enable workflow at organization level (ossf/scorecard-action#88)

* enable workflow at organization level

* added more error checking

* added README, minor fixes

* added support for specifying repo list

* skip repo checks, started writing test

* dynamically pull latest workflow file

* cleanup

* test file resources

* reverted to statically storing workflow file

* removed token

* updated readme

* skip repo upon failure instead of exiting

* renamed global var

Co-authored-by: Naveen <[email protected]>

Author: 2 people

action/multi-repo-action/README.md

@@ -0,0 +1,18 @@
+# Enable OSSF Scorecard Action at an Organization Level
+
+This tool will add the [OpenSSF's Scorecard workflow](https://github.com/ossf/scorecard-action) to all accessible repositories under a given organization. A PR will be created so that owners can decide whether or not they want to include the workflow.
+
+## Setup
+
+Running this tool requires three parameters, which are defined at the top of `org-workflow-add.go`:
+1. ORG_NAME - the name of the organization for which the workflow should be enabled.
+2. PAT - a Personal Access Token with the following scopes:
+    - `repo > public_repo`
+    - `admin:org > read:org`
+3. REPO_LIST (OPTIONAL) - repository names under the organization that the workflow should be added to. If not provided, every repository will be updated.
+
+Another PAT should also be defined as an organization secret for `scorecards-analysis.yml` using steps listed in [scorecard-action](https://github.com/ossf/scorecard-action#pat-token-creation).
+
+## Execution
+
+Execute this process by running `go run org-workflow-add.go` in the command line. Output will be produced for each successfully updated repository.

action/multi-repo-action/go.mod

@@ -0,0 +1,20 @@
+module github.com/ossf/scorecard-actions/cli
+
+go 1.17
+
+require (
+	github.com/google/go-github/v42 v42.0.0
+	github.com/migueleliasweb/go-github-mock v0.0.6
+	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8
+)
+
+require (
+	github.com/golang/protobuf v1.4.2 // indirect
+	github.com/google/go-github/v41 v41.0.0 // indirect
+	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/gorilla/mux v1.8.0 // indirect
+	golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 // indirect
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.25.0 // indirect
+)