo): add team to repo with different permissions (#3)

Aatman · web-flow · commit f7c6fdcec035 · 2023-11-19T19:40:24.000-08:00
* feat(globalrepo): add team to repo with different permissions

* chore: fix err msg

* chore: update3 image
diff --git a/apis/settings/v1beta1/globalrepository_types.go b/apis/settings/v1beta1/globalrepository_types.go
@@ -70,6 +70,15 @@ type GlobalRepositorySpec struct {
 	MergeCommitMessage *string `json:"mergeCommitMessage,omitempty"`
 
 	RepositoryCollaborators *RepositoryCollaborators `json:"repositoryCollaborators,omitempty"`
+	RepositoryTeams         *RepositoryTeams         `json:"repositoryTeams,omitempty"`
+}
+
+type RepositoryTeams struct {
+	PushPermission     []string `json:"pushPermission,omitempty"`
+	PullPermission     []string `json:"pullPermission,omitempty"`
+	AdminPermission    []string `json:"adminPermission,omitempty"`
+	MaintainPermission []string `json:"maintainPermission,omitempty"`
+	TriagePermission   []string `json:"triagePermission,omitempty"`
 }
 
 // GlobalRepositoryStatus defines the observed state of GlobalRepository
diff --git a/apis/settings/v1beta1/zz_generated.deepcopy.go b/apis/settings/v1beta1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/settings.github.com_globalrepositories.yaml b/config/crd/bases/settings.github.com_globalrepositories.yaml
@@ -112,6 +112,29 @@ spec:
                       type: string
                     type: array
                 type: object
+              repositoryTeams:
+                properties:
+                  adminPermission:
+                    items:
+                      type: string
+                    type: array
+                  maintainPermission:
+                    items:
+                      type: string
+                    type: array
+                  pullPermission:
+                    items:
+                      type: string
+                    type: array
+                  pushPermission:
+                    items:
+                      type: string
+                    type: array
+                  triagePermission:
+                    items:
+                      type: string
+                    type: array
+                type: object
               squashMergeCommitMessage:
                 description: 'Can be one of: PR_BODY, COMMIT_MESSAGES, BLANK'
                 type: string
diff --git a/controllers/settings/global_repository.go b/controllers/settings/global_repository.go
@@ -57,6 +57,67 @@ func (r *GlobalRepositoryReconciler) EditRepoSettings(ctx context.Context, gr *s
 	return nil
 }
 
+//     pull - team members can pull, but not push to or administer this repository
+//     push - team members can pull and push, but not administer this repository
+//     admin - team members can pull, push and administer this repository
+//     maintain - team members can manage the repository without access to sensitive or destructive actions.
+//     triage - team members can proactively manage issues and pull requests without write access.
+func (r *GlobalRepositoryReconciler) EditRepoTeams(ctx context.Context, gr *settingsv1beta1.GlobalRepository, repoName string, reqLogger logr.Logger) error {
+	if gr.Spec.RepositoryTeams == nil {
+		return nil
+	}
+
+	ghClient := gh.Login(ctx)
+
+	for _, adminTeam := range gr.Spec.RepositoryTeams.AdminPermission {
+		err := addTeamToRepoPerm(ctx, gr, repoName, ghClient, adminTeam, "admin", reqLogger)
+		if err != nil {
+			return fmt.Errorf("failed to add admin perm for %s to %s", adminTeam, repoName)
+		}
+	}
+
+	for _, pullTeam := range gr.Spec.RepositoryTeams.PullPermission {
+		err := addTeamToRepoPerm(ctx, gr, repoName, ghClient, pullTeam, "pull", reqLogger)
+		if err != nil {
+			return fmt.Errorf("failed to add pull perm for %s to %s", pullTeam, repoName)
+		}
+	}
+
+	for _, pushTeam := range gr.Spec.RepositoryTeams.PushPermission {
+		err := addTeamToRepoPerm(ctx, gr, repoName, ghClient, pushTeam, "push", reqLogger)
+		if err != nil {
+			return fmt.Errorf("failed to add push perm for %s to %s", pushTeam, repoName)
+		}
+	}
+
+	for _, maintainTeam := range gr.Spec.RepositoryTeams.MaintainPermission {
+		err := addTeamToRepoPerm(ctx, gr, repoName, ghClient, maintainTeam, "maintain", reqLogger)
+		if err != nil {
+			return fmt.Errorf("failed to add maintain perm for %s to %s", maintainTeam, repoName)
+		}
+	}
+
+	for _, triageTeam := range gr.Spec.RepositoryTeams.TriagePermission {
+		err := addTeamToRepoPerm(ctx, gr, repoName, ghClient, triageTeam, "triage", reqLogger)
+		if err != nil {
+			return fmt.Errorf("failed to add triage perm for %s to %s", triageTeam, repoName)
+		}
+	}
+
+	return nil
+}
+
+func addTeamToRepoPerm(ctx context.Context, gr *settingsv1beta1.GlobalRepository, repoName string, ghClient *github.Client, team string, perm string, reqLogger logr.Logger) error {
+	_, err := ghClient.Teams.AddTeamRepoBySlug(ctx, gr.Spec.Organization, team, gr.Spec.Organization, repoName, &github.TeamAddTeamRepoOptions{
+		Permission: perm,
+	})
+	if err != nil {
+		return fmt.Errorf("failed to add perm for team for repo: %w", err)
+	}
+	reqLogger.Info("gave " + team + "" + perm + " permission")
+	return nil
+}
+
 func (r *GlobalRepositoryReconciler) EditRepoCollaboraters(ctx context.Context, gr *settingsv1beta1.GlobalRepository, repoName string, reqLogger logr.Logger) error {
 	ghClient := gh.Login(ctx)
 
diff --git a/controllers/settings/globalrepository_controller.go b/controllers/settings/globalrepository_controller.go
@@ -80,6 +80,11 @@ func (r *GlobalRepositoryReconciler) Reconcile(ctx context.Context, req ctrl.Req
 		if err != nil {
 			return reconcile.Result{}, err
 		}
+
+		err = r.EditRepoTeams(ctx, gr, repo.GetName(), reqLogger)
+		if err != nil {
+			return reconcile.Result{}, err
+		}
 	}
 
 	return ctrl.Result{}, nil
diff --git a/docs/install.yaml b/docs/install.yaml
@@ -118,6 +118,29 @@ spec:
                       type: string
                     type: array
                 type: object
+              repositoryTeams:
+                properties:
+                  adminPermission:
+                    items:
+                      type: string
+                    type: array
+                  maintainPermission:
+                    items:
+                      type: string
+                    type: array
+                  pullPermission:
+                    items:
+                      type: string
+                    type: array
+                  pushPermission:
+                    items:
+                      type: string
+                    type: array
+                  triagePermission:
+                    items:
+                      type: string
+                    type: array
+                type: object
               squashMergeCommitMessage:
                 description: 'Can be one of: PR_BODY, COMMIT_MESSAGES, BLANK'
                 type: string
@@ -703,7 +726,7 @@ spec:
         envFrom:
         - secretRef:
             name: github-operator-secret
-        image: hunterthompson/github-operator:v1.1.0
+        image: hunterthompson/github-operator:v1.4.0
         livenessProbe:
           httpGet:
             path: /healthz

Original file line number	Diff line number	Diff line change
`@@ -80,6 +80,11 @@ func (r *GlobalRepositoryReconciler) Reconcile(ctx context.Context, req ctrl.Req`
`80`	`80`	`if err != nil {`
`81`	`81`	`return reconcile.Result{}, err`
`82`	`82`	`}`
	`83`	`+`
	`84`	`+ err = r.EditRepoTeams(ctx, gr, repo.GetName(), reqLogger)`
	`85`	`+ if err != nil {`
	`86`	`+ return reconcile.Result{}, err`
	`87`	`+ }`
`83`	`88`	`}`
`84`	`89`
`85`	`90`	`return ctrl.Result{}, nil`