bytelyst/bytelyst-devops-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dea1546d9f
bytelyst-devops-tools/docs/remove_user_interactive.md

3.5 KiB
Raw Blame History

Interactive User Removal

Reference for remove_user_interactive.sh.

Purpose

Use this script to remove a GitHub user from repositories that match a name pattern. It supports both:

  • interactive prompting
  • command-line arguments for repeatable runs

This is the safer collaborator-removal path when you want per-repository confirmation by default.

Requirements

  • bash
  • curl
  • jq
  • a GitHub token with enough access to inspect repositories and remove collaborators

The script accepts a token via -t/--token, or it will prompt for one interactively.

Usage

Interactive:

./remove_user_interactive.sh

Non-interactive:

./remove_user_interactive.sh \
  --user <github-username> \
  --root <owner-or-org> \
  --pattern '<repo-pattern>' \
  --token "$GITHUB_TOKEN" \
  --non-interactive

Help:

./remove_user_interactive.sh --help

Supported Flags

  • -u, --user Username to remove.
  • -r, --root Root GitHub user or organization used for repository discovery.
  • -p, --pattern Repository name filter. * is supported as a wildcard.
  • -t, --token GitHub personal access token.
  • --non-interactive Auto-confirms all removals after discovery.
  • -h, --help Show usage.

How Discovery Works

The script:

  1. validates dependencies
  2. validates the GitHub token
  3. collects the root owner, target user, and repository pattern
  4. fetches repositories for the root user
  5. fetches organizations visible from that user and their repositories
  6. filters repositories by the provided pattern
  7. checks each repository for the target user as a collaborator
  8. asks for confirmation before each removal unless --non-interactive is used

Repository names are handled as owner/repo. Invalid names discovered from the API are skipped.

Pattern Matching

Examples:

  • * Match all discovered repositories.
  • frontend-* Match repositories whose names begin with frontend-.
  • *api* Match repositories whose names contain api.
  • exact-repo-name Match that exact repository name.

The script converts * to a regex-style wildcard internally. Matching is done against the repository name, not the full owner/repo path.

Confirmation Modes

During interactive execution, each repository prompt supports:

  • y Remove from the current repository.
  • n Skip the current repository.
  • a Remove from all remaining repositories.
  • s Skip all remaining repositories.
  • q Exit immediately.

Exit And Result Notes

  • 204 from the GitHub API means the collaborator removal succeeded.
  • 404 usually means the user is not a collaborator on that repository, or the repository could not be resolved with the current access.
  • 403 during collaborator checks usually means the token lacks sufficient access for that repository.

At the end, the script prints counts for:

  • processed repositories
  • successful removals
  • failed removals
  • skipped removals

Operational Guidance

  • Prefer running without --non-interactive first unless you have already validated the repository pattern.
  • Use a narrow pattern before using * against a large owner or organization.
  • Keep the token out of shell history when possible. Prompted entry is safer than embedding it directly in commands.
  • Cross-check docs/operations.md and docs/supported-scripts.md if you are choosing between this script, remove_user_guided.sh, and remove_user_from_repos.sh.