You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs: update all docs to reflect dual-auth support
- README: prerequisites for repo-permissions-report and copilot-report
updated from gh CLI to curl; az marked as optional; available actions
table includes both new scripts; usage examples updated
- AGENTS.md: shared library table adds configure_gh_auth and
gh_api_paginate; tech stack row for gh CLI updated to only list
github-organize-stars; error handling sequence documents the
auto-resolution side-effect
- copilot-instructions.md: script descriptions for repo-permissions-report
and copilot-report updated to reflect curl usage; copilot-report az
requirement noted as optional/runtime-checked
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copy file name to clipboardExpand all lines: .github/copilot-instructions.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -193,19 +193,19 @@ Generates an HTML report of issues created in a date range (`MONTH_START`/`MONTH
193
193
194
194
### `github-organize-stars`
195
195
196
-
Uses `gh` CLI GraphQL (not `curl`) to fetch all starred repos. Categorizes by primary language, GitHub topics, and name keywords using a `RULES` array (pipe-delimited: `List Name|LANGUAGES|TOPICS|NAME_KEYWORDS`; first matching rule wins). Caches stars at `~/.cache/gh-star-organizer/stars.json`. Supports `--dry-run`, `-y` (skip confirm), `--show-repos`, and `--no-cache`. Adds repos to Lists in batches of 25.
196
+
Uses `gh` CLI GraphQL (not `curl`) to fetch all starred repos. Accepts `GITHUB_TOKEN` env var or an active `gh` auth session for authentication. Categorizes by primary language, GitHub topics, and name keywords using a `RULES` array (pipe-delimited: `List Name|LANGUAGES|TOPICS|NAME_KEYWORDS`; first matching rule wins). Caches stars at `~/.cache/gh-star-organizer/stars.json`. Supports `--dry-run`, `-y` (skip confirm), `--show-repos`, and `--no-cache`. Adds repos to Lists in batches of 25.
197
197
198
198
### `github-repo-from-template`
199
199
200
200
Creates a private repo from `TEMPLATE_REPO` (including all branches), assigns admin permissions to space-separated `REPO_ADMIN` teams, write permissions to `REPO_WRITE` teams, then invites `CD_USERNAME` as a collaborator using `CD_GITHUB_TOKEN` and auto-accepts the invitation. All slug values are validated before use.
201
201
202
202
### `github-repo-permissions-report`
203
203
204
-
Uses `gh` CLI (not `curl`/`GITHUB_TOKEN`) for all API calls. Accepts `-r OWNER/REPO`, `-b BRANCH`, and `-o FILE` flags. Outputs a CSV with two record types: `permission` (all users/teams) and `bypass_actor` (explicit PR approval bypass entries). Reports both branch protection rules and repository rulesets. Requires `gh auth login` before running — no `GITHUB_TOKEN` env var needed.
204
+
Uses `curl` for all API calls. Accepts `GITHUB_TOKEN` env var or an active `gh` auth session (token auto-resolved at lib source time) for authentication. Accepts `-r OWNER/REPO`, `-b BRANCH`, and `-o FILE` flags. Outputs a CSV with two record types: `permission` (all users/teams) and `bypass_actor` (explicit PR approval bypass entries). Reports both branch protection rules and repository rulesets.
205
205
206
206
### `github-copilot-report`
207
207
208
-
Uses `gh` CLI (not `curl`/`GITHUB_TOKEN`) for all GitHub API calls; requires `gh auth refresh --scopes "read:enterprise,manage_billing:enterprise"`. Also requires `az` to be **installed**(not just logged in) — the script calls `require_command az`unconditionally before checking `--no-entra`. When `az` is logged in, enriches each user with Entra ID department and job title via `az rest`.
208
+
Uses `curl` for all GitHub API calls. Accepts `GITHUB_TOKEN` env var (PAT with `read:enterprise` and `manage_billing:enterprise` scopes) or an active `gh` auth session (token auto-resolved at lib source time) for authentication. Also requires `az` to be **installed**when Entra ID enrichment is needed — `az`is checked at runtime only if `--no-entra` is not set and `az` is not already skipped. If `az` is not installed or not logged in, Entra lookup is silently skipped. When `az` is logged in, enriches each user with Entra ID department and job title via `az rest`.
209
209
210
210
Auto-detects credits per seat from a promo/standard table keyed on plan type and today's date (promo period Jun 1 – Sep 1, 2026); override with `--credits N` or `$CREDITS_PER_SEAT_OVERRIDE`. Credits are pooled enterprise-wide, not per-user buckets. Code completions are not billed in AI credits.
|`get_repo_page_count <url>`| Returns total pages for a paginated endpoint |
150
152
@@ -155,6 +157,8 @@ Always use `SCRIPT_DIR` to build the path to `lib/github-common.sh`. The library
155
157
3. Validate additional inputs with `validate_slug` where needed
156
158
4. Proceed with main logic
157
159
160
+
> **Note on token auto-resolution:** Sourcing `lib/github-common.sh` automatically populates `GITHUB_TOKEN` from an active `gh` auth session if the variable is unset. This means `require_env_var GITHUB_TOKEN` may pass even when no explicit token was provided by the caller — the token was silently resolved from `gh auth token`. Script headers should document `GITHUB_TOKEN` as "Required (or provided by an active gh auth session)". Scripts that use the `gh` CLI instead of `curl` should call `configure_gh_auth` instead of step 2 above.
Copy file name to clipboardExpand all lines: README.md
+15-13Lines changed: 15 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -516,11 +516,12 @@ cd reporting/github-monthly-issues-report
516
516
Exports repository user/team permissions to CSV and identifies who can bypass pull request approval requirements, from both branch protection rules and repository rulesets.
517
517
518
518
**Prerequisites:**
519
-
-**[gh](https://cli.github.com)** — GitHub CLI (authenticated via `gh auth login`)
export GITHUB_TOKEN=ghp_yourtoken # or resolved automatically from an active gh auth session
524
525
cd reporting/github-repo-permissions-report
525
526
./github-repo-permissions-report.sh -r OWNER/REPO
526
527
./github-repo-permissions-report.sh -r OWNER/REPO -b main -o report.csv
@@ -540,9 +541,6 @@ cd reporting/github-repo-permissions-report
540
541
- Identifies every principal that can bypass PR approval requirements
541
542
- Produces a CSV with two record types: `permission` (all users/teams) and `bypass_actor` (explicit bypass entries)
542
543
543
-
> [!NOTE]
544
-
> Uses the `gh` CLI for all API calls. Authenticate via `gh auth login` before running.
545
-
546
544
---
547
545
548
546
### Copilot Enterprise Report
@@ -552,14 +550,18 @@ cd reporting/github-repo-permissions-report
552
550
Generates a GitHub Copilot Enterprise licence and usage report. Shows every licensed user, their plan type, pool credit contribution, and actual AI credit consumption for the current billing month. Optionally enriches data with Entra ID department information.
553
551
554
552
**Prerequisites:**
555
-
-**[gh](https://cli.github.com)** — GitHub CLI authenticated with `read:enterprise` and `manage_billing:enterprise` scopes
556
-
-**[az](https://learn.microsoft.com/en-us/cli/azure/)** — Azure CLI (must be installed; login required only for Entra ID department enrichment — pass `--no-entra`to skip the login requirement)
553
+
-**[curl](https://curl.se)** — HTTP client
554
+
-**[az](https://learn.microsoft.com/en-us/cli/azure/)** — Azure CLI (optional; required only for Entra ID department enrichment — pass `--no-entra`or omit az to skip)
@@ -599,10 +599,10 @@ az login # required to be installed; login needed only for department enrichme
599
599
- Outputs a CSV and a formatted console summary with department breakdown and model usage tables
600
600
601
601
> [!IMPORTANT]
602
-
> Requires an enterprise owner or billing manager token. Run `gh auth refresh --scopes "read:enterprise,manage_billing:enterprise"` before executing.
602
+
> Requires a PAT with `read:enterprise` and `manage_billing:enterprise` scopes — the built-in `GITHUB_TOKEN` cannot grant enterprise-level access. Set `GITHUB_TOKEN` before executing (or have an active `gh` auth session with those scopes so the lib can auto-resolve the token).
603
603
604
604
> [!NOTE]
605
-
> Uses the `gh` CLI and (optionally) the `az` CLI. The Entra ID enrichment is skipped automatically if `az` is not logged in, or can be disabled with `--no-entra`.
605
+
> The Entra ID enrichment is skipped automatically if `az` is not logged in, or can be disabled with `--no-entra`.
606
606
607
607
---
608
608
@@ -802,7 +802,7 @@ cd enterprise/github-get-public-repos
802
802
Fetches all your starred repositories and organizes them into GitHub Lists using customizable categorization rules.
803
803
804
804
**Prerequisites:**
805
-
-**[gh](https://cli.github.com)** - GitHub CLI (authenticated via `gh auth login`)
805
+
-**[gh](https://cli.github.com)** - GitHub CLI (authenticated via `GITHUB_TOKEN` env var or `gh auth login`)
@@ -835,7 +835,7 @@ Edit the `RULES` array in the script. Each rule is a `|`-delimited string:
835
835
The **first matching rule wins**, so order matters. Place more specific rules (e.g., AI) before general ones (e.g., Security).
836
836
837
837
> [!NOTE]
838
-
> This script uses the `gh` CLI for all API calls (GraphQL) rather than `curl`. Ensure you are authenticated via `gh auth login` before running.
838
+
> This script uses the `gh` CLI for all API calls (GraphQL) rather than `curl`. Authenticate by setting `GITHUB_TOKEN` or by running `gh auth login`.
839
839
840
840
## Shared Library: `lib/github-common.sh`
841
841
@@ -921,6 +921,8 @@ Each script is published as a **composite action**, so you can reference it dire
921
921
| `org-admin/github-migrate-internal-repos-to-private` | Convert all internal-visibility repositories to private |
922
922
| `org-admin/github-repo-from-template` | Create a repository from a template with team permissions and a CI/CD collaborator |
923
923
| `reporting/github-monthly-issues-report` | Generate an HTML report of issues created within a date range |
924
+
| `reporting/github-repo-permissions-report` | Export repository collaborator/team permissions and branch-approval bypass actors to CSV |
925
+
| `reporting/github-copilot-report` | GitHub Copilot Enterprise licence and AI credit usage report, optionally enriched with Entra ID department data |
0 commit comments