I've been looking for a way to convert my private repositories to public ones, but since there are so many of them, I preferred to do it the easy way and resorted to the GitHub API, but this one, as far as I could find, only allows editing the visibility of repositories that are public. Looking through the most up-to-date documentation, I realized that the only endpoints available for access while authenticated are (Repositories, Endpoints available):
GET /user/repos
POST /user/repos
POST /user/projects
I also tried using the browser console and generating a log when I make a request to change visibility, but it doesn't seem to make any requests to the GitHub API.
You can sets a repo's visibility to public (or private) with this REST endpoint:
PATCH /repos/{owner}/{repo}
This does work for repos that are private (despite your comment). And if the repo already has the visibility being requested, the API will return an error message indicating that status.
visibility Parameter
Can be public or private. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be internal. The visibility parameter overrides the private parameter when you use both along with the nebula-preview preview header.
Examples
curl
curl \
-X PATCH \
-H "Accept: application/vnd.github.nebula-preview+json" \
https://api.github.com/repos/octocat/hello-world \
-d '{"visibility":"public"}'
gh
gh api -X PATCH /repos/octocat/hello-world -fvisibility=public --preview nebula
2022: I would use the GitHub CLI and its gh repo edit command:
cd /path/to/local/repo
gh repo edit --visibility=public
2020: Yes, you can, but as mention in the repository API, this is still in beta:
You can set the visibility of a repository using the new visibility parameter in the Repositories API, and get a repository's visibility with a new response key.
For more information, see the blog post.
To access repository visibility during the preview period, you must provide a custom media type in the Accept header:
application/vnd.github.nebula-preview+json
Related
Background:
In Github, we have a shared project which can be updated by all the teams. In this project we have a lot of files belong to one or multiple teams. We can identify a file belong to which team by checking the files(.py) header, like:
# protected-by: teamA, teamB
Now, I am working on protecting the file by adding the teamA and teamB as must reviewers when anyone send a PR having updates on the file.
Problem
So far, I can use CircleCI to detect the changed files, extract the protectors list and set them as reviewers by using Github API like this:
curl --location --request POST -u $GH_USER:$GH_TOKEN \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/OWNER/PROJECT/pulls/${pr_number}/requested_reviewers \
-d "{\"team_reviewers\":[$reviewers]}"
The problem is the reviewers I added are not must reviewers like CODEOWNER, users still could be able to merge without protectors' review. So I am thinking is there anyway to make PR must be reviewed by some reviewers, otherwise can not be merged by using Github API or other methods?
I need to create documentation giving instructions to generate a Personal Access Token that will only need to create Pull Requests on Github.
I've read the documentation describing the various OAuth scopes, but it is still not clear to me which OAuth scope(s) I need to select in order to be able create a Pull Request.
What OAuth scope(s) need to be selected for users to be able to create Pull Requests?
From https://docs.github.com/en/rest/reference/pulls#create-a-pull-request:
To open or update a pull request in a public repository, you must have write access to the head or the source branch. For organization-owned repositories, you must be a member of the organization that owns the repository to open or update a pull request.
The repos scope should be needed.
And, with the GitHub CLI gh v2.22.0 (Jan. 2023), you can search from within your local cloned GitHub repository:
See gh auth status --show-token: it will display the auth token you are using.
I am trying to add users to a private Github repo within an organisation. Starting from this post, I've simply changed the API endpoint to cope with organizations (as explained here), and I end up with the following command:
gh api orgs/MY_ORG/repos/MY_USER_NAME/MY_REPO/collaborators/COLLABORATOR_USER_NAME -f '{"permission":"maintain"}';
This command systematically returns a 404 error (note that I also get a 404 when I just try to check if a user has access to a repo, i.e. the GET version of the above command).
I also need to mention that this doesn't seem to be a trivial gh auth login issue since a command like gh repo create MY_ORG/MY_REPO works fine.
Here is also some technical details:
os: macosx 10.15.16
git: 2.24.3
gh: 1.1.0
I take the initiative to answer my own question here since after some investigations (thanks to mislav for his help) and trials and errors, I ve found the proper way to add collaborators to a GitHub repo within an organization with the CLI. I think it is worth posting it, hopefully this will help others.
Invite an outside collaborator to a repo within an organization
gh api -X PUT repos/:org/:repo/collaborators/:username -f permission=:perm
the -X PUT specifies that the request is a PUT and not a GET (default request). The repo's identifier is specified by :org/:repo (note that if the repo is not under an organization, the identifier will be :owner/:repo). The :perm argument indicates the type of access, the default value is push (see here)
So assume I want to provide admin access to jonsnow to the repo winterfell under the organization got, I will use the following command
gh api -X PUT repos/got/winterfell/collaborators/jonsnow -f permission=admin
Note that if you send an invite for the repo directly, the user will appear as an outside collaborator (not as an organization member)
Add a member to the organization and invite him to a repo
You just need to include the user as a member to the organisation beforehand with
gh api -X PUT /orgs/:org/memberships/:username -f role=:role
and then you can provide him access to a specific repo with the same command as above, i.e.
gh api -X PUT repos/:org/:repo/collaborators/:username -f permission=:perm
Note that the value for the various :role can be found here
You can set organization membership for a user
put /orgs/{org}/memberships/{username}
You can add a collaborator to a repo
put /repos/{owner}/{repo}/collaborators/{username}
But I don't think you can combine the two (add a collaborator to an org repo)
That is because that collaborator need to be a member of the organisation first (so receive and accept the invitation), before being added to a repository.
Usually one must click link "Invite teams or people" after accessing "https://github.com///settings/access" in a web browser.
But, I wish to do this through a command line interface, because I must invite
many persons. Is it possible?
You could use the GitHub API in order to add a collaborator
PUT /repos/:owner/:repo/collaborators/:username
See for instance here:
curl -H "Authorization: token YOUR_TOKEN" "https://api.github.com/repos/YOUR_USER_NAME/YOUR_REPO/collaborators/COLLABORATOR_USER_NAME" -X PUT -d '{"permission":"admin"}'
With permission level being one of:
pull - can pull, but not push to or administer this repository.
push - can pull and push, but not administer this repository.
admin - can pull, push and administer this repository.
maintain - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
triage - Recommended for contributors who need to proactively manage issues and pull requests without write access.
(default is "push")
Update Sept. 2020, considering GitHub CLI gh is now 1.0, it could be a good feature to add (a kind of gh repo invite)
In the meantime, you can use gh pi to make a similar API call, automatically authenticated, with -f to add POST fields.
gh api repos/YOUR_USER_NAME/YOUR_REPO/collaborators/COLLABORATOR_USER_NAME" -f '{"permission":"admin"}'
An alternative using hub:
1- Check all users with permissions in your repo:
hub api --flat 'repos/YOUR_USER_OR_ORGANIZATION_NAME/YOUR_REPO/collaborators' | grep -E 'login|permissions'
2- Give permission to an user :
hub api 'repos/YOUR_USER_OR_ORGANIZATION_NAME/YOUR_REPO/collaborators/COLLABORATOR_USER_NAME' -H X:PUT -H d:'{"permission":"admin"}'
You can use the github cli or call the github api directly through curl. In this example I add a member to a company repo using the github cli:
gh api "orgs/$target_repo/teams/$team/repos/$target_repo/$repo_new_name" -X PUT -f permission=admin
Also see the docs: https://docs.github.com/en/rest/reference/teams#add-or-update-team-repository-permissions
For your situation you can use this endpoint:
https://docs.github.com/en/rest/reference/repos#add-a-repository-collaborator
I want to programmatically get a list of open pull requests for a specific private github repository - ours, as it turns out. I assume I can only do this via the github api (http://developer.github.com/) - feel free to tell me there's another way - but I can't figure out whether the API allows this, either. The given API calls seem to assume the target repository is public, which ours is not. I would have thought there would be a way to authenticate as a user of the given repository via ssh key (the same way committing works), but I don't see anything to that effect. All in all I'm puzzled and not at all sure I can actually do this. Am I missing a crucial part of the documentation, or is there possibly some alternative I can leverage?
Yes, the GitHub Pull Requests API supports private repos also. You just need to authenticate or you will get an error saying that the repository does not exist.
Example using curl and basic authentication:
curl -u "username" https://api.github.com/repos/:user/:repo/pulls
This will then prompt you for your password and return a list of pull requests as described in the API docs.
Also check out the docs on authentication: http://developer.github.com/v3/#authentication