How to: List GitHub default Branch protection rules
This script and report extract all default branch protection rules in all repositories within the GitHub organization
Every time we are creating repositories on GitHub and we need to apply protection rules on these repositories. Over time and with a large number of repositories, it becomes increasingly difficult to verify that all these repositories have the same protections applied.
Thinking about it, I decided to create this report that extracts all repositories, respective default branch and all protection rules applied.
An original script is available on my GitHub repository. See below this script:
Let’s go understand each command used.
- PowerShell script will receive the following parameters:
- $PAT = Personal Access token to connect on GitHub organization;
- $Organization = GitHub Organization name;
- $Connstr = connection string to Azure SQL Database that stores the report information. To create this report, it’s necessary to create previously a Azure SQL Server and Database and run a script below:
2. List organization repositories = use this REST API to list repositories for the specified organization
$uriRepositories = "$($UriOrganization)/repos"$RepositoriesResult = Invoke-RestMethod -Headers $headers -Uri $uriRepositoriesforeach ($repo in $RepositoriesResult)
{
Write-Host $repo.name
Write-Host $repo.default_branch}
3. Get a branch = use this REST API to get properties of a default branch and heck if it has protection rules
$uriDefaultBranch = $repo.branches_url.Replace('{/branch}',"/$($repo.default_branch)") $DefaultBranchResults = Invoke-RestMethod -Headers $headers -Uri $uriDefaultBranch if ($DefaultBranchResults.protected)
{
Write-Host $DefaultBranchResults.protection_url
}
4. Get branch protection = use this REST API to get all protection rules applied on the respective default branch
$branchProtectionResults = Invoke-RestMethod -Headers $headers -Uri $DefaultBranchResults.protection_url
If ($branchProtectionResults)
{
$allow_deletions = $branchProtectionResults.allow_deletions.enabled
}
5. After extracting all default branch protection rules, this information is stored in a table in Azure SQL.
6. After inserting information into a table, I connected this database on Power BI:
- Repositories (1) = Filter report using Repositories field;
- Default branch (2) = Filter report using Default branch field;
- List repositories (3) = List all repositories within the GitHub organization. Here you can click on the link to redirect directly to the GitHub repository chosen from the list;
- Require a pull request before merging (4) = checks how many default branches have the protection rule Require a pull request before merging applied;
- Require status checks to pass before merging (5) = checks how many default branches have the protection rule Require status checks to pass before merging applied;
- Require conversation resolution before merging (6) = checks how many default branches have the protection rule Require conversation resolution before merging applied;
- Require signed commits (7) = checks how many default branches have the protection rule Require signed commits applied;
- Require linear history (8) = checks how many default branches have the protection rule Require linear history applied;
- Include administrators (9) = checks how many default branches have the protection rule Include administrators applied;
- Restrict who can push to matching branches (10) = checks how many default branches have the protection rule Restrict who can push to matching branches applied;
- Allow force pushes (11) = checks how many default branches have the protection rule Allow force pushes applied;
- Allow deletions (12) = checks how many default branches have the protection rule Allow deletions applied.