feat: add Phase 9 — Security Scanning
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
S
71
phase9_teardown.sh
Executable file
71
phase9_teardown.sh
Executable file
@@ -0,0 +1,71 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
# =============================================================================
|
||||
# phase9_teardown.sh — Remove security scanning workflows from all repos
|
||||
# Also removes security status checks from branch protection if they were added.
|
||||
# Clones each repo, removes security-scan.yml, commits + pushes.
|
||||
# =============================================================================
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
||||
source "${SCRIPT_DIR}/lib/common.sh"
|
||||
|
||||
load_env
|
||||
require_vars GITEA_ADMIN_TOKEN GITEA_INTERNAL_URL GITEA_ORG_NAME \
|
||||
GITEA_ADMIN_USER \
|
||||
REPO_1_NAME REPO_2_NAME REPO_3_NAME \
|
||||
PROTECTED_BRANCH
|
||||
|
||||
log_warn "=== Phase 9 Teardown: Security Scanning ==="
|
||||
|
||||
REPOS=("$REPO_1_NAME" "$REPO_2_NAME" "$REPO_3_NAME")
|
||||
TEMP_BASE="/tmp/gitea-migration-security-teardown"
|
||||
|
||||
cleanup() {
|
||||
rm -rf "$TEMP_BASE"
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
printf 'This will remove security-scan.yml from all repos. Continue? [y/N] '
|
||||
read -r confirm
|
||||
if [[ ! "$confirm" =~ ^[Yy]$ ]]; then
|
||||
log_info "Teardown cancelled"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
for repo in "${REPOS[@]}"; do
|
||||
log_info "--- Processing: ${repo} ---"
|
||||
|
||||
# Check if security-scan.yml exists before cloning
|
||||
if ! gitea_api GET "/repos/${GITEA_ORG_NAME}/${repo}/contents/.gitea/workflows/security-scan.yml" >/dev/null 2>&1; then
|
||||
log_info "No security-scan.yml in ${repo} — already clean"
|
||||
continue
|
||||
fi
|
||||
|
||||
# Clone, remove, commit, push
|
||||
CLONE_DIR="${TEMP_BASE}/${repo}"
|
||||
rm -rf "$CLONE_DIR"
|
||||
|
||||
CLONE_URL=$(echo "${GITEA_INTERNAL_URL}" | sed "s|://|://${GITEA_ADMIN_USER}:${GITEA_ADMIN_TOKEN}@|")
|
||||
git clone -q "${CLONE_URL}/${GITEA_ORG_NAME}/${repo}.git" "$CLONE_DIR"
|
||||
|
||||
if [[ -f "${CLONE_DIR}/.gitea/workflows/security-scan.yml" ]]; then
|
||||
rm -f "${CLONE_DIR}/.gitea/workflows/security-scan.yml"
|
||||
cd "$CLONE_DIR"
|
||||
git config user.name "Gitea Migration"
|
||||
git config user.email "migration@gitea.local"
|
||||
git add -A
|
||||
git commit -q -m "Remove security scanning workflow (teardown)"
|
||||
git push -q origin HEAD
|
||||
cd "$SCRIPT_DIR"
|
||||
log_success "Removed security-scan.yml from ${repo}"
|
||||
fi
|
||||
|
||||
# Remove security status checks from branch protection
|
||||
# Reset to empty status check contexts
|
||||
PATCH_PAYLOAD=$(jq -n '{status_check_contexts: []}')
|
||||
gitea_api PATCH "/repos/${GITEA_ORG_NAME}/${repo}/branch_protections/${PROTECTED_BRANCH}" "$PATCH_PAYLOAD" >/dev/null 2>&1 || true
|
||||
log_info "Cleared security status checks from branch protection for ${repo}"
|
||||
done
|
||||
|
||||
log_success "Phase 9 teardown complete"
|
||||
Reference in New Issue
Block a user