Create environment for repository using gh - github

Is it possible to create a new environment for a repository https://github.com/org/repo/settings/environments using the gh cli?
The only mention of environment I can find in the manual is here https://cli.github.com/manual/gh_secret_set where it says you can assign a secret to an existing environment, but it seems the environment would have to be created manually.

From what I'm seeing here in the gh cli repo that's going to be a no at this time. The issue [linked] is an enhancement request for just that.
I too wanted to know if this could be done, as it's part of my workflow to inject environment secrets.
You can still use the API to create it though.
curl -X PUT \
-H 'Authorization: Bearer ghp_...' \
-H 'Accept: application/vnd.github.v3+json' \
https://api.github.com/repos/<org>/<repo>/environments/<env>

Basically you need to create the environment first, then you can set branch policies:
jq -n '{"deployment_branch_policy": {"protected_branches": false, "custom_branch_policies": true}}'|gh api -H "Accept: application/vnd.github+json" -X PUT /repos/:owner/:repo/environments/dev --input -
gh api --method POST -H "Accept: application/vnd.github+json" "/repos/Oceaneering/it_infra_base_application_bootstrapper/environments/dev/deployment-branch-policies" -f name=dev
I wrote a python script for my use case that uses the gh cli to create environments and can include a branch pattern.
https://gist.github.com/walkerk1980/8a6f6879b32260360854a89bb880a48d

Related

GitHub Actions: Must have admin rights to trigger workflow_dispatch?

Using the github API I am trying to manually start a workflow using:
curl \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: MY_TOKEN" \
https://api.github.com/repos/djpr-data/djprdashdata/actions/workflows/refresh-data.yaml/dispatches
but I keep getting an authentication error:
{
"message": "Must have admin rights to Repository.",
"documentation_url": "https://docs.github.com/rest/reference/actions#create-a-workflow-dispatch-event"
}
This seems to be a similar issue to this question. But my PAT token has all admin and repo scopes selected. I also have my user account setup as admin for the repository and I have added a workflow dispatch to the workflow yaml file.
workflow_dispatch:
inputs:
tags:
description:
"run from cmdline"
I have been following the docs at https://docs.github.com/en/rest/actions/workflows#create-a-workflow-dispatch-event and have had no problems using the API to retrieve all previous workflow jobs. I have also tried the runs and jobs endpoints but get the same error. So I am now not sure what else I can do. Is there somewhere else I need to set permissions?
Thanks
This is a poor error message to tell you that your request is not formed correctly. If you want to pass a PAT as a header, you need to prefix it with token, as described in the docs:
-H "Authorization: token MY_TOKEN"
Once that's resolved, however, you'll also get an error because you don't pass the required ref payload. Assuming your default branch is main, here's a correct curl command:
> export MY_TOKEN=gha_abcdef
> curl \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: token $MY_TOKEN" \
-d '{"ref": "main"}' \
https://api.github.com/repos/djpr-data/djprdashdata/actions/workflows/refresh-data.yaml/dispatches

importing repos to github from curl results in 404 response

i am trying to use the curl command for github importer to import repositories from tfs (as git), following github's documentation
when i am running this command, i get a 404 response:
curl \
-X PUT \
-H "Accept: application/vnd.github.v3+json"\
-H "Authorization: token {MY_GITHUB_TOKEN}" \
https://api.github.com/repos/{MY-ORGANIZATION}/{REPO_NAME}/import \
-d '{"vcs":"git","vcs_url":"{TFS_REPO_URL}","vcs_username":"{TFS_USER_NAME}","vcs_password":"{TFS_PAT"}'
when i run the importer from the ui in github, everything works.
when i run a curl command to check the import status (for the repo i imported from the ui), i get a valid response:
curl \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token {MY_GITHUB_TOKEN}" \
https://api.github.com/repos/{MY-ORGANIZATION}/{REPO_NAME}/import
what is the missing piece?
so apparently the importer works differently from the ui and from the api:
when running the importer from curl we first need to create a repo in github and only then we can import it.

Github Workflow - Remove label at the end?

I have a workflow that is triggered when the pull request is labeled (via pull_request_target).
I would to automatically remove the label that triggered the analysis as the last step of that workflow.
How can I do that?
On Github: every pull request is an issue (but not every issue is a pull request).
You can find more informations about this on this stackoverflow answer.
Therefore, you could use the Github API to remove a (specific) label from an issue (or an action doing the same thing) as the last step of your workflow, using the PR number.
Here is the API on Github to remove label from issue (Official Documentation)
If you want to call it directly from the shell in your workflow with curl, it will looks like this:
curl \
-X DELETE \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/<owner>/<repo>/issues/<pr_number>/labels/<label_name>
GuiFalourd does indeed have the correct answer, but I did have to improve on it a bit.
If you want to use the workflow on a private repo, you do need to add an authorization token. Here's an example that uses GitHub context to populate everything besides the label name you want to delete:
curl --silent --fail-with-body \
-X DELETE \
-H 'Accept: application/vnd.github.v3+json' \
-H 'Authorization: token ${{ github.token }}' \
'https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.number }}/labels/YOUR-LABEL'
Also if your label has spaces, use %20 for the whitespace.

How do you create a project in a specific group via GitLab API?

I tried to use GitLab API to create a new project. This worked, but this is in my user space:
curl \
--header "Authorization: Bearer ${GITLAB_API_TOKEN}" \
--request POST \
"https://gitlab.com/api/v4/projects/?name=$test-proj"
But I wanted to do it under a specific group with group_id <group_id> (I blanked it here). The most sensible approach that occured to me was:
curl \
--header "Authorization: Bearer ${GITLAB_API_TOKEN}" \
--request POST \
"https://gitlab.com/api/v4/groups/<group_id>/projects/?name=test-proj
But this did not work. Are there any suggestions on how I could achieve this?
I consulted the following references
https://forum.gitlab.com/t/create-a-new-project-in-a-group-using-api/1552
https://docs.gitlab.com/ee/api/projects.html#create-project
The GitLab documentation mentions the path or namespace_id attribute (although I would actually be in search of a group_id attribute). I am not sure about path and how to specify that. I tried - without success - to retrieve the namespace_id via
curl --header "PRIVATE-TOKEN: ${GITLAB_API_TOKEN}" "https://gitlab.example.com/api/v4/namespaces"
It is well possible that I might not have the rights to do the required operation. Therefore a reference to an official (GitLab) documentation together with a test curl command that works would be very helpful to me - thank you!
For anyone looking for the direct command:
STEP 1:
Navigate as below and identify the group ID from GUI:
Admin Area -> Groups -> GroupName
STEP 2:
Construct the command with two parameters viz., name, namespace_id
curl --header "PRIVATE-TOKEN: <myprivatetoken>" -X POST "https://gitlab.com/api/v4/projects?name=myexpectedrepo&namespace_id=38"
Both users and groups are considered "namespaces" as far as the Gitlab API is concerned, so you can use either a group ID or a username in the namespace_id field. You can see this in use by getting a single namespace with either a Group ID (that you can see in the /groups API call, or from a Group's "profile" page) or a username:
# this will show the namespace details of the Group with ID 54
curl --header "PRIVATE-TOKEN: ${TOKEN}" "https://gitlab.com/api/v4/namespaces/54
# this will show the namespace details of the User with username my-username
curl --header "PRIVATE-TOKEN: ${TOKEN}" "https://gitlab.com/api/v4/namespace/my-username
If you have the appropriate access level, you can assign a git remote to your local repository that includes your group name. Then, the push event will trigger GitLab to create the remote repository.
$ mkdir project_name && cd $_
$ echo "# project_name" > README.md
$ git init; git add .; git commit -m initial
$ GITLAB_HOST="gitlab.com"
$ git remote add origin git#${GITLAB_HOST}:group_name/project_name.git
$ git push origin HEAD
Then, point your browser to ${GITLAB_HOST}/group_name/project_name
https://docs.gitlab.com/ee/user/group/#specify-who-can-add-projects-to-a-group

Github api tag is not created

I tried to create a tag using Github API. I made a POST request to /repos/:owner/:repo/git/tags, and I get this result:
HTTP/1.1 201 Created
But unfortunately no tag was created. The new tag simply does not exist.
What do I wrong?
The tagging didn't work for me. It shows created, but nothing appears on github. However, I managed to achieve tagging by creating pre-release. Which is not ideal, but still better than nothing:
curl --location --request POST
'https://<giturl>/repos/{owner}/{repo}/releases' \
--header 'Authorization: Basic xxx' \
--header 'Content-Type: application/vnd.github.v3+json' \
--data-raw '{
"tag_name": "v0.0.1",
"target_commitish": "master",
"name": "v0.0.1",
"body": "This is for Release v0.0.1 of the product",
"draft": false,
"prerelease": true}'
There are two types of tags -- annotated and lightweight, you can check the difference here.
As Github API puts, /repos/:owner/:repo/git/tags only created an annotated tag object, and then you should manually create a refrence with the sha of this tag object by calling create refrence api:
curl \
-X POST \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/OWNER/REPO/git/refs \
-d '{"ref":"refs/tags/tagName","sha":"the sha of tag object"}'
In another case, if you only want to add a lightweight tag to one commit, you should directly call create refrence api without the first step:
curl \
-X POST \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/OWNER/REPO/git/refs \
-d '{"ref":"refs/tags/tagName","sha":"the sha of the commit that you want to tag"}'