Code Monkey home page Code Monkey logo

team-sync's Introduction

team-sync

This is a GitHub action to synchronize GitHub Teams with the contents of a teams document in an organization repository.

Usage

  1. Choose or create a repository in your organization for this action. If your organization is already using a .github repository to manage GitHub files like Issue and PR templates across the organization, that's a good choice.

  2. Create a .github/teams.yml file in that repository with the following format:

    designers:
  description: The amazing design team
  slack: "#design-team"
  members:
  - name: Alice Smith
    github: alicesmith
  - name: Bob Jones
    github: bjonesdev
fighters:
  members:
  - name: Dave Grohl
    github: dgrohl
  - name: Taylor Hawkins
    github: taylorhawk1

    For the team sync, what's important is that the outer object maps each team name to an object with a members array of objects containing a github key. Any other fields can be included in the members objects (e.g. name, email, etc.) but github is the required one that declares which GitHub users should be part of each team.

    If you provide a description field alongside the members array, this description will be synced to the GitHub Team's description. Any other fields can be included alongside these two (e.g. Slack channel, Trello board URL, etc.), though they will be ignored by the action.

  3. As an organization administrator, generate a Personal Access Token with the admin:org scope. Enable SSO for the token if necessary for your organization. (The admin:org scope is necessary to manage GitHub Teams.) If your repository is private, you also need to include the repo scope.

  4. In the repository settings, create a new Secret called ORG_ADMIN_ACCESS_TOKEN to store the token. (The name of the secret is not important, as long you use that name to configure the repo-token secret below.)

  5. Create a .github/workflows/team_sync.yml file like this:

    name: 'Team Sync'
on:
  push:
    branches:
      - main
    paths:
      - '.github/teams.yml'

jobs:
  synchronize-teams:
    runs-on: ubuntu-latest
    steps:
    - uses: rmacklin/team-sync@v0
      with:
        repo-token: "${{ secrets.ORG_ADMIN_ACCESS_TOKEN }}"

Now your team can create pull requests that update the teams.yml file and when they are merged to main, the GitHub Teams in your organization will be created/updated according to those changes!

Additional Configuration

prefix-teams-with

For large organizations, it may be more appropriate/practical to manage teams within a subdivision of the larger organization. However, team names still have to be unique across the whole GitHub organization. To support this, you can specify the prefix-teams-with attribute in the action configuration:

.github/workflows/team_sync.yml:

name: 'Team Sync'
on:
  push:
    branches:
      - main
    paths:
      - '.github/teams.yml'

jobs:
  synchronize-teams:
    runs-on: ubuntu-latest
    steps:
    - uses: rmacklin/team-sync@v0
      with:
        repo-token: "${{ secrets.ORG_ADMIN_ACCESS_TOKEN }}"
        prefix-teams-with: 'foo'

.github/teams.yml:

designers:
  description: The amazing design team
  members:
  - name: Alice Smith
    github: alicesmith
  - name: Bob Jones
    github: bjonesdev
fighters:
  members:
  - name: Dave Grohl
    github: dgrohl
  - name: Taylor Hawkins
    github: taylorhawk1

This configuration would create the teams foo designers and foo fighters (rather than designers and fighters).

team-data-path

By default, the action looks for the team data in the .github/teams.yml file in your repository. You can specify the team-data-path option to change this. (Note that you'll also want to change the paths configuration specified in the workflow definition.) For example, if you want to keep teams.yml in the root of your repository, you could use:

name: 'Team Sync'
on:
  push:
    branches:
      - main
    paths:
      - 'teams.yml'

jobs:
  synchronize-teams:
    runs-on: ubuntu-latest
    steps:
    - uses: rmacklin/team-sync@v0
      with:
        repo-token: "${{ secrets.ORG_ADMIN_ACCESS_TOKEN }}"
        team-data-path: 'teams.yml'

The team_sync_ignored property

You can add "team_sync_ignored": true to a team's properties to prevent that team from being synchronized with a corresponding GitHub Team.

Fine print

Note that if you rename a team (in a way that updates the team's computed slug), this action will create a new team with the new name, rather than updating the old team. This action will not delete any teams since doing so is very destructive and difficult to reverse. (Even if you are using this action to manage GitHub teams, it still permits the existence of other teams in the organization that are managed elsewhere.) So, if you want to rename a team in a way that changes its slug, you should rename the GitHub Team before you update your teams document with the new name. Otherwise you'll need to manually delete the old GitHub Team after this action creates a new GitHub Team using the new name.

team-sync's People

Contributors

dependabot[bot] avatar michaelsp avatar rmacklin avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

syllogy michaelsp halleyassist mycase prasadprabhu333 infiotinc

team-sync's Issues

Feature Request: Syncronise Repository list and permissions for a team

Syntax could be like:

designers:
  description: The amazing design team
  slack: "#design-team"
  members:
  - name: Alice Smith
    github: alicesmith
  - name: Bob Jones
    github: bjonesdev
 repos:
   - regex-allow: "^add-all-with-this-prefix"
   - regex-ignore: "^big-red-button"
   - exact: "this is allowed"

If repos is not provided perform no repository sync.

Bad Credentials

Hey guys, I am trying to run this on github enterprise server.

I set up the PAT correctly I think, perhaps i'm getting this issue cause its not reaching out to my github server but rather github.com?

Error Log

Run rmacklin/team-sync@v0
  with:
    repo-token: ***
    prefix-teams-with: GCP-
    team-data-path: .github/teams.yml
Error: HttpError: Bad credentials
Error: Bad credentials

Feature: Declare parent Team

๐Ÿ‘‹

Love the library, as it reduces the amount of work we do in the UI and allows us a nice paper-trail for teams changing.

We have teams which are parented under an umbrella team for permissions reasons. When a new team is created via the script it'd be nice if we wouldn't have to go update the team to use the right parent team.

As far as implementation goes I think you'd need to:

  • Check if the team is in the metadata and needs creating and create it first
  • Otherwise check if it exists (and error if it doesn't)

This does introduce an ordering in how teams are created, but that should be relatively easy to code.

Thanks!

YAML Anchor Support

I'm wondering if this will support YAML anchors (some examples here https://support.atlassian.com/bitbucket-cloud/docs/yaml-anchors/)

I could see something like the following being REALLY handy for those orgs with tight restrictions acess restrictions and cross-functional teams. If it doesn that's awesome and updating the readme to show that would be a great idea.

product-team-1:
  description: The amazing design team
  slack: "#design-team"
  members:
  - name: Alice Smith
    github: alicesmith
  - name: Bob Jones
    github: bjonesdev
product-team-2:  
   members: 
   - name: Dave Grohl
    github: dgrohl
  - name: Taylor Hawkins
    github: taylorhawk1
security-team:
   members: &security-team
   - name: Jimmy Hendrix
     github:jhendrix
   - name: Tash Sultana
     github: tashsultan
product-1-sec:
   members: *security-team

Improve diagnostic message for invalid yaml path

In the function async function fetchContent(client: github.GitHub, repoPath: string): Promise<string> {

In the event that the YAML file is not found, you returned the following diagnostics:

HttpError: Not Found
Error: Not Found

Ideally the client.repos.getContents call is wrapped and could return / log that it was unable to load the file rather than a generic HTTP error

Feature: YML validation

Since this action only makes sense to run on pushes to the default branch, we don't have good validation/feedback that the YML isn't completely broken until we've already merged the PR.

I nice easy little PR check to validate the teams yml is "valid" for the action would be lovely.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.