127 lines
3.5 KiB
Markdown
127 lines
3.5 KiB
Markdown
# Interactive User Removal
|
|
|
|
Reference for [`remove_user_interactive.sh`](/opt/bytelyst/bytelyst-devops-tools/remove_user_interactive.sh).
|
|
|
|
## Purpose
|
|
|
|
Use this script to remove a GitHub user from repositories that match a name pattern. It supports both:
|
|
|
|
- interactive prompting
|
|
- command-line arguments for repeatable runs
|
|
|
|
This is the safer collaborator-removal path when you want per-repository confirmation by default.
|
|
|
|
## Requirements
|
|
|
|
- `bash`
|
|
- `curl`
|
|
- `jq`
|
|
- a GitHub token with enough access to inspect repositories and remove collaborators
|
|
|
|
The script accepts a token via `-t/--token`, or it will prompt for one interactively.
|
|
|
|
## Usage
|
|
|
|
Interactive:
|
|
|
|
```bash
|
|
./remove_user_interactive.sh
|
|
```
|
|
|
|
Non-interactive:
|
|
|
|
```bash
|
|
./remove_user_interactive.sh \
|
|
--user <github-username> \
|
|
--root <owner-or-org> \
|
|
--pattern '<repo-pattern>' \
|
|
--token "$GITHUB_TOKEN" \
|
|
--non-interactive
|
|
```
|
|
|
|
Help:
|
|
|
|
```bash
|
|
./remove_user_interactive.sh --help
|
|
```
|
|
|
|
## Supported Flags
|
|
|
|
- `-u`, `--user`
|
|
Username to remove.
|
|
- `-r`, `--root`
|
|
Root GitHub user or organization used for repository discovery.
|
|
- `-p`, `--pattern`
|
|
Repository name filter. `*` is supported as a wildcard.
|
|
- `-t`, `--token`
|
|
GitHub personal access token.
|
|
- `--non-interactive`
|
|
Auto-confirms all removals after discovery.
|
|
- `-h`, `--help`
|
|
Show usage.
|
|
|
|
## How Discovery Works
|
|
|
|
The script:
|
|
|
|
1. validates dependencies
|
|
2. validates the GitHub token
|
|
3. collects the root owner, target user, and repository pattern
|
|
4. fetches repositories for the root user
|
|
5. fetches organizations visible from that user and their repositories
|
|
6. filters repositories by the provided pattern
|
|
7. checks each repository for the target user as a collaborator
|
|
8. asks for confirmation before each removal unless `--non-interactive` is used
|
|
|
|
Repository names are handled as `owner/repo`. Invalid names discovered from the API are skipped.
|
|
|
|
## Pattern Matching
|
|
|
|
Examples:
|
|
|
|
- `*`
|
|
Match all discovered repositories.
|
|
- `frontend-*`
|
|
Match repositories whose names begin with `frontend-`.
|
|
- `*api*`
|
|
Match repositories whose names contain `api`.
|
|
- `exact-repo-name`
|
|
Match that exact repository name.
|
|
|
|
The script converts `*` to a regex-style wildcard internally. Matching is done against the repository name, not the full `owner/repo` path.
|
|
|
|
## Confirmation Modes
|
|
|
|
During interactive execution, each repository prompt supports:
|
|
|
|
- `y`
|
|
Remove from the current repository.
|
|
- `n`
|
|
Skip the current repository.
|
|
- `a`
|
|
Remove from all remaining repositories.
|
|
- `s`
|
|
Skip all remaining repositories.
|
|
- `q`
|
|
Exit immediately.
|
|
|
|
## Exit And Result Notes
|
|
|
|
- `204` from the GitHub API means the collaborator removal succeeded.
|
|
- `404` usually means the user is not a collaborator on that repository, or the repository could not be resolved with the current access.
|
|
- `403` during collaborator checks usually means the token lacks sufficient access for that repository.
|
|
|
|
At the end, the script prints counts for:
|
|
|
|
- processed repositories
|
|
- successful removals
|
|
- failed removals
|
|
- skipped removals
|
|
|
|
## Operational Guidance
|
|
|
|
- Prefer running without `--non-interactive` first unless you have already validated the repository pattern.
|
|
- Use a narrow pattern before using `*` against a large owner or organization.
|
|
- Keep the token out of shell history when possible. Prompted entry is safer than embedding it directly in commands.
|
|
- Cross-check `docs/operations.md` and `docs/supported-scripts.md` if you are choosing between this script, `remove_user_guided.sh`, and `remove_user_from_repos.sh`.
|