v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →

turbot/github

Overview

steampipe plugin install githubsteampipe plugin install github

github_actions_artifact github_actions_repository_runner github_actions_repository_secret github_actions_repository_workflow_run github_audit_log github_blob github_branch github_branch_protection github_code_owner github_commit github_community_profile github_gist github_gitignore github_issue github_issue_comment github_license github_my_gist github_my_issue github_my_organization github_my_repository github_my_star github_my_team github_organization github_organization_collaborator github_organization_dependabot_alert github_organization_external_identity github_organization_member github_pull_request github_pull_request_comment github_pull_request_review github_rate_limit github_rate_limit_graphql github_release github_repository github_repository_collaborator github_repository_content github_repository_dependabot_alert github_repository_deployment github_repository_environment github_repository_ruleset github_repository_sbom github_repository_vulnerability_alert github_search_code github_search_commit github_search_issue github_search_label github_search_pull_request github_search_repository github_search_topic github_search_user github_stargazer github_tag github_team github_team_member github_team_repository github_traffic_view_daily github_traffic_view_weekly github_tree github_user github_workflow

Table: github_repository_ruleset - Query GitHub Repository Rulesets using SQL

GitHub Repository Rulesets is a feature within GitHub that allows organizations to enforce rules and conditions on repositories. These rulesets help manage repository settings, and permissions, and enforce best practices.

Table Usage Guide

The github_repository_ruleset table provides insights into the rulesets within GitHub repositories. As a project manager or team lead, you can explore ruleset-specific details through this table, including ruleset ID, name, enforcement level, bypass actors, and conditions. Utilize it to enforce repository policies, manage permissions, and ensure compliance with organizational standards.

Important Notes

You must specify the repository_full_name column in the where or join clause to query the table.

Examples

List all rulesets in a repository

Explore all rulesets within a specific repository, including their enforcement levels and creation dates, to understand and manage repository policies.

select
  name,
  enforcement,
  created_at
from
  github_repository_ruleset
where
  repository_full_name = 'pro-cloud-49/test-rule';

select
  name,
  enforcement,
  created_at
from
  github_repository_ruleset
where
  repository_full_name = 'pro-cloud-49/test-rule';

Get rules from a specific ruleset

Retrieve the detailed rules of a specific ruleset within your repository. This can be useful for reviewing the rules enforced and ensuring they align with your project requirements.

select
  name,
  r ->> 'id' as rule_id,
  r ->> 'type' as rule_type,
  r ->> 'parameters' as rule_parameters
from
  github_repository_ruleset,
  jsonb_array_elements(rules) as r
where
  repository_full_name = 'pro-cloud-49/test-rule'
  and name = 'test34';

select
  name,
  json_extract(r.value, '$.id') as rule_id,
  json_extract(r.value, '$.type') as rule_type,
  json_extract(r.value, '$.parameters') as rule_parameters
from
  github_repository_ruleset,
  json_each(rules) as r
where
  repository_full_name = 'pro-cloud-49/test-rule'
  and name = 'test34';

Get bypass actors for a specific ruleset

Identify the actors who can bypass the ruleset within your repository. This information is crucial for managing exceptions and understanding who has elevated permissions.

select
  name,
  b ->> 'id' as bypass_actor_id,
  b ->> 'deploy_key' as deploy_key,
  b ->> 'bypass_mode' as bypass_mode,
  b ->> 'repository_role_name' as repository_role_name,
  b ->> 'repository_role_database_id' as repository_role_database_id
from
  github_repository_ruleset,
  jsonb_array_elements(bypass_actors) as b
where
  repository_full_name = 'pro-cloud-49/test-rule'
  and name = 'test34';

select
  name,
  json_extract(b.value, '$.id') as bypass_actor_id,
  json_extract(b.value, '$.deploy_key') as deploy_key,
  json_extract(b.value, '$.bypass_mode') as bypass_mode,
  json_extract(b.value, '$.repository_role_name') as repository_role_name,
  json_extract(b.value, '$.repository_role_database_id') as repository_role_database_id
from
  github_repository_ruleset,
  json_each(bypass_actors) as b
where
  repository_full_name = 'pro-cloud-49/test-rule'
  and name = 'test34';

List rulesets with specific enforcement levels

Identify rulesets within a repository that have specific enforcement levels, helping to understand the compliance and security posture of the repository.

select
  name,
  enforcement
from
  github_repository_ruleset
where
  repository_full_name = 'pro-cloud-49/test-rule'
  and enforcement = 'strict';

select
  name,
  enforcement
from
  github_repository_ruleset
where
  repository_full_name = 'pro-cloud-49/test-rule'
  and enforcement = 'strict';

List all rulesets created after a specific date

Retrieve all rulesets that were created after a specified date, useful for auditing and tracking recent changes in repository policies.

select
  name,
  created_at
from
  github_repository_ruleset
where
  repository_full_name = 'pro-cloud-49/test-rule'
  and created_at > '2023-01-01T00:00:00Z';

select
  name,
  created_at
from
  github_repository_ruleset
where
  repository_full_name = 'pro-cloud-49/test-rule'
  and created_at > '2023-01-01T00:00:00Z';

List update parameters

List rules with update parameters, focusing on the update_allows_fetch_and_merge setting.

select
  id,
  name,
  r -> 'parameters' ->> 'Type' as type,
  r -> 'parameters' -> 'UpdateParameters' ->> 'update_allows_fetch_and_merge' as update_allows_fetch_and_merge
from
  github_repository_ruleset,
  jsonb_array_elements(rules) as r
where
  repository_full_name = 'pro-cloud-49/test-rule'
  and (r -> 'parameters' ->> 'Type') = 'UpdateParameters';

select
  id,
  name,
  json_extract(r.value, '$.parameters.Type') as type,
  json_extract(
    r.value,
    '$.parameters.UpdateParameters.update_allows_fetch_and_merge'
  ) as update_allows_fetch_and_merge
from
  github_repository_ruleset,
  json_each(rules) as r
where
  repository_full_name = 'pro-cloud-49/test-rule'
  and json_extract(r.value, '$.parameters.Type') = 'UpdateParameters';

List workflow parameters

List rules with workflow parameters, focusing on the workflow configurations.

select
  id,
  name,
  r -> 'parameters' ->> 'Type' as type,
  r -> 'parameters' -> 'WorkflowsParameters' ->> 'workflows' as workflows
from
  github_repository_ruleset,
  jsonb_array_elements(rules) as r
where
  repository_full_name = 'pro-cloud-49/test-rule'
  and (r -> 'parameters' ->> 'Type') = 'WorkflowsParameters';

select
  id,
  name,
  json_extract(r.value, '$.parameters.Type') as type,
  json_extract(
    r.value,
    '$.parameters.WorkflowsParameters.workflows'
  ) as workflows
from
  github_repository_ruleset,
  json_each(rules) as r
where
  repository_full_name = 'pro-cloud-49/test-rule'
  and json_extract(r.value, '$.parameters.Type') = 'WorkflowsParameters';

List pull request parameters

List rules with pull request parameters, including various settings such as code owner review requirements.

select
  id,
  name,
  r -> 'parameters' ->> 'Type' as type,
  r -> 'parameters' -> 'PullRequestParameters' ->> 'require_code_owner_review' as require_code_owner_review,
  r -> 'parameters' -> 'PullRequestParameters' ->> 'required_approving_review_count' as required_approving_review_count
from
  github_repository_ruleset,
  jsonb_array_elements(rules) as r
where
  repository_full_name = 'pro-cloud-49/test-rule'
  and (r -> 'parameters' ->> 'Type') = 'PullRequestParameters';

select
  id,
  name,
  json_extract(r.value, '$.parameters.Type') as type,
  json_extract(
    r.value,
    '$.parameters.PullRequestParameters.require_code_owner_review'
  ) as require_code_owner_review,
  json_extract(
    r.value,
    '$.parameters.PullRequestParameters.required_approving_review_count'
  ) as required_approving_review_count
from
  github_repository_ruleset,
  json_each(rules) as r
where
  repository_full_name = 'pro-cloud-49/test-rule'
  and json_extract(r.value, '$.parameters.Type') = 'PullRequestParameters';

List required status check parameters

List rules with required status check parameters.

select
  id,
  name,
  r -> 'parameters' ->> 'Type' as type,
  r -> 'parameters' -> 'RequiredStatusChecksParameters' ->> 'required_status_checks' as required_status_checks
from
  github_repository_ruleset,
  jsonb_array_elements(rules) as r
where
  repository_full_name = 'pro-cloud-49/test-rule';

select
  id,
  name,
  json_extract(r.value, '$.parameters.Type') as type,
  json_extract(
    r.value,
    '$.parameters.RequiredStatusChecksParameters.required_status_checks'
  ) as required_status_checks
from
  github_repository_ruleset,
  json_each(rules) as r
where
  repository_full_name = 'pro-cloud-49/test-rule';

Schema for github_repository_ruleset

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
bypass_actors	jsonb		The list of actors who can bypass the ruleset.
conditions	jsonb		The conditions under which the ruleset applies.
created_at	timestamp with time zone		The date and time when the ruleset was created.
database_id	bigint		The database ID of the ruleset.
enforcement	text		The enforcement level of the ruleset.
id	text		The ID of the ruleset.
name	text		The name of the ruleset.
repository_full_name	text	=	Full name of the repository that contains the ruleset.
rules	jsonb		The list of rules in the ruleset.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- github

You can pass the configuration to the command with the --config argument:

steampipe_export_github --config '<your_config>' github_repository_ruleset