diff --git a/apply.sh b/apply.sh index eee779e5e16fc5c75c6629fb7aa0bbe53e30a0fd..a65384350f7b3d2f1c03261f1d2f13bfac41cf1f 100755 --- a/apply.sh +++ b/apply.sh @@ -3,15 +3,24 @@ show_usage() { cat <<-EOF Usage: -$0 --org-name {string} --proj-name {string} [--repo-name {string} | --repo-id {string}] [--branch {string}] [--pipeline-name {string} | --build-definition-id {number}] + $0 --org-name {string} --proj-name {string} [--repo-name {string} | --repo-id {string}] [--branch {string}] [--pipeline-name {string} | --build-definition-id {number}] Examples: -$0 --org-name azvse --proj-name aztest --repo-name aztest --branch bensl/tmpbuild/1201 --pipeline-name Overlake-Build-PullRequest -$0 --org-name azvse --proj-name aztest --repo-id a4822210-511f-427f-a36d-26a14c29cc89 --branch bensl/tmpbuild/1201 --build-definition-id 2 + $0 --org-name azvse --proj-name aztest --repo-name aztest --branch bensl/tmpbuild/1201 --pipeline-name Overlake-Build-PullRequest + $0 --org-name azvse --proj-name aztest --repo-id a4822210-511f-427f-a36d-26a14c29cc89 --branch bensl/tmpbuild/1201 --build-definition-id 2 EOF } +get_proj_id() { + az devops project show \ + --project aztest \ + --query "id" \ + --org https://dev.azure.com/azvse \ + --output tsv +} +typeset -fx get_proj_id + get_repo_id() { az repos list \ --org "${org_url}" \ @@ -42,6 +51,10 @@ while [[ $# -gt 0 ]]; do proj_name=$2 shift 2 ;; + --proj-id) + proj_id=$2 + shift 2 + ;; --repo-name) repo_name=$2 shift 2 @@ -51,7 +64,7 @@ while [[ $# -gt 0 ]]; do shift 2 ;; --branch) - branch=$2 + export branch=$2 shift 2 ;; --pipeline-name) @@ -81,6 +94,11 @@ if [[ ! "${pat}" ]]; then exit 2 fi +if [[ ! "${proj_id}" ]] +then + proj_id=$(get_proj_id) +fi + if [[ ! ${repo_id} && ${repo_name} ]]; then repo_id=$(get_repo_id) echo repo_id: ${repo_id} @@ -99,6 +117,16 @@ print_policy_list() { --project "${proj_name}" } +user_email="tmp1@recolic.net" +setup_branch_security() { + GIT_REPO_NAMESPACE=2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87 + az devops security permission update \ + --id $GIT_REPO_NAMESPACE \ + --subject "${user_email}" \ + --token repoV2/${proj_id}/${repo_id}/refs/heads/$(echo "${branch}" | python branch_name_hex.py) \ + --allow-bit 2048 +} + setup_build_policy() { curl -X POST "${org_url}/${proj_name}/_apis/policy/configurations?api-version=7.2-preview.1" \ -H "Authorization: Basic $(echo -n :${pat} | base64)" \ @@ -146,5 +174,6 @@ setup_build_validation() { } print_policy_list +setup_branch_security setup_build_policy setup_build_validation