Repository files navigation

entitlements-github-plugin is anentitlements-app plugin allowing entitlements configs to be used to manage membership of GitHub.com Organizations and Teams.

Yourentitlements-app configconfig/entitlements.yaml runs through ERB interpretation automatically. You can extend your entitlements configuration to load plugins like so:

<%-  unless ENV['CI_MODE']    begin      require_relative "/data/entitlements/lib/entitlements-and-plugins"    rescue Exception      begin        require_relative "lib/entitlements-and-plugins"rescueException# We might not have the plugins installed and still want this file to be# loaded. Don't raise anything but silently fail.endendend-%>

You can then definelib/entitlements-and-plugins like so:

#!/usr/bin/env ruby# frozen_string_literal: trueENV["BUNDLE_GEMFILE"]=File.expand_path("../../Gemfile",File.dirname(__FILE__))require"bundler/setup"require"entitlements"# require entitlements plugins hererequire"entitlements/backend/github_org"require"entitlements/backend/github_team"require"entitlements/service/github"

Any plugins defined inlib/entitlements-and-plugins will be loaded and used atentitlements-app runtime.

entitlements-github-plugin manages org team membership to two roles -admin andmember. Yourentitlements-app configconfig/entitlements.yaml is used to configure the location for the declarations of this membership.

github.com/github/org:addr: <%=ENV["GITHUB_API_BASE"] %>base:ou=org,ou=github,ou=GitHub,dc=github,dc=comdir:github.com/github/orgorg:githubtoken: <%=ENV["GITHUB_ORG_TOKEN"] %>ignore_not_found:false# optional argument to ignore users who are not found in the GitHub instancetype:"github_org"

entitlements-github-plugin will look in the defined location above,github.com/github/org, foradmin.txt andmember.txt defining the respective membership for each role.

entitlements-github-plugin manages membership for all teams listed in the defined subfolder. The plugin will use extension-less name of the file as the team name. GitHub Team management can be configured like so:

github.com/github/teams:addr: <%=ENV["GITHUB_API_BASE"] %>base:ou=teams,ou=github,ou=GitHub,dc=github,dc=comdir:github.com/github/teamsorg:githubtoken: <%=ENV["GITHUB_ORG_TOKEN"] %>ignore_not_found:false# optional argument to ignore users who are not found in the GitHub instancetype:"github_team"

For example, if there were a filegithub.com/github/teams/new-team.txt with a single user inside, a GitHub.com Team would be created in thegithub org with the namenew-team.

Entitlements configs can contain metadata which the plugin will use to make further configuration decisions.

metadata_parent_team_name - when defined in an entitlements config, the defined team will be made the parent team of this GitHub.com Team.

To release a new version of this Gem, do the following:

1. Update the version number in thelib/version.rb file
2. Runbundle install to update theGemfile.lock file with the new version
3. Commit your changes, push them to GitHub, and open a PR

Once your PR is approved and the changes are merged, a new release will be created automatically by therelease.yml workflow. The latest version of the Gem will be published to the GitHub Package Registry and RubyGems.