72 lines
2.5 KiB
Bash
Executable File
72 lines
2.5 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
# =============================================================================
|
|
# phase9_teardown.sh — Remove security scanning workflows from all repos
|
|
# Also removes security status checks from branch protection if they were added.
|
|
# Clones each repo, removes security-scan.yml, commits + pushes.
|
|
# =============================================================================
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
|
source "${SCRIPT_DIR}/lib/common.sh"
|
|
|
|
load_env
|
|
require_vars GITEA_ADMIN_TOKEN GITEA_INTERNAL_URL GITEA_ORG_NAME \
|
|
GITEA_ADMIN_USER \
|
|
REPO_1_NAME REPO_2_NAME REPO_3_NAME \
|
|
PROTECTED_BRANCH
|
|
|
|
log_warn "=== Phase 9 Teardown: Security Scanning ==="
|
|
|
|
REPOS=("$REPO_1_NAME" "$REPO_2_NAME" "$REPO_3_NAME")
|
|
TEMP_BASE="/tmp/gitea-migration-security-teardown"
|
|
|
|
cleanup() {
|
|
rm -rf "$TEMP_BASE"
|
|
}
|
|
trap cleanup EXIT
|
|
|
|
printf 'This will remove security-scan.yml from all repos. Continue? [y/N] '
|
|
read -r confirm
|
|
if [[ ! "$confirm" =~ ^[Yy]$ ]]; then
|
|
log_info "Teardown cancelled"
|
|
exit 0
|
|
fi
|
|
|
|
for repo in "${REPOS[@]}"; do
|
|
log_info "--- Processing: ${repo} ---"
|
|
|
|
# Check if security-scan.yml exists before cloning
|
|
if ! gitea_api GET "/repos/${GITEA_ORG_NAME}/${repo}/contents/.gitea/workflows/security-scan.yml" >/dev/null 2>&1; then
|
|
log_info "No security-scan.yml in ${repo} — already clean"
|
|
continue
|
|
fi
|
|
|
|
# Clone, remove, commit, push
|
|
CLONE_DIR="${TEMP_BASE}/${repo}"
|
|
rm -rf "$CLONE_DIR"
|
|
|
|
CLONE_URL="${GITEA_INTERNAL_URL%%://*}://${GITEA_ADMIN_USER}:${GITEA_ADMIN_TOKEN}@${GITEA_INTERNAL_URL#*://}"
|
|
git clone -q "${CLONE_URL}/${GITEA_ORG_NAME}/${repo}.git" "$CLONE_DIR"
|
|
|
|
if [[ -f "${CLONE_DIR}/.gitea/workflows/security-scan.yml" ]]; then
|
|
rm -f "${CLONE_DIR}/.gitea/workflows/security-scan.yml"
|
|
cd "$CLONE_DIR"
|
|
git config user.name "Gitea Migration"
|
|
git config user.email "migration@gitea.local"
|
|
git add -A
|
|
git commit -q -m "Remove security scanning workflow (teardown)"
|
|
git push -q origin HEAD
|
|
cd "$SCRIPT_DIR"
|
|
log_success "Removed security-scan.yml from ${repo}"
|
|
fi
|
|
|
|
# Remove security status checks from branch protection
|
|
# Reset to empty status check contexts
|
|
PATCH_PAYLOAD=$(jq -n '{status_check_contexts: []}')
|
|
gitea_api PATCH "/repos/${GITEA_ORG_NAME}/${repo}/branch_protections/${PROTECTED_BRANCH}" "$PATCH_PAYLOAD" >/dev/null 2>&1 || true
|
|
log_info "Cleared security status checks from branch protection for ${repo}"
|
|
done
|
|
|
|
log_success "Phase 9 teardown complete"
|