WIP - Reworking the grant_revoke_gem_authority script

README.md

@@ -33,3 +33,9 @@ and change roles/functions/laptops.
 ## Rake Tasks
 
 There exist rake tasks that can be used to propogate some of these templates.
+
+## Scripts
+
+* [./script/grant_revoke_gem_authority.rb](./script/grant_revoke_gem_authority.rb)
+  is a convenience script to synchronize authorship of Samvera
+  rubygems.

data/definitive-rubygems-authors-list.txt

@@ -0,0 +1,39 @@
+# This file has the definitive and declarative list of Samvera ruby
+# gems owners.  Each line must either be either an email address
+# of the associated Rubygems profile.
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+bess
+bmquinn
+[email protected]
+[email protected]
+cjcolvar
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+elrayle
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]
+[email protected]

script/grant_revoke_gem_authority.rb

@@ -1,166 +1,142 @@
 # frozen_string_literal: true
 
+# The purpose of this script is to manage the authors of the rubygems
+# managed by the Samvera community.
+#
 # 1. Get a personal access token from GitHub (https://github.com/settings/tokens)
 #    with the following scopes enabled:
 #    * public_repo
 #    * read:org
 #    * user:email
 # 2. Set an ENV variable named 'GITHUB_SAMVERA_TOKEN' containing your token
 # 3. Then run this script:
-#    $ ruby ./script/grant_revoke_gem_authority.rb
+#    $ bundle exec ruby ./script/grant_revoke_gem_authority.rb
+#
+# By default the above script will iterate over samvera and
+# samvera-labs repositories. If you set the WITH_DEPRECATED
+# environment variable, then the script will include
+# samvera-deprecated organization.
 #
 # To also revoke ownership from users whose email addresses are not in the list:
-# $ WITH_REVOKE=true ruby ./script/grant_revoke_gem_authority.rb
+#
+# $ WITH_REVOKE=true bundle exec ruby ./script/grant_revoke_gem_authority.rb
 #
 # To print more information on what the script is doing:
+#
 # $ VERBOSE=true ruby ./script/grant_revoke_gem_authority.rb
 
 require 'github_api'
 require 'open3'
 
 AUTHORIZATION_TOKEN = ENV['GITHUB_SAMVERA_TOKEN'] || raise("GitHub authorization token was not found in the GITHUB_SAMVERA_TOKEN environment variable")
-ORGANIZATION_NAMES = ['samvera', 'samvera-labs', 'samvera-deprecated']
-# Some GitHub user instances do not have an email address defined,
-# so start with the prior list of addresses (registered with Rubygems.org)
-KNOWN_COMMITTER_EMAIL_ADDRESSES = {
-  'aaron-collier' => '[email protected]',
-  'awead' => "[email protected]",
-  'atz' => '[email protected]',
-  'barmintor' => "[email protected]",
-  'bess' => "[email protected]",
-  'cam156' => "[email protected]",
-  'cbeer' => "[email protected]",
-  'cjcolvar' => "[email protected]",
-  'coblej' => "[email protected]",
-  'DanCoughlin' => "[email protected]",
-  'darrenleeweber' => '[email protected]',
-  'dchandekstark' => "[email protected]",
-  'dheles' => '[email protected]',
-  'dunn' => '[email protected]',
-  'elrayle' => '[email protected]',
-  'escowles' => '[email protected]',
-  'grosscol' => '[email protected]',
-  'hackmastera' => '[email protected]',
-  'hortongn' => '[email protected]',
-  'jeremyf' => "[email protected]",
-  'jenlindner' => '[email protected]',
-  'jkeck' => "[email protected]",
-  'jpstroop' => "[email protected]",
-  'jrgriffiniii' => '[email protected]',
-  'jrochkind' => '[email protected]',
-  'jcoyne' => "[email protected]",
-  'lawhorkl' => '[email protected]',
-  'mjgiarlo' => "[email protected]",
-  'mark-dce' => "[email protected]",
-  'mbklein' => "[email protected]",
-  'mkorcy' => "[email protected]",
-  'ndushay' => "[email protected]",
-  'tpendragon' => "[email protected]",
-  'carrickr' => '[email protected]',
-  'no_reply' => '[email protected]',
-  'revgum' => '[email protected]',
-  'rmkadel' => '[email protected]',
-  'randalldfloyd' => '[email protected]'
-}
-# Some GitHub repositories are named differently from their gems
+
+if ENV.fetch("WITH_DEPRECATED", false)
+  ORGANIZATION_NAMES = ['samvera', 'samvera-labs', 'samvera-deprecated']
+else
+  ORGANIZATION_NAMES = ['samvera', 'samvera-labs']
+end
+
+# Some GitHub repositories are named differently from their gems. We
+# could read each repositories .gemspec to determine its
+# name. However, this is a far quicker short-cut.
 KNOWN_MISMATCHED_GEM_NAMES = {
   'active_fedora' => 'active-fedora',
   'fcrepo-admin' => 'fcrepo_admin',
   'questioning_authority' => 'qa'
 }
+
 # GitHub repositories with matching gems that aren't from Samvera
 FALSE_POSITIVES = [
   'hypatia',
   'rdf-vocab',
   'lerna',
-  'hydrangea',
-  'valkyrie'
+  'hydrangea'
 ]
+
 # Gems that do not have their own GitHub repositories
 HANGERS_ON = [
   'hydra-core',
   'hydra-access-controls',
   'sufia-models',
   'curation_concerns-models'
 ]
-# Email addresses that are known not to be registered at rubygems.org
-SKIP_EMAILS = [
-  '[email protected]',
-  '[email protected]',
-  '[email protected]',
-  '[email protected]',
-  '[email protected]',
-  '[email protected]',
-  '[email protected]',
-  '[email protected]',
-  '[email protected]'
-]
+
 VERBOSE = ENV.fetch('VERBOSE', false)
 
-puts "(Hang in there! This script takes a couple minutes to run.)"
+# See https://guides.rubygems.org/rubygems-org-api/#rate-limits I'm
+# opting for the slower 0.2 so as to not come close to the rate limit.
+GEM_SLEEP_INTERVAL = 0.2
 
-github = Github.new(oauth_token: AUTHORIZATION_TOKEN, auto_pagination: true)
+$stdout.puts "Hang in there! This script takes a couple minutes to run."
 
-# Get the ID of the GitHub-provided "Owners" team from the samvera org
-# We don't currently grant gem ownership to the folks in the other two orgs
-# (This just preserves the prior behavior.)
-owner_team_id = github.orgs.teams.list(org: 'samvera').select { |team| team.name == 'Admins' }.first.id
-owners = github.orgs.teams.list_members(owner_team_id)
-# Start with the prior (known to work) list of email addresses
-committer_map = KNOWN_COMMITTER_EMAIL_ADDRESSES.dup
-owners.each do |owner|
-  user = github.users.get(user: owner.login)
-  # Move along if the user doesn't have an email addy or if there's already an entry in the map
-  next if !user.respond_to?(:email) || user.email.nil? || user.email.empty? || !committer_map[user.login].nil?
-  committer_map[user.login] = user.email
-end
-committer_emails = committer_map.values.sort.uniq
+github = Github.new(oauth_token: AUTHORIZATION_TOKEN, auto_pagination: true)
 
 # Keep track of things
 @errors = []
 @bogus_gem_names = []
 @gem_names = HANGERS_ON
 
-def exists?(name)
-  system("gem owner #{name} > /dev/null 2>&1")
-end
-
-def replace_known_mismatch(name)
-  KNOWN_MISMATCHED_GEM_NAMES.fetch(name, name)
-end
+@definitive_committers = File.read(
+  File.expand_path("../../data/definitive-rubygems-authors-list.txt", __FILE__)
+).split("\n").map { |line| line.sub(/ *#.*$/, "") }.select { |line| !line.empty? }
 
 ORGANIZATION_NAMES.each do |org_name|
   github.repos.list(org: org_name).each do |repo|
-    name = replace_known_mismatch(repo.name)
-    if exists?(name)
+    # Replace known mismatched names
+    name = KNOWN_MISMATCHED_GEM_NAMES.fetch(repo.name, repo.name)
+
+    # Let's move on to any gem that we know will be a false positive.
+    next if FALSE_POSITIVES.include?(name)
+
+    # TODO: We are twice calling `gem owner` for information. We could
+    # rework the logic to only call it once.
+    sleep(GEM_SLEEP_INTERVAL)
+    if system("gem owner #{name} > /dev/null 2>&1")
       @gem_names << name
     else
       @bogus_gem_names << repo.full_name
     end
   end
 end
 
-def gem_owner_with_error_check(gemname, params)
-  command = "gem owner #{gemname} #{params}"
-  puts "running: #{command}" if VERBOSE
+OWNERSHIP_ACTIONS = {
+  add: '-a',
+  remove: '-r'
+}
+
+# @param gemname [String]
+# @param profile [String] either an email associated with Rubygems or the
+#                         Rubygems.org profile name
+# @param action [Symbol] either :add or :remove (see OWNERSHIP_ACTIONS)
+def modify_gem_ownership(gemname:, profile:, action:)
+  switch = OWNERSHIP_ACTIONS.fetch(action)
+  sleep(GEM_SLEEP_INTERVAL)
+  command = "gem owner #{gemname} #{switch} #{profile}"
+  $stdout.puts "running: #{command}" if VERBOSE
   Open3.popen3(command) do |stdin, stdout, stderr, wait_thr|
-    @errors << "#{gemname} #{params}: #{stdout.read.chomp}" unless wait_thr.value.success?
+    @errors << "#{command}: #{stdout.read.chomp}" unless wait_thr.value.success?
   end
 end
 
-@gem_names.reject { |gemname| FALSE_POSITIVES.include?(gemname) }.sort.each do |gemname|
+
+@gem_names.sort.each do |gemname|
+  $stdout.puts "Updating #{gemname}..."
+
+  sleep(GEM_SLEEP_INTERVAL)
   current_committers = `gem owner #{gemname} | grep -e ^-`.split("\n")
   current_committers.collect! { |cc| cc.sub(/^.\s+/,'')}
 
+  committers_to_add = @definitive_committers - current_committers
+  committers_to_add.each do |profile|
+    modify_gem_ownership(gemname: gemname, profile: profile, action: :add)
+  end
+
   if ENV.fetch('WITH_REVOKE', false)
     committers_to_remove = current_committers - committer_emails
-    remove_params = committers_to_remove.map { |email| "-r #{email}" }.join(' ')
-    gem_owner_with_error_check(gemname, remove_params)
+    committers_to_remove.each do |profile|
+      modify_gem_ownership(gemname: gemname, profile: profile, action: :remove)
+    end
   end
-
-  committers_to_add = committer_emails - current_committers - SKIP_EMAILS
-  add_params = committers_to_add.map { |email| "-a #{email}" }.join(' ')
-  gem_owner_with_error_check(gemname, add_params)
 end
 
 if @bogus_gem_names.any?