search

github-adv-sec / bootcamp-automation

MIT License
0 stars 2 forks source link

readme

GHAS Bootcamp Automation

Hey 👋. This is the repo that handles automation for managing GHAS bootcamp environments.

For GHAS bootcamps, we provision an entire GitHub organization for attendees. This organization is created in a GitHub enterprise that already has GHAS licenses provisioned. The reason we create an org instead of just a repo is so the learners are able to fully manage their own GitHub organization and get a better understanding of the enterprise level activities they will need to undertake as managers of a GHAS environment.

This repository automation handles the creation and destruction of the learner environments.

How do I use the automation?

The automation is entirely issue-ops driven. Here's a video to walk you through the process.

https://github.com/ghas-bootcamp-admin/bootcamp-automation/assets/4910518/0a842762-ea13-4b95-b34c-b4cf72584d4d

Creating a new environment

To create a new bootcamp environment you will need a couple things:

That's it! Once you have that information, click the button below.

start-new-issue

Note Creating a new environment will notify the attendees via email.

Once the automation is complete, a comment will be added to the issue describing the completion state. The bot will also share a table with links to the learner bootcamp orgs, as well as the facilitator orgs.

Decomissioning a bootcamp environment

The process for decomissioning a bootcamp environment is not fully automated (on a schedule) yet. You can manually kick off the teardown process by following these steps:

  1. Navigate to Actions in this repository

  2. Select the GHAS Bootcamp Teardown workflow

    image

  3. Select Run Workflow dropdown

    image

  4. Enter the issue number from the creation process that you would like to tear down

    image

The automation process will run and notify you of the completion status.

Changing configuration settings

The config.yml file contains all the settings to control how the automation operates. There shouldn't be many changes that happen here. You can configure the following items:

What does the automation do?

Once the automation is complete, it will create a new org for each attendee with a name in the format of ghas-bootcamp-<bootcamp date>-<attendee handle>. The automation will also create a bootcamp org for each facilitator using the same naming structure as the attendees.

Warning It's really important the date in your issue is unique. We use the date to create entropy in the org name. The automation will fail if there is a conflict in the naming of the org.

After the creation of the orgs, all of the repos that are listed in the repos-to-fork field of config.yml will be forked into the bootcamp environments.

Once the learner orgs are complete, the facilitators will be invited as admins of the learner orgs and notifications are sent out to everyone to join the new orgs.

Prerequisites

This automation could be used in any GitHub enterprise with GHAS licenses available. There are a couple pre-reqs that need to be met for the automation to work.

Tokens

You'll need an Actions secret inside this repository titled ENT_ADMIN_TOKEN. This token is used to create the orgs and invite users. This token needs to have some pretty broad rights. It needs to be created by an enterprise admin for the enterprise listed in your configuration file. This token needs to have the following rights:

Labels

The labels called out in config.yml will need to be created inside this repository before running the automation for the first time. This automation doesn't have the ability to create labels for issues, so if the labels don't exist, the automation will fail.