configure-projects 2.26 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#!/usr/bin/env python3

"""
  configure-projects - apply settings to all projects on GitLab instance
"""

import os
import sys
import yaml
import argparse
import gitlab
import time

from gitlab_settings.util import get_token

def get_gitlab():
    """Get a GitLab instance."""
    token = get_token()
    print(token)
    server = gitlab.Gitlab('https://gitlab.wikimedia.org/', private_token=token)
    return server

def get_projects():
    """Get all projects on the server as a generator."""
    server = get_gitlab()
    return server.projects.list(all=True, as_list=False)

for project in get_projects():
29
30
31
32
    print(f'{project.name} - {project.id}')

    changed = False

33
    if project.issues_access_level != 'disabled':
34
        print('  Disabling issue access')
35
        project.issues_access_level = 'disabled'
36
        changed = True
37
    else:
38
        print('  Issues already disabled')
39
40

    if project.wiki_access_level != 'disabled':
41
        print('  Disabling wiki access')
42
        project.wiki_access_level = 'disabled'
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
        changed = True
    else:
        print('  Wiki already disabled')

    # CI/CD access - this may need rethinking, or per-project configuration decisions,
    # depending on what this setting actually does:
    #
    # https://www.mediawiki.org/wiki/GitLab/Policy#Permissions
    #
    # > The "Pipelines" setting in public namespaced projects should be set to
    # > "Only Project Members". This ensures that only project members with
    # > Reporter privileges are able to run tests on a particular project.
    if project.builds_access_level != 'private':
        print('  Setting CI/CD permissions to project members')
        project.builds_access_level = 'private'
        changed = True
59
    else:
60
61
62
63
64
        print('  CI/CD access already set to project members')

    if changed:
        print ('  Saving new settings')
        project.save()
65
66

    time.sleep(.5)
67
68
69
70
71
72
73
74
75
76

    # TODO:

    # https://www.mediawiki.org/wiki/GitLab/Policy#Permissions

    # To ensure everyone can contribute, projects should allow "Everyone with
    # Access" to create merge requests. This is a setting for each repository
    # under "Settings" > "General" > "Visibility, project features,
    # permissions" > "Repository". This will allow all users to create merge
    # requests for a project.