Add a new team to all Github repos in an organization

add-team-to-repos.js

/*
 * Adds a team to all the repos in a Github organization. This is a tedious
 * process in the UI. You'll need a newer version of node to run this (e.g 9+)
 * because it uses async/await.
 *
 * Instructions:
 *
 * 1. Copy this file somewhere on your computer, e.g. ~/addteamrepos.js
 * 2. Fill in the uppercase variables below with the right values
 * 3. Run this file: `$ node ~/addteamrepos.js`
 */

const GITHUB_ORG = 'xxxxx'; /* Name of the github organization the team is under and the repos are in */
const GITHUB_ACCESS_TOKEN = 'xxxxxxxxxxxxxxxxxxxxxxx'; /* Create an access token here: https://github.com/settings/tokens */
const TEAM_ID = '11111111'; /* Github team ID, not the same as the name, get it from the API */
const TEAM_PERMISSION = 'push'; /* 'pull' or 'push' or 'admin' */

const { exec } = require('child_process');

function execPromise(command) {
  return new Promise((resolve, reject) => {
    exec(command, (err, stdout, stderr) => {
      if (err) {
        return reject(err);
      }
      resolve([stdout, stderr]);
    });
  });
}

async function fetchReposPage(org, page) {
  const [response] = await execPromise(
    `curl -i -H "Authorization: token ${GITHUB_ACCESS_TOKEN}" https://api.github.com/orgs/${org}/repos?page=${page}`
  );
  const nextPageRe = /Link\: \<.+page\=([0-9])\>\; rel\=\"next\"/g;
  const nextPageMatch = nextPageRe.exec(response);
  const nextPage = nextPageMatch ? nextPageMatch[1] : null;
  const repos = JSON.parse(response.slice(response.indexOf('[')));
  return [repos, nextPage];
}

async function fetchRepos(org) {
  let repos = [];
  let page = 1;
  while (page) {
    let [currentRepos, nextPage] =  await fetchReposPage(org, page);
    repos = [...repos, ...currentRepos];
    page = nextPage;
  }
  return repos;
}

async function addTeamToRepo(teamId, org, repo, permission) {
  const [out,err] = await execPromise(
    `curl -X PUT -H "Authorization: token ${GITHUB_ACCESS_TOKEN}" -d '{"permission":"${permission}"}' https://api.github.com/teams/${teamId}/repos/${org}/${repo}`
  );
  console.log(`...  Added team "${teamId}" to repo "${org}/${repo}" with permission "${permission}"`);
}

(async () => {
  /* Fetch all repos names for org */
  console.log(`Fetching repos from organization "${GITHUB_ORG}"`);
  const repos = await fetchRepos(GITHUB_ORG);
  const repoNames = repos.map(r => r.name);
  console.log(`... Found ${repoNames.length} repos`)

  /* Add team to each repo */
  console.log(`Adding team "${TEAM_ID}" to ${repoNames.length} repos with permission "${TEAM_PERMISSION}"`);
  for (let repo of repoNames) {
    await addTeamToRepo(TEAM_ID, GITHUB_ORG, repo, TEAM_PERMISSION);
  }
})();

Had to edit a few things to get it to work on my windows machine,

Following the API I've changed the following:

1. Uppercase L is fine (again)
2. Asterisk seems to work so i added that in
3. Repo owner is now apparently a required field -> using the same as our organisation name worked, but in the case that certain repos have different owners you might want to check that; you can probably find it in repos.owner.login
4. team id is now the team slug
5. added logging for replies
6. fixed the curl parsing issue when working from cmd

So here's the script with these changes that worked for me in windows using cmd:

/*
 * Adds a team to all the repos in a Github organization. This is a tedious
 * process in the UI. You'll need a newer version of node to run this (e.g 9+)
 * because it uses async/await.
 *
 * Instructions:
 *
 * 1. Copy this file somewhere on your computer, e.g. ~/addteamrepos.js
 * 2. Fill in the uppercase variables below with the right values
 * 3. Run this file: `$ node ~/addteamrepos.js`
 */

const GITHUB_ORG = 'your-organisation'; /* Name of the github organization the team is under and the repos are in */
const GITHUB_ACCESS_TOKEN = 'ghp_yourtoken'; /* Create an access token here: https://github.com/settings/tokens */
const TEAM_SLUG = 'your-team-slug'; /* GitHub team slug, similar to the name, you can get it from the API (the url when checking team) */
const TEAM_PERMISSION = 'push'; /* 'pull' or 'push' or 'admin' */
const REPO_OWNER = 'name-of-owner' /* Possibly the same as your organisation */

const { exec } = require('child_process');

function execPromise(command) {
  return new Promise((resolve, reject) => {
    exec(command, (err, stdout, stderr) => {
      if (err) {
        return reject(err);
      }
      resolve([stdout, stderr]);
    });
  });
}

async function fetchReposPage(org, page) {
  const [response] = await execPromise(
    `curl -i -H "Authorization: token ${GITHUB_ACCESS_TOKEN}" https://api.github.com/orgs/${org}/repos?page=${page}`
  );
  const nextPageRe = /Link\: \<.+page\=([0-9]*)\>\; rel\=\"next\"/g;
  const nextPageMatch = nextPageRe.exec(response);
  const nextPage = nextPageMatch ? nextPageMatch[1] : null;
  const repos = JSON.parse(response.slice(response.indexOf('[')));
  return [repos, nextPage];
}

async function fetchRepos(org) {
  let repos = [];
  let page = 1;
  while (page) {
    let [currentRepos, nextPage] =  await fetchReposPage(org, page);
    repos = [...repos, ...currentRepos];
    page = nextPage;
  }
  return repos;
}

async function addTeamToRepo(teamSlug, org, repo, permission, owner) {
  const [out,err] = await execPromise(
    `curl -X PUT -H "Authorization: token ${GITHUB_ACCESS_TOKEN}"  https://api.github.com/orgs/${org}/teams/${teamSlug}/repos/${owner}/${repo} -d \"{\\"permission\\":\\"${permission}\\"}\"`
  );
  console.log(out);
  console.log(`...  Added team "${teamSlug}" to repo "${org}/${repo}" with permission "${permission}"`);
}

(async () => {
  /* Fetch all repos names for org */
  console.log(`Fetching repos from organization "${GITHUB_ORG}"`);
  const repos = await fetchRepos(GITHUB_ORG);
  const repoNames = repos.map(r => r.name);
  console.log(`... Found ${repoNames.length} repos`)

  /* Add team to each repo */
  console.log(`Adding team "${TEAM_SLUG}" to ${repoNames.length} repos with permission "${TEAM_PERMISSION}"`);
  for (let repo of repoNames) {
    await addTeamToRepo(TEAM_SLUG, GITHUB_ORG, repo, TEAM_PERMISSION, REPO_OWNER);
  }
})();

If you're not running in CMD you might want to change the
\"{\\"permission\\":\\"${permission}\\"}\"
back to
'{"permission":"${permission}"}'

With this script I am add only public repos and not the private repos.

You need to setup your token to access ALL repos

thank you!

Morning 👋

Could you add a note to the top on how you get the team ID?
something like run curl -H "Authorization: token ${GITHUB_ACCESS_TOKEN}" https://api.github.com/orgs/${GITHUB_ORG}/teams#list-teams

In case this is useful to anyone looking at easy ways to obtain a token

# for those using GitHub CLI
# there is an easy way to obtain a token from command line
# post initial authenticating  
# if I'm not wrong github access token prefix could differ
# -> classic token vs fine grained token 
#
# below produced with
# gh version 2.4.0+dfsg1 (2022-03-23 Ubuntu 2.4.0+dfsg1-2)
# https://github.com/cli/cli/releases/latest
token_prefix="gho." 
token=$(gh auth status --show-token 2>&1) 
GITHUB_ACCESS_TOKEN=$(echo $token | grep -o -P "$token_prefix{37}") 
# confirm token value is correct - before adding to scripts
echo $GITHUB_ACCESS_TOKEN

# with a token which relevant access to GitHub org
# curl
curl -H "Authorization: token ${GITHUB_ACCESS_TOKEN}" https://api.github.com/orgs/infraxis/teams
# curl + jq
curl -s -H "Authorization: token ${GITHUB_ACCESS_TOKEN}" https://api.github.com/orgs/infraxis/teams | jq -r '.[]'
# curl + jq - show id and name
curl -s -H "Authorization: token ${GITHUB_ACCESS_TOKEN}" https://api.github.com/orgs/infraxis/teams | jq -r '.[] | "\(.id) \t \(.name)"'
# curl + jq + team name grep
curl -s -H "Authorization: token $GITHUB_ACCESS_TOKEN" https://api.github.com/orgs/infraxis/teams | jq -r '.[] | "\(.id) \t \(.name)"' | grep -i foo