sfowl/update-k8s-sec-contacts.sh

## update-k8s-sec-contacts.sh
#!/usr/bin/bash

# org="$HOME/go/src/github.com/kubernetes"
org="$1"

# prereqs and token code written by Joel Smith
allprereqs=1
for i in cat shyaml hub jq curl git; do
 if ! command -v $i &> /dev/null; then
  echo $?
  echo "Missing prerequisite: $i"
  allprereqs=0
 fi
done
[ "$allprereqs" = "1" ] || exit 1

token="$(shyaml get-value github\\.com.0.oauth_token < ~/.config/hub)"
[ $? -eq 0 ] || { echo unable to get GitHub token from ~/.config/hub; exit 1; }

cat <<EOF > /tmp/all_psc_usernames
cjcullen
cji
joelsmith
lukehinds
micahhausler
swamymsft
tallclair
philips
jessfraz
jonpulsifer
liggitt
tabbysable
EOF

cat <<EOF > /tmp/denylist_repos
kubernetes/api
kubernetes/apiextensions-apiserver
kubernetes/apimachinery
kubernetes/apiserver
kubernetes/client-go
kubernetes/cli-runtime
kubernetes/cloud-provider
kubernetes/cluster-bootstrap
kubernetes/code-generator
kubernetes/component-base
kubernetes/component-helpers
kubernetes/controller-manager
kubernetes/cri-api
kubernetes/csi-translation-lib
kubernetes/kube-aggregator
kubernetes/kube-controller-manager
kubernetes/kubectl
kubernetes/kubelet
kubernetes/kube-proxy
kubernetes/kube-scheduler
kubernetes/legacy-cloud-providers
kubernetes/metrics
kubernetes/mount-utils
kubernetes/sample-apiserver
kubernetes/sample-cli-plugin
kubernetes/sample-controller
EOF


function file_ends_with_newline() {
    [[ $(tail -c1 "$1" | wc -l) -gt 0 ]]
}

function update_repo {
    # Path to checked out repo with target OWNERS + SECURITY_CONTACTS
    REPO=$1

    OWNERS_FILE="$REPO/OWNERS"
    SEC_CONTACTS_FILE="$REPO/SECURITY_CONTACTS"

    if [ ! -f "$SEC_CONTACTS_FILE" ]; then
        return 1
    fi

    # Remove PSC members from existing security contacts
    NON_PSC_CONTACTS=$(grep -v -F -f /tmp/all_psc_usernames "$SEC_CONTACTS_FILE" | sed 's/^#.*//')


    # whitespace convention differs across OWNERS
    PREFIX=$(grep -o -m1 -E '^[^#\-]*\-' "$OWNERS_FILE" | sed 's/\-//')

    START="\n"
    if ! file_ends_with_newline "$OWNERS_FILE"; then
        START="\n\n"
    fi

    # No non-PSC members, set to empty list
    if [ -z "$NON_PSC_CONTACTS" ]; then
	    echo -ne "$START""security_contacts: []\n" >> "$OWNERS_FILE"
    else
	    # Add `security_contacts` to OWNERS
	    APPEND="$START""security_contacts:\n"
	    for u in $NON_PSC_CONTACTS; do
	     APPEND="$APPEND$PREFIX- github: $u\n"
	     APPEND="$APPEND$PREFIX  email: null\n"
	     APPEND="$APPEND$PREFIX  slack: null\n"
	    done
	    echo -ne "$APPEND" >> "$OWNERS_FILE"
    fi

    rm "$SEC_CONTACTS_FILE"

    # Verify, will print to stderr if `security_contacts` cannot be parsed
    cat "$OWNERS_FILE" | shyaml get-value security_contacts 1>/dev/null

}


for d in "$org"/*; do
    [[ -e "$d" ]] || break
    # these repos are mirrored from k8s.io/kubernetes/staging/src
    # and should be updated there
    if echo "$d" | grep -F -f /tmp/denylist_repos 1>/dev/null; then
        continue
    fi

    update_repo "$d"
    echo -n .
done
echo -e "\ndone"
	#!/usr/bin/bash

	# org="$HOME/go/src/github.com/kubernetes"
	org="$1"

	# prereqs and token code written by Joel Smith
	allprereqs=1
	for i in cat shyaml hub jq curl git; do
	if ! command -v $i &> /dev/null; then
	echo $?
	echo "Missing prerequisite: $i"
	allprereqs=0
	fi
	done
	[ "$allprereqs" = "1" ] \|\| exit 1

	token="$(shyaml get-value github\\.com.0.oauth_token < ~/.config/hub)"
	[ $? -eq 0 ] \|\| { echo unable to get GitHub token from ~/.config/hub; exit 1; }

	cat <<EOF > /tmp/all_psc_usernames
	cjcullen
	cji
	joelsmith
	lukehinds
	micahhausler
	swamymsft
	tallclair
	philips
	jessfraz
	jonpulsifer
	liggitt
	tabbysable
	EOF

	cat <<EOF > /tmp/denylist_repos
	kubernetes/api
	kubernetes/apiextensions-apiserver
	kubernetes/apimachinery
	kubernetes/apiserver
	kubernetes/client-go
	kubernetes/cli-runtime
	kubernetes/cloud-provider
	kubernetes/cluster-bootstrap
	kubernetes/code-generator
	kubernetes/component-base
	kubernetes/component-helpers
	kubernetes/controller-manager
	kubernetes/cri-api
	kubernetes/csi-translation-lib
	kubernetes/kube-aggregator
	kubernetes/kube-controller-manager
	kubernetes/kubectl
	kubernetes/kubelet
	kubernetes/kube-proxy
	kubernetes/kube-scheduler
	kubernetes/legacy-cloud-providers
	kubernetes/metrics
	kubernetes/mount-utils
	kubernetes/sample-apiserver
	kubernetes/sample-cli-plugin
	kubernetes/sample-controller
	EOF


	function file_ends_with_newline() {
	[[ $(tail -c1 "$1" \| wc -l) -gt 0 ]]
	}

	function update_repo {
	# Path to checked out repo with target OWNERS + SECURITY_CONTACTS
	REPO=$1

	OWNERS_FILE="$REPO/OWNERS"
	SEC_CONTACTS_FILE="$REPO/SECURITY_CONTACTS"

	if [ ! -f "$SEC_CONTACTS_FILE" ]; then
	return 1
	fi

	# Remove PSC members from existing security contacts
	NON_PSC_CONTACTS=$(grep -v -F -f /tmp/all_psc_usernames "$SEC_CONTACTS_FILE" \| sed 's/^#.*//')


	# whitespace convention differs across OWNERS
	PREFIX=$(grep -o -m1 -E '^[^#\-]*\-' "$OWNERS_FILE" \| sed 's/\-//')

	START="\n"
	if ! file_ends_with_newline "$OWNERS_FILE"; then
	START="\n\n"
	fi

	# No non-PSC members, set to empty list
	if [ -z "$NON_PSC_CONTACTS" ]; then
	echo -ne "$START""security_contacts: []\n" >> "$OWNERS_FILE"
	else
	# Add `security_contacts` to OWNERS
	APPEND="$START""security_contacts:\n"
	for u in $NON_PSC_CONTACTS; do
	APPEND="$APPEND$PREFIX- github: $u\n"
	APPEND="$APPEND$PREFIX email: null\n"
	APPEND="$APPEND$PREFIX slack: null\n"
	done
	echo -ne "$APPEND" >> "$OWNERS_FILE"
	fi

	rm "$SEC_CONTACTS_FILE"

	# Verify, will print to stderr if `security_contacts` cannot be parsed
	cat "$OWNERS_FILE" \| shyaml get-value security_contacts 1>/dev/null

	}


	for d in "$org"/*; do
	[[ -e "$d" ]] \|\| break
	# these repos are mirrored from k8s.io/kubernetes/staging/src
	# and should be updated there
	if echo "$d" \| grep -F -f /tmp/denylist_repos 1>/dev/null; then
	continue
	fi

	update_repo "$d"
	echo -n .
	done
	echo -e "\ndone"