Merge pull request #86 from joshjohanning/fix-enterprise-org-error-ha…

…ndling

fix!: fix error handling when querying enterprise orgs

gh-cli/README.md

@@ -808,19 +808,13 @@ Gets the count of apps in all organizations in a given enterprise
 
 Gets a list of apps (and app information) in all organizations in a given enterprise
 
-### get-organizations-codeowner-usage.sh
-
-Gets the usage of CODEOWNERS files in all repositories in all organizations in a given enterprise (checks `HEAD` for `./`, `./.github`, and `./docs` and returns `TRUE` or `FALSE` for each repository)
-
 ### get-organizations-custom-repository-roles-count.sh
 
 Gets the count of custom repository roles in all organizations in a given enterprise
 
 ### get-organizations-discussions-count.sh
 
-Gets the usage of discussions in all repositories in all organizations in a given enterprise (org-wide discussions have to be created in a repository, so this covers that as well)
-
-
+Gets the count of discussions in all organizations in a given enterprise
 
 ### get-organizations-for-user.sh
 
@@ -834,10 +828,25 @@ Gets the count of organization projects (classic projects) in all organizations
 
 Gets the count of projects (ProjectsV2) in all organizations in a given enterprise
 
+### get-organizations-repositories-codeowner-usage.sh
+
+Gets the usage of CODEOWNERS files in all repositories in all organizations in a given enterprise (checks `HEAD` for `./`, `./.github`, and `./docs` and returns `TRUE` or `FALSE` for each repository)
+
+### get-organizations-repositories-discussions-count.sh
+
+Gets the usage of discussions in all repositories in all organizations in a given enterprise (org-wide discussions have to be created in a repository, so this covers that as well)
+
 ### get-organizations-settings.sh
 
 Gets the settings for all organizations in an enterprise
 
+### get-organizations-webhooks-count.sh
+
+Gets a count of webhooks (and webhook information) in all organizations in an enterprise
+
+> [!NOTE]
+> Requires a GitHub PAT instead of using the OAuth token with the `gh api` - the OAuth token can only retrieve webhooks it created
+
 ### get-organizations-webhooks.sh
 
 Gets a list of webhooks (and webhook information) in all organizations in an enterprise

gh-cli/get-enterprise-organizations.sh

@@ -1,13 +1,23 @@
 #!/bin/bash
 
+# gets a list of organizations for a given enterprise
+
+# need: `gh auth refresh -h github.com -s read:org -s read:enterprise`
+
 if [ -z "$1" ]; then
-  echo "Usage: $(basename $0) <enterprise-slug>"
+  echo "Usage: $(basename $0) <enterprise-slug> <hostname>"
   exit 1
 fi
 
 enterpriseslug=$1
+hostname=${2:-"github.com"}
+export PAGER=""
 
-organizations=$(gh api graphql --paginate -f enterpriseName="$enterpriseslug" -f query='
+# Define color codes
+RED='\033[0;31m'
+NC='\033[0m' # No Color
+
+organizations=$(gh api graphql --hostname $hostname --paginate -f enterpriseName="$enterpriseslug" -f query='
 query getEnterpriseOrganizations($enterpriseName: String! $endCursor: String) {
   enterprise(slug: $enterpriseName) {
     organizations(first: 100, after: $endCursor) {
@@ -30,14 +40,10 @@ merged_organizations=$(echo "$organizations" | jq -s '{organizations: map(.organ
 echo "$merged_organizations" | jq .
 
 # check to see if organizations is null - null error message is confusing otherwise
-if [ -z "$organizations" ]
-then
-  # Define color codes
-  RED='\033[0;31m'
-  NC='\033[0m' # No Color
-
-  # Print colored messages
+if [ -z "$organizations" ] || [[ "$organizations" == *"INSUFFICIENT_SCOPES"* ]]; then
   echo -e "${RED}No organizations found for enterprise: $enterpriseslug${NC}"
-  echo -e "${RED}Check that you have the proper scopes for enterprise, e.g.: 'gh auth refresh -h github.com -s read:org -s read:enterprise'${NC}"
+  echo -e "${RED}  - Check that you have the proper scopes for enterprise with 'gh auth status' - you need at least 'read:enterprise'${NC}"
+  echo -e "${RED}  - You can run 'gh auth refresh -h github.com -s read:org -s read:enterprise' to add the scopes${NC}"
+  echo -e "${RED}  - Or you can run 'gh auth login -h github.com' and authenticate using a PAT with the proper scopes${NC}"
   exit 1
 fi

gh-cli/get-organization-webhooks.sh

@@ -15,29 +15,24 @@ if [ $# -lt 1 ]
 fi
 
 org=$1
-hostname=$2
-format=$3
+hostname=${2:-"github.com"}
+format=${3:-"tsv"}
 export PAGER=""
 
-# set hostname to github.com by default
-if [ -z "$hostname" ]
-then
-  hostname="github.com"
-fi
+# Define color codes
+RED='\033[0;31m'
+NC='\033[0m' # No Color
 
 auth_status=$(gh auth token -h $hostname 2>&1)
 
 if [[ $auth_status == gho_* ]]
 then
-  echo "Token starts with gho_ - use "gh auth login" and authenticate with a PAT with read:org and admin:org_hook scope"
+  echo -e "${RED}Token is an OAuth that starts with \"gho_\" which won't work for this request. To resolve, either:${NC}"
+  echo -e "${RED}  1. use \"gh auth login\" and authenticate with a PAT with \"read:org\" and \"admin:org_hook\" scope${NC}"
+  echo -e "${RED}  2. set an environment variable \"GITHUB_TOKEN=your_PAT\" using a PAT with \"read:org\" and \"admin:org_hook\" scope${NC}"
   exit 1
 fi
 
-if [ -z "$format" ]
-then
-  format="tsv"
-fi
-
 if [ "$format" == "tsv" ]; then
   echo -e "Organization\tActive\tURL\tCreated At\tUpdated At\tEvents"
 fi

gh-cli/get-organizations-apps-count.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# gets the settings for all organizations in an enterprise
+# gets the installed app count for all organizations in an enterprise
 
 # need: `gh auth refresh -h github.com -s read:org -s read:enterprise`
 
@@ -14,13 +14,11 @@ fi
 
 export PAGER=""
 enterpriseslug=$1
-hostname=$2
+hostname=${2:-"github.com"}
 
-# set hostname to github.com by default
-if [ -z "$hostname" ]
-then
-  hostname="github.com"
-fi
+# Define color codes
+RED='\033[0;31m'
+NC='\033[0m' # No Color
 
 organizations=$(gh api graphql --paginate --hostname $hostname -f enterpriseName="$enterpriseslug" -f query='
 query getEnterpriseOrganizations($enterpriseName: String! $endCursor: String) {
@@ -39,21 +37,30 @@ query getEnterpriseOrganizations($enterpriseName: String! $endCursor: String) {
 }' --jq '.data.enterprise.organizations.nodes[].login')
 
 # check to see if organizations is null - null error message is confusing otherwise
-if [ -z "$organizations" ] || [ $? -ne 0 ]
-then
-  # Define color codes
-  RED='\033[0;31m'
-  NC='\033[0m' # No Color
-
-  # Print colored messages
+if [ -z "$organizations" ] || [[ "$organizations" == *"INSUFFICIENT_SCOPES"* ]]; then
   echo -e "${RED}No organizations found for enterprise: $enterpriseslug${NC}"
-  echo -e "${RED}Check that you have the proper scopes for enterprise, e.g.: 'gh auth refresh -h github.com -s read:org -s read:enterprise'${NC}"
+  echo -e "${RED}  - Check that you have the proper scopes for enterprise with 'gh auth status' - you need at least 'read:enterprise'${NC}"
+  echo -e "${RED}  - You can run 'gh auth refresh -h github.com -s read:org -s read:enterprise' to add the scopes${NC}"
+  echo -e "${RED}  - Or you can run 'gh auth login -h github.com' and authenticate using a PAT with the proper scopes${NC}"
   exit 1
 fi
 
 echo -e "Org\tApp Count"
 
+errors=""
+
 for org in $organizations
 do
-  gh api "orgs/$org/installations" --hostname $hostname --jq ". | [\"$org\", .total_count] | @tsv"
+  output=$(gh api "orgs/$org/installations" --hostname $hostname --jq ". | [\"$org\", .total_count] | @tsv" 2>&1)
+
+  if [ $? -ne 0 ]; then
+    errors="$errors\nError accessing organization: $org:\n$output"
+    echo -e "$org\tn/a"
+  else
+    echo "$output"
+  fi
 done
+
+if [ -n "$errors" ]; then
+  echo -e "${RED}\nErrors encountered:\n$errors${NC}"
+fi

gh-cli/get-organizations-apps.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# gets the settings for all organizations in an enterprise
+# gets the installed apps and their details for all organizations in an enterprise
 
 # need: `gh auth refresh -h github.com -s read:org -s read:enterprise`
 
@@ -14,20 +14,13 @@ if [ $# -lt 1 ]
 fi
 
 enterpriseslug=$1
-hostname=$2
-format=$3
+hostname=${2:-"github.com"}
+format=${3:-"tsv"}
 export PAGER=""
 
-# set hostname to github.com by default
-if [ -z "$hostname" ]
-then
-  hostname="github.com"
-fi
-
-if [ -z "$format" ]
-then
-  format="tsv"
-fi
+# Define color codes
+RED='\033[0;31m'
+NC='\033[0m' # No Color
 
 organizations=$(gh api graphql --paginate --hostname $hostname -f enterpriseName="$enterpriseslug" -f query='
 query getEnterpriseOrganizations($enterpriseName: String! $endCursor: String) {
@@ -46,27 +39,35 @@ query getEnterpriseOrganizations($enterpriseName: String! $endCursor: String) {
 }' --jq '.data.enterprise.organizations.nodes[].login')
 
 # check to see if organizations is null - null error message is confusing otherwise
-if [ -z "$organizations" ] || [ $? -ne 0 ]
-then
-  # Define color codes
-  RED='\033[0;31m'
-  NC='\033[0m' # No Color
-
-  # Print colored messages
+if [ -z "$organizations" ] || [[ "$organizations" == *"INSUFFICIENT_SCOPES"* ]]; then
   echo -e "${RED}No organizations found for enterprise: $enterpriseslug${NC}"
-  echo -e "${RED}Check that you have the proper scopes for enterprise, e.g.: 'gh auth refresh -h github.com -s read:org -s read:enterprise'${NC}"
+  echo -e "${RED}  - Check that you have the proper scopes for enterprise with 'gh auth status' - you need at least 'read:enterprise'${NC}"
+  echo -e "${RED}  - You can run 'gh auth refresh -h github.com -s read:org -s read:enterprise' to add the scopes${NC}"
+  echo -e "${RED}  - Or you can run 'gh auth login -h github.com' and authenticate using a PAT with the proper scopes${NC}"
   exit 1
 fi
 
+errors=""
+
 if [ "$format" == "tsv" ]; then
   echo -e "Org\tApp Slug\tApp ID\tCreated At\tUpdated At\tPermissions\tEvents"
 fi
 
 for org in $organizations
 do
   if [ "$format" == "tsv" ]; then
-    gh api "orgs/$org/installations" --hostname $hostname --jq ".installations[] | [\"$org\", .app_slug, .app_id, .created_at, .updated_at, (.permissions | join(\",\")), (if .events | length == 0 then \"null\" else .events | join(\",\") end)] | @tsv"
+    output=$(gh api "orgs/$org/installations" --hostname $hostname --jq ".installations[] | [\"$org\", .app_slug, .app_id, .created_at, .updated_at, (.permissions | join(\",\")), (if .events | length == 0 then \"null\" else .events | join(\",\") end)] | @tsv" 2>&1)
   else
-    gh api "orgs/$org/installations" --hostname $hostname --jq '.installations[]'
+    output=$(gh api "orgs/$org/installations" --hostname $hostname --jq '.installations[]' 2>&1)
+  fi
+
+  if [ $? -ne 0 ]; then
+    errors="$errors\nError accessing organization: $org:\n$output"
+  elif [ -n "$output" ]; then
+    echo "$output"
   fi
 done
+
+if [ -n "$errors" ]; then
+  echo -e "${RED}\nErrors encountered:\n$errors${NC}"
+fi

gh-cli/get-organizations-custom-repository-roles-count.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# gets the custom repository roles for all organizations in an enterprise
+# gets the custom repository roles count for all organizations in an enterprise
 
 # need: `gh auth refresh -h github.com -s read:org -s read:enterprise`
 
@@ -14,13 +14,11 @@ fi
 
 export PAGER=""
 enterpriseslug=$1
-hostname=$2
+hostname=${2:-"github.com"}
 
-# set hostname to github.com by default
-if [ -z "$hostname" ]
-then
-  hostname="github.com"
-fi
+# Define color codes
+RED='\033[0;31m'
+NC='\033[0m' # No Color
 
 organizations=$(gh api graphql --paginate --hostname $hostname -f enterpriseName="$enterpriseslug" -f query='
 query getEnterpriseOrganizations($enterpriseName: String! $endCursor: String) {
@@ -39,21 +37,30 @@ query getEnterpriseOrganizations($enterpriseName: String! $endCursor: String) {
 }' --jq '.data.enterprise.organizations.nodes[].login')
 
 # check to see if organizations is null - null error message is confusing otherwise
-if [ -z "$organizations" ] || [ $? -ne 0 ]
-then
-  # Define color codes
-  RED='\033[0;31m'
-  NC='\033[0m' # No Color
-
-  # Print colored messages
+if [ -z "$organizations" ] || [[ "$organizations" == *"INSUFFICIENT_SCOPES"* ]]; then
   echo -e "${RED}No organizations found for enterprise: $enterpriseslug${NC}"
-  echo -e "${RED}Check that you have the proper scopes for enterprise, e.g.: 'gh auth refresh -h github.com -s read:org -s read:enterprise'${NC}"
+  echo -e "${RED}  - Check that you have the proper scopes for enterprise with 'gh auth status' - you need at least 'read:enterprise'${NC}"
+  echo -e "${RED}  - You can run 'gh auth refresh -h github.com -s read:org -s read:enterprise' to add the scopes${NC}"
+  echo -e "${RED}  - Or you can run 'gh auth login -h github.com' and authenticate using a PAT with the proper scopes${NC}"
   exit 1
 fi
 
-echo -e "Org\tCustoim Role Count"
+echo -e "Org\tCustom Role Count"
+
+errors=""
 
 for org in $organizations
 do
-  gh api "orgs/$org/custom-repository-roles" --hostname $hostname --jq ". | [\"$org\", .total_count] | @tsv"
+  output=$(gh api "orgs/$org/custom-repository-roles" --hostname $hostname --jq ". | [\"$org\", .total_count] | @tsv" 2>&1)
+
+  if [ $? -ne 0 ]; then
+    errors="$errors\nError accessing organization: $org:\n$output"
+    echo -e "$org\tn/a"
+  elif [ -n "$output" ]; then
+    echo "$output"
+  fi
 done
+
+if [ -n "$errors" ]; then
+  echo -e "${RED}\nErrors encountered:\n$errors${NC}"
+fi