feat: add make target to update enterprise repo org #201
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds automation to migrate enterprise repository clones from the openedx GitHub organization to the edx organization by updating git remote URLs.
- Introduces a new bash script
migrate-enterprise-repos.shthat loops through enterprise repositories and updates their remote origins - Adds a
migrate-enterprise-reposMake target for convenient execution - Includes commented-out TODOs for frontend apps and libraries to be migrated in the future
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
| migrate-enterprise-repos.sh | New bash script that updates git remote URLs from openedx to edx org for listed enterprise repositories |
| Makefile | Adds migrate-enterprise-repos target to .PHONY declaration and defines the target to execute the migration script |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
pwnage101
force-pushed
the
pwnage101/ENT-11240
branch
2 times, most recently
from
e0ce095 to
0401843
Compare
pwnage101
force-pushed
the
pwnage101/ENT-11240
branch
from
0401843 to
d15d095
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| fi | ||
| pushd "$DEVSTACK_WORKSPACE/$repo" >/dev/null | ||
| OLD_ORIGIN=$(git remote get-url origin) | ||
| git remote set-url origin $(git remote get-url origin | sed 's/openedx/edx/') |
There was a problem hiding this comment.
The sed command sed 's/openedx/edx/' will replace 'openedx' anywhere in the URL, which could lead to unintended replacements. For example, if the URL contains 'openedx' in a branch name or path, it would be incorrectly modified. Consider using a more specific pattern like sed 's|github.com/openedx/|github.com/edx/|' or sed 's|://github.com/openedx/|://github.com/edx/|' to target only the organization part of the URL.
| git remote set-url origin $(git remote get-url origin | sed 's/openedx/edx/') | |
| git remote set-url origin $(git remote get-url origin | sed 's|github.com/openedx/|github.com/edx/|') |
|
|
||
| for repo in "${REPOS[@]}"; do | ||
| echo "Updating $repo ..." | ||
| if [ ! -d "$DEVSTACK_WORKSPACE/$repo" ]; then |
There was a problem hiding this comment.
The script uses $DEVSTACK_WORKSPACE without checking if it's set. While the variable will be exported when called from the Makefile (line 94 exports all variables), the script could fail with unclear errors if run standalone. Consider adding a check at the beginning of the script, similar to what repo.sh does:
if [ -z "$DEVSTACK_WORKSPACE" ]; then
echo "Error: DEVSTACK_WORKSPACE is not set"
exit 1
fi| echo "Old origin: ${OLD_ORIGIN}" | ||
| echo "New origin: ${NEW_ORIGIN}" |
There was a problem hiding this comment.
echo-ing OLD_ORIGIN and NEW_ORIGIN directly can leak credentials if a Git remote URL embeds a username/password or PAT (e.g., https://user:token@github.com/org/repo.git), since these values will be printed to the terminal or any build logs capturing stdout. An attacker with access to terminal history or CI logs could recover these secrets. Avoid logging full remote URLs; instead, either omit them entirely or redact credentials (e.g., by stripping user:pass@ portions) before printing.
| echo "Old origin: ${OLD_ORIGIN}" | |
| echo "New origin: ${NEW_ORIGIN}" | |
| # Redact credentials from remote URLs before printing | |
| echo "Old origin: $(echo "${OLD_ORIGIN}" | sed -E 's#(https?://)[^/@]+@#\1#')" | |
| echo "New origin: $(echo "${NEW_ORIGIN}" | sed -E 's#(https?://)[^/@]+@#\1#')" |
ENT-11240