**Critical patterns:**

- Use`${VARIABLE:-''}` for all env vars to provide empty defaults

- Set`API_URL_PREFIX` and`GIT_URL_PREFIX` for GitHub Enterprise Server compatibility

- Include`sleep 5` between API calls to avoid rate limits (see`github-add-repo-admin.sh`)

- Use pagination helpers for org-level operations (pattern in`github-add-repo-admin.sh` lines20-28)

- Include`sleep 5` between API calls to avoid rate limits (see`github-add-repo-permissions.sh` line 99)

- Use pagination helpers for org-level operations (pattern in`github-add-repo-permissions.sh` lines45-51)

-**ALWAYS validate required variables** with explicit`if [ -z "${VAR}" ]` checks before any API calls

-**ALWAYS validate GITHUB_TOKEN** by calling`/user` endpoint and checking for 200 status code

- Use`curl -s -o /dev/null -w "%{http_code}"` pattern to check HTTP status codes

**Always include`sleep 5`** between repository-level operations to stay under GitHub's rate limits. See`github-add-repo-admin.sh` line40.

**Always include`sleep 5`** between repository-level operations to stay under GitHub's rate limits. See`github-add-repo-permissions.sh` line99 or`github-repo-from-template.sh` lines 77, 83.

- Use`Bearer` token for enterprise endpoints:`-H "Authorization: Bearer ${GITHUB_TOKEN}"`

- Grants teamadminpermissions to ALL repos in an org

- Grants team permissions to ALL repos in an org across 5 permission levels

- Uses pagination + 5-second delay between repos

- Variable:`REPO_ADMIN` is a**team slug** (not team name)

- Variables:`REPO_ADMIN`,`REPO_MAINTAIN`,`REPO_PUSH`,`REPO_TRIAGE`,`REPO_PULL` (all accept**space-separated team slugs**)

- At least one permission level variable must be set

- Loops through teams with helper function`apply_team_permissions()`

-`REPO_ADMIN` and`REPO_WRITE` are**space-separated lists** of team slugs

Each script is a self-contained utility designed for a specific task. Navigate to the script's directory, set the required environment variables, and execute.

**Script:**`github-add-repo-admin/github-add-repo-admin.sh`

**Script:**`github-add-repo-permissions/github-add-repo-permissions.sh`

Grantsateamadminpermissions across all repositories in an organization.Useful for ensuring platform or operations teams have access to all repos.

Grants team permissions across all repositories in an organization.Supports multiple permission levels (admin, maintain, push, triage, pull) and multiple teams per permission level.

**Required variables:**

export GITHUB_TOKEN="your_token"

export ORG="your-org"

export REPO_ADMIN="platform-team"# Team slug, not display name

export REPO_ADMIN="platform-team ops-team"# Admin permissions

export REPO_MAINTAIN="maintainers"# Maintain permissions

export REPO_PUSH="developers contributors"# Write/push permissions

export REPO_TRIAGE="support-team"# Triage permissions

export REPO_PULL="external-auditors"# Read/pull permissions

**Usage:**

cd github-add-repo-admin

./github-add-repo-admin.sh

cd github-add-repo-permissions

./github-add-repo-permissions.sh

**What it does:**

- Retrieves all repositories in the organization (paginated)

- Grants the specified team admin permissions on each repository

- Grants permissions to specified teams based on permission level

- Supports multiple teams per permission level (space-separated)

- Processes all five GitHub permission levels: admin, maintain, push, triage, pull

- Includes 5-second delays between repos to avoid rate limits

**Permission levels:**

-`admin` - Full repository access including settings and team management

-`maintain` - Repository management without admin privileges

-`push` - Read and write access to code

-`triage` - Read access plus ability to manage issues and pull requests

-`pull` - Read-only access to code

set -euo pipefail

GITHUB_TOKEN=${GITHUB_TOKEN:-''}

ORG=${ORG:-''}

API_URL_PREFIX=${API_URL_PREFIX:-'https://api.github.com'}

GIT_URL_PREFIX=${GIT_URL_PREFIX:-'https://github.com'}

REPO_ADMIN=${REPO_ADMIN:-''}

REPO_MAINTAIN=${REPO_MAINTAIN:-''}

REPO_PUSH=${REPO_PUSH:-''}

REPO_TRIAGE=${REPO_TRIAGE:-''}

REPO_PULL=${REPO_PULL:-''}

if [-z"${GITHUB_TOKEN}" ];then

exit 1

if [-z"${ORG}" ];then

exit 1

if [-z"${REPO_ADMIN}" ]&& [-z"${REPO_MAINTAIN}" ]&& [-z"${REPO_PUSH}" ]&& [-z"${REPO_TRIAGE}" ]&& [-z"${REPO_PULL}" ];then

exit 1

RESPONSE=$(curl -s -o /dev/null -w"%{http_code}" -H"Authorization: token${GITHUB_TOKEN}""${API_URL_PREFIX}/user")

if ["${RESPONSE}"-ne 200 ];then

exit 1

get_repo_pagination () {

repo_pages=$(curl -s -H"Authorization: token${GITHUB_TOKEN}" -I"${API_URL_PREFIX}/orgs/${ORG}/repos?per_page=100"| grep -Eo'&page=[0-9]+'| grep -Eo'[0-9]+'| tail -1;)

}

limit_repo_pagination () {

seq"$(get_repo_pagination)"

}

apply_team_permissions () {

local REPO_NAME=$1

local PERMISSION=$2

local TEAM_SLUGS=$3

curl -s -X PUT -H"Authorization: token${GITHUB_TOKEN}" -H"Accept: application/vnd.github.v3+json""${API_URL_PREFIX}/orgs/${ORG}/teams/${TEAM}/repos/${ORG}/${REPO_NAME}" -d"{\"permission\":\"${PERMISSION}\"}"

}

process_repos () {

if [-n"${REPO_ADMIN}" ];then

apply_team_permissions"${REPO}""admin""${REPO_ADMIN}"

if [-n"${REPO_MAINTAIN}" ];then

apply_team_permissions"${REPO}""maintain""${REPO_MAINTAIN}"

if [-n"${REPO_PUSH}" ];then

apply_team_permissions"${REPO}""push""${REPO_PUSH}"

if [-n"${REPO_TRIAGE}" ];then

apply_team_permissions"${REPO}""triage""${REPO_TRIAGE}"

if [-n"${REPO_PULL}" ];then

apply_team_permissions"${REPO}""pull""${REPO_PULL}"

sleep 5

}

process_repos