#!/bin/bash

# Define the whitelist of allowed collaborators
WHITELIST=("saravanakumardb" "saravanange" "abhinaisai2002" "sandho" "akshaj-us" "saravanakumardb1" "bytelyst-ai" "umadev0931")

# Fetch all private repositories where the user is an owner or collaborator
REPO_DATA=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
            "https://api.github.com/user/repos?per_page=100&affiliation=owner,collaborator&visibility=private")

# Extract repository names
REPO_LIST=$(echo "$REPO_DATA" | jq -r '.[].name')

# Exit if no repositories found
if [[ -z "$REPO_LIST" ]]; then
    echo "❌ No private repositories found or token is missing the 'repo' scope."
    exit 1
fi

echo "🔍 Fetching repositories with non-whitelisted collaborators..."
for REPO in $REPO_LIST; do
  # Determine the actual owner (useful if it belongs to an org)
  REPO_OWNER=$(echo "$REPO_DATA" | jq -r --arg REPO "$REPO" '.[] | select(.name==$REPO) | .owner.login')

  # Fetch all collaborators (includes users even if they haven't committed)
  ALL_COLLABORATORS=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
                      "https://api.github.com/repos/$REPO_OWNER/$REPO/collaborators" | jq -r '.[].login')

  # Identify non-whitelisted collaborators
  NON_WHITELISTED_COLLABS=()
  for COLLAB in $ALL_COLLABORATORS; do
    if [[ ! " ${WHITELIST[@]} " =~ " ${COLLAB} " ]]; then
      NON_WHITELISTED_COLLABS+=("$COLLAB")
    fi
  done

  # Only show repositories where non-whitelisted collaborators exist
  if [[ ${#NON_WHITELISTED_COLLABS[@]} -gt 0 ]]; then
      echo "🚨 Repository: $REPO (Owner: $REPO_OWNER)"
      echo "❌ Non-Whitelisted Collaborators:"
      printf '%s\n' "${NON_WHITELISTED_COLLABS[@]}"
      echo "--------------------------------------------"
  fi
done