Commit 218b9801 authored by Brennen Bearnes's avatar Brennen Bearnes Committed by Thcipriani
Browse files

configure-projects: add an issue allowlist and tidy log output

parent 160ce5ef
......@@ -2,21 +2,18 @@
"""
configure-projects - apply settings to all projects on GitLab instance
There is almost certainly a better way to do this.
"""
import os
import sys
import yaml
import argparse
import gitlab
import time
import gitlab
from gitlab_settings.util import get_token
def get_gitlab():
"""Get a GitLab instance."""
token = get_token()
print(token)
server = gitlab.Gitlab('https://gitlab.wikimedia.org/', private_token=token)
return server
......@@ -25,26 +22,43 @@ def get_projects():
server = get_gitlab()
return server.projects.list(all=True, as_list=False)
# A list of repos where issues and/or wikis are allowed - for cases where some
# slipped through, primarily from templates, and users need to retrieve info
# before they're deactivated.
#
# For background, see:
# - https://phabricator.wikimedia.org/T264231
# - https://phabricator.wikimedia.org/T290612
issue_wiki_allowlist = [
"repos/research/knowledge-gaps",
"repos/research/article-quality",
"repos/research/research-ml"
]
for project in get_projects():
print(f'{project.name} - {project.id}')
project_path = project.path_with_namespace
changed = False
if project.issues_access_level != 'disabled':
print(' Disabling issue access')
project.issues_access_level = 'disabled'
changed = True
else:
print(' Issues already disabled')
if project_path in issue_wiki_allowlist:
print(project_path, '- temporarily allowing issues')
else:
project.issues_access_level = 'disabled'
print(project_path, '- disabling issue access')
changed = True
if project.wiki_access_level != 'disabled':
print(' Disabling wiki access')
project.wiki_access_level = 'disabled'
changed = True
else:
print(' Wiki already disabled')
if project_path in issue_wiki_allowlist:
print(project_path, '- temporarily allowing wikis')
else:
print(project_path, '- disabling wiki access')
project.wiki_access_level = 'disabled'
changed = True
# CI/CD access - this may need rethinking, or per-project configuration decisions,
# TODO:
#
# CI/CD access - this needs rethinking, or per-project configuration decisions,
# depending on what this setting actually does:
#
# https://www.mediawiki.org/wiki/GitLab/Policy#Permissions
......@@ -52,23 +66,25 @@ for project in get_projects():
# > The "Pipelines" setting in public namespaced projects should be set to
# > "Only Project Members". This ensures that only project members with
# > Reporter privileges are able to run tests on a particular project.
if project.builds_access_level != 'private':
print(' Setting CI/CD permissions to project members')
project.builds_access_level = 'private'
changed = True
else:
print(' CI/CD access already set to project members')
#
# if project.builds_access_level != 'private':
# print(project.builds_access_level)
# print(project_path, '- setting CI/CD permissions to project members')
# project.builds_access_level = 'private'
# changed = True
# else:
# print(project_path, 'CI/CD access already set to project members')
if changed:
print (' Saving new settings')
project.save()
print (project_path, '- saving new settings')
# project.save()
time.sleep(.5)
# TODO:
#
# https://www.mediawiki.org/wiki/GitLab/Policy#Permissions
#
# To ensure everyone can contribute, projects should allow "Everyone with
# Access" to create merge requests. This is a setting for each repository
# under "Settings" > "General" > "Visibility, project features,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment