codebase

Author: chrisns

index.ts

@@ -0,0 +1,42 @@
+import { getGithubUsersFromGoogle } from './src/google'
+import {
+  getGithubUsersFromGithub,
+  addUsersToGitHubOrg,
+  removeUsersToGitHubOrg
+} from './src/github'
+
+export async function run () {
+  const googleUsers = await getGithubUsersFromGoogle()
+  console.log(`Users from google: ${Array.from(googleUsers).join(', ')}`)
+
+  const gitHubUsers = await getGithubUsersFromGithub()
+  console.log(`Users from github: ${Array.from(gitHubUsers).join(', ')}`)
+
+  const usersNotInGithub = new Set(
+    Array.from(googleUsers).filter(x => !gitHubUsers.has(x))
+  )
+
+  const usersNotInGoogle = new Set(
+    Array.from(gitHubUsers).filter(x => !googleUsers.has(x))
+  )
+  if (usersNotInGithub.size > 0) {
+    console.log(
+      `Users not in github: ${Array.from(usersNotInGithub).join(', ')}`
+    )
+    if (process.env.ADD_USERS.toLowerCase() === 'true')
+      await addUsersToGitHubOrg(usersNotInGithub)
+  }
+
+  if (usersNotInGoogle.size > 0) {
+    console.log(
+      `Users not in google: ${Array.from(usersNotInGoogle).join(', ')}`
+    )
+    if (process.env.REMOVE_USERS.toLowerCase() === 'true')
+      await removeUsersToGitHubOrg(usersNotInGoogle)
+  }
+
+  if (usersNotInGoogle.size > 0 || usersNotInGithub.size > 0)
+    process.exit(parseInt(process.env.EXIT_CODE_ON_MISMATCH) ?? 0)
+}
+
+if (require.main === module) run()

src/github.ts

@@ -0,0 +1,100 @@
+import { createAppAuth } from '@octokit/auth-app'
+import { Octokit } from '@octokit/rest'
+const ignoredUsers = process.env.IGNORED_USERS.toLowerCase().split(',')
+
+const octokit = getAuthenticatedOctokit()
+
+export function getAuthenticatedOctokit () {
+  return new Octokit({
+    authStrategy: createAppAuth,
+    auth: {
+      appId: process.env.GITHUB_APP_ID,
+      privateKey: Buffer.from(
+        process.env.GITHUB_PRIVATE_KEY,
+        'base64'
+      ).toString('utf-8'),
+      installationId: process.env.GITHUB_INSTALLATION_ID
+    }
+  })
+}
+
+export async function getGithubUsersFromGithub () {
+  const members = await octokit.paginate(octokit.orgs.listMembers, {
+    org: process.env.GITHUB_ORG
+  })
+
+  const pendingInvites = await octokit.paginate(
+    octokit.orgs.listPendingInvitations,
+    {
+      org: process.env.GITHUB_ORG
+    }
+  )
+  const pendingGithubAccounts = formatUserList(pendingInvites)
+
+  const githubAccounts = formatUserList(members)
+
+  if (pendingGithubAccounts.size > 0)
+    console.log(
+      `Outstanding GitHub invites for ${Array.from(pendingGithubAccounts).join(
+        ', '
+      )}`
+    )
+
+  return new Set([...githubAccounts, ...pendingGithubAccounts])
+}
+
+export function formatUserList (users): Set<string> {
+  return new Set(users.map(user => user.login.toLowerCase()))
+}
+
+export async function getUserIdFromUsername (username: string) {
+  console.log(`Looking up user ${username}`)
+  let user
+  try {
+    user = await octokit.users.getByUsername({ username })
+  } catch (error) {
+    throw `Unable to find user id for ${username}`
+  }
+  console.log(`User ${username} userid: ${user.data.id}`)
+  return user.data.id
+}
+
+export async function addUsersToGitHubOrg (users: Set<string>) {
+  for (const user of users) {
+    await addUserToGitHubOrg(user)
+  }
+}
+
+export async function addUserToGitHubOrg (user: string) {
+  if (ignoredUsers.includes(user.toLowerCase())) {
+    console.log(`Ignoring add for ${user}`)
+    return false
+  }
+  const userId = await getUserIdFromUsername(user)
+  console.log(`Inviting ${user} (${userId} to ${process.env.GITHUB_ORG})`)
+  await octokit.orgs.createInvitation({
+    org: process.env.GITHUB_ORG,
+    invitee_id: userId
+  })
+  console.log(
+    `Invitation sent to ${user} (${userId} to ${process.env.GITHUB_ORG})`
+  )
+}
+
+export async function removeUsersToGitHubOrg (users: Set<string>) {
+  for (const user of users) {
+    await removeUserToGitHubOrg(user)
+  }
+}
+
+export async function removeUserToGitHubOrg (user: string) {
+  if (ignoredUsers.includes(user.toLowerCase())) {
+    console.log(`Ignoring remove for ${user}`)
+    return false
+  }
+  console.log(`Removing user/invitation ${user} from ${process.env.GITHUB_ORG}`)
+  return octokit.orgs.removeMembershipForUser({
+    org: process.env.GITHUB_ORG,
+    username: user
+  })
+}

src/google.ts

@@ -0,0 +1,58 @@
+const { google } = require('googleapis')
+
+const privatekey = JSON.parse(
+  Buffer.from(process.env.GOOGLE_CREDENTIALS, 'base64').toString('utf-8')
+)
+
+export const googleAuth = async () => {
+  const jwtClient = new google.auth.JWT(
+    privatekey.client_email,
+    null,
+    privatekey.private_key,
+    ['https://www.googleapis.com/auth/admin.directory.user.readonly'],
+    process.env.GOOGLE_EMAIL_ADDRESS
+  )
+  await jwtClient.authorize()
+  return jwtClient
+}
+
+export async function getAdminService () {
+  return google.admin({
+    version: 'directory_v1',
+    auth: await googleAuth()
+  })
+}
+
+export async function getGithubUsersFromGoogle () {
+  const service = await getAdminService()
+
+  const userList: {
+    data: { users: Array<userResponseEntry> }
+  } = await service.users.list({
+    customer: 'my_customer',
+    maxResults: 250,
+    projection: 'custom',
+    fields: 'users(customSchemas/Accounts/github(value))',
+    customFieldMask: 'Accounts'
+  })
+
+  const githubAccounts = formatUserList(userList.data.users)
+  return githubAccounts
+}
+
+interface userResponseEntry {
+  customSchemas: { Accounts: { github: Array<{ value: string }> } }
+}
+
+export function formatUserList (users: Array<userResponseEntry>): Set<string> {
+  return new Set(
+    users
+      .map(user =>
+        user?.customSchemas?.Accounts?.github.map(account =>
+          account.value.toLowerCase()
+        )
+      )
+      .flat()
+      .filter(Boolean)
+  )
+}

tests/github.spec.ts

@@ -0,0 +1,22 @@
+import * as mod from '../src/github'
+describe('github integration', () => {
+  it.todo('getAuthenticatedOctokit')
+  it.todo('getGithubUsersFromGithub')
+  it.todo('getUserIdFromUsername')
+  it.todo('addUsersToGitHubOrg')
+  it.todo('addUserToGitHubOrg')
+  it.todo('removeUsersToGitHubOrg')
+  it.todo('removeUserToGitHubOrg')
+
+  it('formatUserList', () => {
+    const response = [
+      { login: 'chrisns' },
+      { login: 'chrisns' },
+      { login: 'foo' }
+    ]
+
+    return expect(mod.formatUserList(response)).toEqual(
+      new Set(['chrisns', 'foo'])
+    )
+  })
+})

tests/google.spec.ts

@@ -0,0 +1,30 @@
+import * as mod from '../src/google'
+
+describe('google integration', () => {
+  it.todo('googleAuth')
+  it.skip('getAdminService', () => {
+    const result = mod.getAdminService()
+    return expect(result).resolves.toBe({})
+  })
+
+  it.todo('getGithubUsersFromGoogle')
+
+  it('formatUserList', () => {
+    const response = [
+      { customSchemas: { Accounts: { github: [{ value: 'chrisns' }] } } },
+      {
+        customSchemas: {
+          Accounts: { github: [{ value: 'Foo' }, , { value: 'tar' }] }
+        }
+      },
+      {
+        customSchemas: {
+          Accounts: { github: [{ value: 'foo' }, { value: 'bar' }] }
+        }
+      }
+    ]
+    return expect(mod.formatUserList(response)).toEqual(
+      new Set(['chrisns', 'foo', 'bar', 'tar'])
+    )
+  })
+})

tests/index.spec.ts

@@ -0,0 +1,3 @@
+describe('index', () => {
+  it.todo('run')
+})