|
| 1 | +#!/usr/bin/env bash |
| 2 | +set -euo pipefail |
| 3 | + |
| 4 | +ORG="towlion" |
| 5 | +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" |
| 6 | +LABELS_FILE="$SCRIPT_DIR/../templates/.github/labels.json" |
| 7 | + |
| 8 | +# Colors |
| 9 | +GREEN='\033[0;32m' |
| 10 | +YELLOW='\033[1;33m' |
| 11 | +RED='\033[0;31m' |
| 12 | +NC='\033[0m' |
| 13 | + |
| 14 | +usage() { |
| 15 | + echo "Usage: $(basename "$0") <repo-name>" |
| 16 | + echo |
| 17 | + echo "Configure governance settings for a towlion repository." |
| 18 | + echo "Applies repo settings, branch protection, and standard labels." |
| 19 | + echo |
| 20 | + echo "Examples:" |
| 21 | + echo " $(basename "$0") uku-companion" |
| 22 | + echo " $(basename "$0") app-template" |
| 23 | +} |
| 24 | + |
| 25 | +info() { echo -e "${GREEN}[OK]${NC} $1"; } |
| 26 | +warn() { echo -e "${YELLOW}[WARN]${NC} $1"; } |
| 27 | +error() { echo -e "${RED}[ERROR]${NC} $1"; exit 1; } |
| 28 | + |
| 29 | +if [[ "${1:-}" == "--help" || "${1:-}" == "-h" ]]; then |
| 30 | + usage |
| 31 | + exit 0 |
| 32 | +fi |
| 33 | + |
| 34 | +if [[ $# -ne 1 ]]; then |
| 35 | + usage |
| 36 | + exit 1 |
| 37 | +fi |
| 38 | + |
| 39 | +REPO="$1" |
| 40 | +FULL_REPO="$ORG/$REPO" |
| 41 | + |
| 42 | +# --- Preflight --- |
| 43 | + |
| 44 | +if ! command -v gh &>/dev/null; then |
| 45 | + error "gh CLI is not installed. Install it from https://cli.github.com" |
| 46 | +fi |
| 47 | + |
| 48 | +if ! gh auth status &>/dev/null; then |
| 49 | + error "gh CLI is not authenticated. Run 'gh auth login' first." |
| 50 | +fi |
| 51 | + |
| 52 | +if ! gh repo view "$FULL_REPO" &>/dev/null; then |
| 53 | + error "Repository $FULL_REPO does not exist or is not accessible." |
| 54 | +fi |
| 55 | + |
| 56 | +echo "Configuring $FULL_REPO..." |
| 57 | +echo |
| 58 | + |
| 59 | +# --- Repo Settings --- |
| 60 | + |
| 61 | +gh api -X PATCH "repos/$FULL_REPO" \ |
| 62 | + -f has_wiki=false \ |
| 63 | + -f has_projects=false \ |
| 64 | + -f has_discussions=false \ |
| 65 | + -f delete_branch_on_merge=true \ |
| 66 | + -f allow_squash_merge=true \ |
| 67 | + -f allow_merge_commit=false \ |
| 68 | + -f allow_rebase_merge=false \ |
| 69 | + --silent |
| 70 | + |
| 71 | +info "Repo settings: wiki/projects/discussions disabled, squash-only merge, auto-delete branches" |
| 72 | + |
| 73 | +# --- Branch Protection --- |
| 74 | + |
| 75 | +# Check if main branch exists |
| 76 | +if gh api "repos/$FULL_REPO/branches/main" --silent 2>/dev/null; then |
| 77 | + gh api -X PUT "repos/$FULL_REPO/branches/main/protection" \ |
| 78 | + --input - --silent <<'PROTECTION' |
| 79 | +{ |
| 80 | + "required_status_checks": { |
| 81 | + "strict": true, |
| 82 | + "contexts": ["validate"] |
| 83 | + }, |
| 84 | + "enforce_admins": false, |
| 85 | + "required_pull_request_reviews": { |
| 86 | + "dismiss_stale_reviews": true, |
| 87 | + "require_code_owner_reviews": false, |
| 88 | + "required_approving_review_count": 1 |
| 89 | + }, |
| 90 | + "restrictions": null |
| 91 | +} |
| 92 | +PROTECTION |
| 93 | + |
| 94 | + info "Branch protection: PR reviews, status checks, no force push on main" |
| 95 | +else |
| 96 | + warn "Branch 'main' does not exist yet — skipping branch protection (re-run after first push)" |
| 97 | +fi |
| 98 | + |
| 99 | +# --- Labels --- |
| 100 | + |
| 101 | +if [[ ! -f "$LABELS_FILE" ]]; then |
| 102 | + error "Labels file not found at $LABELS_FILE" |
| 103 | +fi |
| 104 | + |
| 105 | +label_count=0 |
| 106 | +while IFS= read -r label; do |
| 107 | + name=$(echo "$label" | python3 -c "import sys,json; print(json.load(sys.stdin)['name'])") |
| 108 | + color=$(echo "$label" | python3 -c "import sys,json; print(json.load(sys.stdin)['color'])") |
| 109 | + description=$(echo "$label" | python3 -c "import sys,json; print(json.load(sys.stdin)['description'])") |
| 110 | + |
| 111 | + # Try to create; if it already exists (422), update instead |
| 112 | + if gh api -X POST "repos/$FULL_REPO/labels" \ |
| 113 | + -f name="$name" -f color="$color" -f description="$description" \ |
| 114 | + --silent 2>/dev/null; then |
| 115 | + : # created |
| 116 | + else |
| 117 | + gh api -X PATCH "repos/$FULL_REPO/labels/$name" \ |
| 118 | + -f color="$color" -f description="$description" \ |
| 119 | + --silent 2>/dev/null || true |
| 120 | + fi |
| 121 | + label_count=$((label_count + 1)) |
| 122 | +done < <(python3 -c " |
| 123 | +import json, sys |
| 124 | +with open('$LABELS_FILE') as f: |
| 125 | + for item in json.load(f): |
| 126 | + print(json.dumps(item)) |
| 127 | +") |
| 128 | + |
| 129 | +info "Labels: $label_count standard labels created/updated" |
| 130 | + |
| 131 | +# --- Summary --- |
| 132 | + |
| 133 | +echo |
| 134 | +echo -e "${GREEN}=== Setup complete for $FULL_REPO ===${NC}" |
| 135 | +echo " - Repo settings configured" |
| 136 | +if gh api "repos/$FULL_REPO/branches/main" --silent 2>/dev/null; then |
| 137 | + echo " - Branch protection applied to main" |
| 138 | +else |
| 139 | + echo " - Branch protection skipped (no main branch)" |
| 140 | +fi |
| 141 | +echo " - $label_count labels created/updated" |
0 commit comments