#!/bin/bash # Load environment variables GITHUB_TOKEN="${GITHUB_TOKEN:?❌ Error: GITHUB_TOKEN is not set in ~/.zshrc}" GITHUB_ORG="${GITHUB_ORG:?❌ Error: GITHUB_ORG is not set in ~/.zshrc}" GITHUB_USER="${GITHUB_USER:?❌ Error: GITHUB_USER is not set in ~/.zshrc}" # Define the whitelist of allowed collaborators WHITELIST=("saravanakumardb" "saravanange" "abhinaisai2002" "sandho" "akshaj-us" "saravanakumardb1" "bytelyst-ai" "umadev0931") # Fetch all private repositories where the user is an owner or collaborator REPO_DATA=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \ "https://api.github.com/user/repos?per_page=100&affiliation=owner,collaborator&visibility=private") # Extract repository names REPO_LIST=$(echo "$REPO_DATA" | jq -r '.[].name') # Exit if no repositories found if [[ -z "$REPO_LIST" ]]; then echo "❌ No private repositories found or token is missing the 'repo' scope." exit 1 fi echo "🔍 Checking repositories for non-whitelisted collaborators..." for REPO in $REPO_LIST; do # Determine if repo is under organization or user REPO_OWNER=$(echo "$REPO_DATA" | jq -r --arg REPO "$REPO" '.[] | select(.name==$REPO) | .owner.login') # If repo belongs to the org, use $GITHUB_ORG instead of user if [[ "$REPO_OWNER" == "$GITHUB_ORG" ]]; then REPO_OWNER="$GITHUB_ORG" fi # Fetch all collaborators (includes users even if they haven't committed) ALL_COLLABORATORS=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \ "https://api.github.com/repos/$REPO_OWNER/$REPO/collaborators" | jq -r '.[].login') # Identify non-whitelisted collaborators NON_WHITELISTED_COLLABS=() for COLLAB in $ALL_COLLABORATORS; do if [[ ! " ${WHITELIST[@]} " =~ " ${COLLAB} " ]]; then NON_WHITELISTED_COLLABS+=("$COLLAB") fi done # Only show repositories where non-whitelisted collaborators exist if [[ ${#NON_WHITELISTED_COLLABS[@]} -gt 0 ]]; then echo "🚨 Repository: $REPO (Owner: $REPO_OWNER)" echo "❌ Non-Whitelisted Collaborators:" printf '%s\n' "${NON_WHITELISTED_COLLABS[@]}" echo "--------------------------------------------" # Ask for confirmation and delete non-whitelisted collaborators for USER in "${NON_WHITELISTED_COLLABS[@]}"; do read -p "Do you want to remove collaborator '$USER' from '$REPO'? (yes/no): " CONFIRM if [[ "$CONFIRM" == "yes" ]]; then # Attempt to remove collaborator from repository RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -H "Authorization: token $GITHUB_TOKEN" \ "https://api.github.com/repos/$REPO_OWNER/$REPO/collaborators/$USER") if [[ "$RESPONSE" -eq 204 ]]; then echo "✅ Successfully removed $USER from repository $REPO." else echo "⚠️ Failed to remove $USER from repository $REPO (HTTP Status: $RESPONSE). Checking if they are an org member..." # If collaborator removal failed, check if they are an organization member ORG_MEMBER_RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: token $GITHUB_TOKEN" \ "https://api.github.com/orgs/$GITHUB_ORG/memberships/$USER") if [[ "$ORG_MEMBER_RESPONSE" -eq 200 ]]; then read -p "❗ $USER is an organization member. Remove them from org '$GITHUB_ORG'? (yes/no): " CONFIRM_ORG if [[ "$CONFIRM_ORG" == "yes" ]]; then ORG_REMOVE_RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -H "Authorization: token $GITHUB_TOKEN" \ "https://api.github.com/orgs/$GITHUB_ORG/memberships/$USER") if [[ "$ORG_REMOVE_RESPONSE" -eq 204 ]]; then echo "✅ Successfully removed $USER from organization '$GITHUB_ORG'." else echo "❌ Failed to remove $USER from the organization (HTTP Status: $ORG_REMOVE_RESPONSE)." fi else echo "🚫 Skipped removal of $USER from organization." fi else echo "❌ $USER is neither a direct collaborator nor an organization member. No action taken." fi fi else echo "🚫 Skipped removal of $USER from $REPO." fi done echo "--------------------------------------------" fi done