github-org-manager 0.3.0__tar.gz → 0.4.0__tar.gz

{github_org_manager-0.3.0 → github_org_manager-0.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: github-org-manager
-Version: 0.3.0
+Version: 0.4.0
 Summary: Manage a GitHub Organization, its teams, repository permissions, and more
 Home-page: https://github.com/OpenRailAssociation/github-org-manager
 License: Apache-2.0
@@ -20,6 +20,7 @@ Classifier: Programming Language :: Python :: 3.12
 Classifier: Topic :: Software Development :: Version Control :: Git
 Classifier: Topic :: Utilities
 Requires-Dist: pygithub (>=2.3.0,<3.0.0)
+Requires-Dist: python-slugify (>=8.0.4,<9.0.0)
 Requires-Dist: pyyaml (>=6.0.1,<7.0.0)
 Requires-Dist: requests (>=2.32.3,<3.0.0)
 Project-URL: Repository, https://github.com/OpenRailAssociation/github-org-manager
@@ -77,11 +78,16 @@ You may also be interested in the [live configuration of the OpenRail Associatio
 
 You can execute the program using the command `gh-org-mgr`. `gh-org-mgr --help` shows all available arguments and options.
 
-Some examples:
+Synchronisation examples:
 
-* `gh-org-mgr -c myorgconf`: synchronize the settings of the GitHub organization with your local configuration in the given configuration path (`myorgconf`). This may create new teams, remove/add members, and change permissions.
-* `gh-org-mgr -c myorgconf --dry`: as above, but do not make any modification. Perfect for testing your local configuration and see its potential effects.
-* `gh-org-mgr -c myorgconf --debug`: the first example, but show full debugging information.
+* `gh-org-mgr sync -c myorgconf`: synchronize the settings of the GitHub organization with your local configuration in the given configuration path (`myorgconf`). This may create new teams, remove/add members, and change permissions.
+* `gh-org-mgr sync -c myorgconf --dry`: as above, but do not make any modification. Perfect for testing your local configuration and see its potential effects.
+* `gh-org-mgr sync -c myorgconf --debug`: the first example, but show full debugging information.
+
+Setup team examples:
+
+* `gh-org-mgr setup-team -n "My Team Name" -c myorgconf`: Bootstrap a team configuration for this team name. Will create a file `myorgconf/teams/my-team-name.yaml`, or provide options if this file already exists.
+* `gh-org-mgr setup-team -n "My Team Name" -f path/to/myteam.yaml`: Bootstrap a team configuration for this team name and will force to write it in the given file. If the file already exists, offer some options.
 
 ## License
 

{github_org_manager-0.3.0 → github_org_manager-0.4.0}/README.md

@@ -50,11 +50,16 @@ You may also be interested in the [live configuration of the OpenRail Associatio
 
 You can execute the program using the command `gh-org-mgr`. `gh-org-mgr --help` shows all available arguments and options.
 
-Some examples:
+Synchronisation examples:
 
-* `gh-org-mgr -c myorgconf`: synchronize the settings of the GitHub organization with your local configuration in the given configuration path (`myorgconf`). This may create new teams, remove/add members, and change permissions.
-* `gh-org-mgr -c myorgconf --dry`: as above, but do not make any modification. Perfect for testing your local configuration and see its potential effects.
-* `gh-org-mgr -c myorgconf --debug`: the first example, but show full debugging information.
+* `gh-org-mgr sync -c myorgconf`: synchronize the settings of the GitHub organization with your local configuration in the given configuration path (`myorgconf`). This may create new teams, remove/add members, and change permissions.
+* `gh-org-mgr sync -c myorgconf --dry`: as above, but do not make any modification. Perfect for testing your local configuration and see its potential effects.
+* `gh-org-mgr sync -c myorgconf --debug`: the first example, but show full debugging information.
+
+Setup team examples:
+
+* `gh-org-mgr setup-team -n "My Team Name" -c myorgconf`: Bootstrap a team configuration for this team name. Will create a file `myorgconf/teams/my-team-name.yaml`, or provide options if this file already exists.
+* `gh-org-mgr setup-team -n "My Team Name" -f path/to/myteam.yaml`: Bootstrap a team configuration for this team name and will force to write it in the given file. If the file already exists, offer some options.
 
 ## License
 

{github_org_manager-0.3.0 → github_org_manager-0.4.0}/gh_org_mgr/_gh_org.py

@@ -23,6 +23,7 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
     gh: Github = None  # type: ignore
     org: Organization = None  # type: ignore
     gh_token: str = ""
+    default_repository_permission: str = ""
     org_owners: list[NamedUser] = field(default_factory=list)
     org_members: list[NamedUser] = field(default_factory=list)
     current_teams: dict[Team, dict] = field(default_factory=dict)
@@ -59,6 +60,18 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
         """Convert the dataclass to a JSON string"""
         d = asdict(self)
 
+        # Censor sensible fields
+        def censor_half_string(string: str) -> str:
+            """Censor 50% of a string (rounded up)"""
+            half1 = int(len(string) / 2)
+            half2 = len(string) - half1
+            return string[:half1] + "*" * (half2)
+
+        sensible_keys = ["gh_token"]
+        for key in sensible_keys:
+            d[key] = censor_half_string(d.get(key, ""))
+
+        # Print dict nicely
         def pretty(d, indent=0):
             string = ""
             for key, value in d.items():
@@ -75,9 +88,8 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
     # --------------------------------------------------------------------------
     # Teams
     # --------------------------------------------------------------------------
-    def get_current_teams(self):
+    def _get_current_teams(self):
         """Get teams of the existing organisation"""
-
         for team in list(self.org.get_teams()):
             self.current_teams[team] = {"members": {}, "repos": {}}
 
@@ -85,7 +97,7 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
         """Find out which teams are configured but not part of the org yet"""
 
         # Get list of current teams
-        self.get_current_teams()
+        self._get_current_teams()
 
         # Get the names of the existing teams
         existent_team_names = [team.name for team in self.current_teams]
@@ -108,7 +120,7 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
                 logging.debug("Team '%s' already exists", team)
 
         # Re-scan current teams as new ones may have been created
-        self.get_current_teams()
+        self._get_current_teams()
 
     # --------------------------------------------------------------------------
     # Members
@@ -474,13 +486,55 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
 
         return ""
 
+    def _get_direct_repo_permissions_of_team(self, team_dict: dict) -> tuple[dict[str, str], str]:
+        """Get a list of directly configured repo permissions for a team, and
+        whether the team has a parent"""
+        repo_perms: dict[str, str] = {}
+        # Direct permissions
+        for repo, perm in team_dict.get("repos", {}).items():
+            repo_perms[repo] = perm
+
+        # Parent team
+        parent = team_dict.get("parent", "")
+
+        return repo_perms, parent
+
+    def _get_all_repo_permissions_for_team_and_parents(self, team_name: str, team_dict: dict):
+        """Get a list of all configured repo permissions for a team, also those
+        inherited by parent teams"""
+        all_repo_perms, parent = self._get_direct_repo_permissions_of_team(team_dict=team_dict)
+        # If parents have been found, iterate and merge them
+        while parent:
+            logging.debug(
+                "Checking for repository permissions of %s's parent team %s", team_name, parent
+            )
+            parent_team_dict = self.configured_teams[parent]
+
+            # Handle empty parent dict
+            if not parent_team_dict:
+                break
+
+            # Get repo permissions and potential parent, and add it
+            repo_perm, parent = self._get_direct_repo_permissions_of_team(
+                team_dict=parent_team_dict
+            )
+            for repo, perm in repo_perm.items():
+                # Add (highest) repo permission
+                all_repo_perms[repo] = self._get_highest_permission(
+                    perm, all_repo_perms.get(repo, "")
+                )
+
+        return all_repo_perms
+
     def _get_configured_repos_and_user_perms(self):
         """
         Get a list of repos with a list of individuals and their permissions,
         based on their team memberships
         """
-        for _, team_attrs in self.configured_teams.items():
-            for repo, perm in team_attrs.get("repos", {}).items():
+        for team_name, team_attrs in self.configured_teams.items():
+            logging.debug("Getting configured repository permissions for team %s", team_name)
+            repo_perms = self._get_all_repo_permissions_for_team_and_parents(team_name, team_attrs)
+            for repo, perm in repo_perms.items():
                 # Create repo if non-exist
                 if repo not in self.configured_repos_collaborators:
                     self.configured_repos_collaborators[repo] = {}
@@ -513,14 +567,15 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
         """Convert a repo permission coming from the GraphQL API to the ones
         coming from the REST API"""
         perm_conversion = {
-            "READ": "pull",
-            "TRIAGE": "triage",
-            "WRITE": "push",
-            "MAINTAIN": "maintain",
-            "ADMIN": "admin",
+            "none": "",
+            "read": "pull",
+            "triage": "triage",
+            "write": "push",
+            "maintain": "maintain",
+            "admin": "admin",
         }
-        if permission in perm_conversion:
-            replacement = perm_conversion.get(permission, "")
+        if permission.lower() in perm_conversion:
+            replacement = perm_conversion.get(permission.lower(), "")
             return replacement
 
         return permission
@@ -528,20 +583,22 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
     def _fetch_collaborators_of_repo(self, repo: Repository):
         """Get all collaborators (individuals) of a GitHub repo with their
         permissions using the GraphQL API"""
+        # TODO: Consider doing this for all repositories at once, but calculate
+        # costs beforehand
         query = """
             query($owner: String!, $name: String!, $cursor: String) {
-            repository(owner: $owner, name: $name) {
-                collaborators(first: 20, after: $cursor) {
-                edges {
-                    node {
-                        login
-                    }
-                    permission
-                }
-                pageInfo {
-                    endCursor
-                    hasNextPage
-                }
+                repository(owner: $owner, name: $name) {
+                    collaborators(first: 100, after: $cursor) {
+                        edges {
+                            node {
+                                login
+                            }
+                            permission
+                        }
+                        pageInfo {
+                            endCursor
+                            hasNextPage
+                        }
                 }
             }
         }
@@ -554,6 +611,7 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
         has_next_page = True
 
         while has_next_page:
+            logging.debug("Requesting collaborators for %s", repo.name)
             result = run_graphql_query(query, variables, self.gh_token)
             try:
                 collaborators.extend(result["data"]["repository"]["collaborators"]["edges"])
@@ -586,6 +644,27 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
             # Get users for this repo
             self._fetch_collaborators_of_repo(repo)
 
+    def _get_default_repository_permission(self):
+        """Get the default repository permission for all users. Convert to
+        admin/maintain/push/triage/pull scheme that the REST API provides"""
+        self.default_repository_permission = self._convert_graphql_perm_to_rest(
+            self.org.default_repository_permission
+        )
+
+    def _permission1_higher_than_permission2(self, permission1: str, permission2: str) -> bool:
+        """Check whether permission 1 is higher than permission 2"""
+        perms_ranking = ["admin", "maintain", "push", "triage", "pull", ""]
+
+        def get_rank(permission):
+            return perms_ranking.index(permission) if permission in perms_ranking else 99
+
+        rank_permission1 = get_rank(permission1)
+        rank_permission2 = get_rank(permission2)
+
+        # The lower the index, the higher the permission. If lower than
+        # permission2, return True
+        return rank_permission1 < rank_permission2
+
     def sync_repo_collaborator_permissions(self, dry: bool = False):
         """Compare the configured with the current repo permissions for all
         repositories' collaborators"""
@@ -595,9 +674,13 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
         # The resulting structure is:
         # - configured_repos_collaborators: dict[Repository, dict[username, permission]]
         # - current_repos_collaborators: dict[Repository, dict[username, permission]]
+        logging.debug("Starting to sync collaborator/individual permissions")
         self._get_configured_repos_and_user_perms()
         self._get_current_repos_and_user_perms()
 
+        # Get and convert the default permission for all members so we can check for it
+        self._get_default_repository_permission()
+
         # Loop over all factually existing repositories. This will be a one-way
         # sync. Team permissions have been set before, we are now removing
         # surplus permissions. As no individual permissions are allowed, these
@@ -607,17 +690,21 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
                 # Get configured user permissions for this repo
                 try:
                     config_perm = self.configured_repos_collaborators[repo.name][username]
-                # There is no configured permission for this user in this repo
+                # There is no configured permission for this user in this repo,
+                # so we assume the default permission
                 except KeyError:
-                    config_perm = ""
+                    config_perm = self.default_repository_permission
 
-                if current_perm != config_perm:
+                # Evaluate whether current permission is higher than configured
+                # permission
+                if self._permission1_higher_than_permission2(current_perm, config_perm):
                     # Find out whether user has these unconfigured permissions
                     # due to being member of an unconfigured team. Check whether
                     # these are the same permissions as the team would get them.
                     unconfigured_team_repo_permission = self.unconfigured_team_repo_permissions.get(
                         repo.name, {}
                     ).get(username, "")
+
                     if unconfigured_team_repo_permission:
                         if current_perm == unconfigured_team_repo_permission:
                             logging.info(
@@ -640,6 +727,9 @@ class GHorg:  # pylint: disable=too-many-instance-attributes
                             current_perm,
                         )
 
+                    # Remove person from repo, but only if their repository also
+                    # diverges from the default repository permission given by
+                    # the organization
                     logging.info(
                         "Remove %s from %s. They have '%s' there but should only have '%s'.",
                         username,

github_org_manager-0.4.0/gh_org_mgr/_setup_team.py

@@ -0,0 +1,118 @@
+# SPDX-FileCopyrightText: 2024 DB Systel GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""Functions to help with setting up new team"""
+
+import logging
+from os.path import isfile, join
+from string import Template
+
+from slugify import slugify
+
+TEAM_TEMPLATE = """
+${team_name}:
+  # parent:
+  # repos:
+  # maintainer:
+  member:
+"""
+
+
+def _sanitize_two_exclusive_options(option1: str | None, option2: str | None) -> bool:
+    """Only of of these two options must be provided (not None, empty string is
+    OK). Returns True if no error ocourred"""
+    # There must not be a file_path and config_path provided at the same time
+    if option1 is not None and option2 is not None:
+        logging.critical("The two options must not be provided at the same time. Choose only one.")
+        return False
+    # There must at least be config_path or file_path configured
+    if option1 is None and option2 is None:
+        logging.critical("One of the two options must be provided")
+        return False
+
+    return True
+
+
+def _fill_template(template: str, **fillers) -> str:
+    """Fill a template using a dicts with keys and their values. The function
+    looks for the keys starting with '$' characters"""
+    return Template(template).substitute(fillers).lstrip()
+
+
+def _ask_user_action(question: str, *options: str) -> str:
+    """Ask the user a question and for an action. Return the chosen action."""
+    option_dict: dict[str, str] = {}
+    option_questions: list[str] = []
+    for option in options:
+        # Get first unique characters from the option
+        short = ""
+        i = 0
+        while not short:
+            i += 1
+            short_try = option[:i]
+            if short_try not in option_dict:
+                short = short_try
+                option_questions.append(option.replace(short, f"[{short}]", 1))
+                option_dict[option] = option
+                option_dict[short] = option
+
+    response = ""
+    while response not in option_dict:
+        response = input(f"{question} ({'/'.join(option_questions)}): ")
+
+    return option_dict[response]
+
+
+def write_file(file: str, content: str, append: bool = False) -> None:
+    """Write to a file. Overrides by default, but can also append"""
+    mode = "a" if append else "w"
+    try:
+        with open(file, mode=mode, encoding="UTF-8") as writer:
+            # Add linebreak if using append mode
+            if mode == "a":
+                writer.write("\n")
+
+            # Add content to file
+            writer.write(content)
+    except FileNotFoundError as exc:
+        logging.critical("File %s could not be written: %s", file, exc)
+
+
+def setup_team(
+    team_name: str, config_path: str | None = None, file_path: str | None = None
+) -> None:
+    """Set up a new team inside the config dir with a given name"""
+    _sanitize_two_exclusive_options(config_path, file_path)
+
+    # Come up with file name based on team name in the given config directory
+    if not file_path:
+        # Combine config dir and file name
+        file_path = join(config_path, "teams", slugify(team_name) + ".yaml")  # type: ignore
+        logging.debug("Derived file path: %s", file_path)
+
+    # Fill template
+    yaml_content = _fill_template(TEAM_TEMPLATE, team_name=team_name)
+
+    # If file already exists, ask if file should be extended or overridden, or abort
+    if isfile(file_path):
+        options = ("override", "append", "print", "skip")
+        action = _ask_user_action(
+            f"The file {file_path} exists, what would you like to do?", *options
+        )
+
+        logging.debug("Chosen action: %s", action)
+
+        if action == "skip":
+            print("No action taken")
+        elif action == "print":
+            print()
+            print(yaml_content)
+        elif action in ("override", "append"):
+            append = action == "append"
+            write_file(file=file_path, content=yaml_content, append=append)
+
+    # File does not exist, write file
+    else:
+        print(f"Writing team configuration into {file_path}")
+        write_file(file=file_path, content=yaml_content)

github_org_manager-0.4.0/gh_org_mgr/manage.py

@@ -0,0 +1,131 @@
+# SPDX-FileCopyrightText: 2024 DB Systel GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""Manage a GitHub Organization, its teams, repository permissions, and more"""
+
+import argparse
+import logging
+import sys
+
+from . import __version__, configure_logger
+from ._config import parse_config_files
+from ._gh_org import GHorg
+from ._setup_team import setup_team
+
+# Main parser with root-level flags
+parser = argparse.ArgumentParser(
+    description=__doc__, formatter_class=argparse.ArgumentDefaultsHelpFormatter
+)
+parser.add_argument(
+    "--version", action="version", version="GitHub Organization Manager " + __version__
+)
+
+# Initiate first-level subcommands
+subparsers = parser.add_subparsers(dest="command", help="Available commands", required=True)
+
+# Common flags, usable for all effective subcommands
+common_flags = argparse.ArgumentParser(add_help=False)  # No automatic help to avoid duplication
+common_flags.add_argument("--debug", action="store_true", help="Get verbose logging output")
+
+# Sync commands
+parser_sync = subparsers.add_parser(
+    "sync",
+    help="Synchronise GitHub organization settings and teams",
+    parents=[common_flags],
+)
+parser_sync.add_argument(
+    "-c",
+    "--config",
+    required=True,
+    help="Path to the directory in which the configuration of an GitHub organisation is located",
+)
+parser_sync.add_argument("--dry", action="store_true", help="Do not make any changes at GitHub")
+parser_sync.add_argument(
+    "-A",
+    "--ignore-archived",
+    action="store_true",
+    help="Do not take any action in ignored repositories",
+)
+
+# Setup Team
+parser_create_team = subparsers.add_parser(
+    "setup-team",
+    help="Helps with setting up a new team using a base template",
+    parents=[common_flags],
+)
+parser_create_team.add_argument(
+    "-n",
+    "--name",
+    required=True,
+    help="Name of the team that shall be created",
+)
+parser_create_team_file = parser_create_team.add_mutually_exclusive_group(required=True)
+parser_create_team_file.add_argument(
+    "-c",
+    "--config",
+    help=(
+        "Path to the directory in which the configuration of an GitHub organisation is located. "
+        "If this option is used, the tool will automatically come up with a file name"
+    ),
+)
+parser_create_team_file.add_argument(
+    "-f",
+    "--file",
+    help="Path to the file in which the team shall be added",
+)
+# parser_create_team.add_argument(
+#     "-a",
+#     "--file-exists-action",
+#     help="Define which action shall be taken when the requested output file already exists",
+#     choices=["override", "extend", "skip"]
+# )
+
+
+def main():
+    """Main function"""
+
+    # Process arguments
+    args = parser.parse_args()
+
+    configure_logger(args.debug)
+
+    # Sync command
+    if args.command == "sync":
+        if args.dry:
+            logging.info("Dry-run mode activated, will not make any changes at GitHub")
+
+        org = GHorg()
+
+        # Parse configuration folder, and do sanity check
+        cfg_org, cfg_app, org.configured_teams = parse_config_files(args.config)
+        if not cfg_org.get("org_name"):
+            logging.critical(
+                "No GitHub organisation name configured in organisation settings. Cannot continue"
+            )
+            sys.exit(1)
+
+        # Login to GitHub with token, get GitHub organisation
+        org.login(cfg_org.get("org_name", ""), cfg_app.get("github_token", ""))
+        # Get current rate limit
+        org.ratelimit()
+
+        # Create teams that aren't present at Github yet
+        org.create_missing_teams(dry=args.dry)
+        # Synchronise the team memberships
+        org.sync_teams_members(dry=args.dry)
+        # Report about organisation members that do not belong to any team
+        org.get_members_without_team()
+        # Synchronise the permissions of teams for all repositories
+        org.sync_repo_permissions(dry=args.dry, ignore_archived=args.ignore_archived)
+        # Remove individual collaborator permissions if they are higher than the one
+        # from team membership (or if they are in no configured team at all)
+        org.sync_repo_collaborator_permissions(dry=args.dry)
+
+        # Debug output
+        logging.debug("Final dataclass:\n%s", org.df2json())
+        org.ratelimit()
+
+    # Setup Team command
+    elif args.command == "setup-team":
+        setup_team(team_name=args.name, config_path=args.config, file_path=args.file)

{github_org_manager-0.3.0 → github_org_manager-0.4.0}/pyproject.toml

@@ -4,7 +4,7 @@
 
 [tool.poetry]
 name = "github-org-manager"
-version = "0.3.0"
+version = "0.4.0"
 description = "Manage a GitHub Organization, its teams, repository permissions, and more"
 authors = ["Max Mehl <max.mehl@deutschebahn.com>"]
 readme = "README.md"
@@ -30,6 +30,7 @@ python = "^3.10"
 pygithub = "^2.3.0"
 pyyaml = "^6.0.1"
 requests = "^2.32.3"
+python-slugify = "^8.0.4"
 
 [tool.poetry.group.dev.dependencies]
 black = "^24.3.0"
@@ -38,6 +39,7 @@ mypy = "^1.9.0"
 pylint = "^3.1.0"
 types-pyyaml = "^6.0.12.20240311"
 types-requests = "^2.32.0.20240712"
+bump2version = "^1.0.1"
 
 [build-system]
 requires = ["poetry-core"]

github_org_manager-0.3.0/gh_org_mgr/manage.py

@@ -1,75 +0,0 @@
-# SPDX-FileCopyrightText: 2024 DB Systel GmbH
-#
-# SPDX-License-Identifier: Apache-2.0
-
-"""Manage a GitHub Organization, its teams, repository permissions, and more"""
-
-import argparse
-import logging
-import sys
-
-from . import __version__, configure_logger
-from ._config import parse_config_files
-from ._gh_org import GHorg
-
-parser = argparse.ArgumentParser(
-    description=__doc__, formatter_class=argparse.ArgumentDefaultsHelpFormatter
-)
-parser.add_argument(
-    "-c",
-    "--config",
-    required=True,
-    help="Path to the directory in which the configuration of an GitHub organisation is located",
-)
-parser.add_argument("--debug", action="store_true", help="Get verbose logging output")
-parser.add_argument("--dry", action="store_true", help="Do not make any changes at GitHub")
-parser.add_argument(
-    "-A",
-    "--ignore-archived",
-    action="store_true",
-    help="Do not take any action in ignored repositories",
-)
-parser.add_argument("--version", action="version", version="GitHub Team Manager " + __version__)
-
-
-def main():
-    """Main function"""
-
-    # Process arguments
-    args = parser.parse_args()
-
-    configure_logger(args.debug)
-
-    if args.dry:
-        logging.info("Dry-run mode activated, will not make any changes at GitHub")
-
-    org = GHorg()
-
-    # Parse configuration folder, and do sanity check
-    cfg_org, cfg_app, org.configured_teams = parse_config_files(args.config)
-    if not cfg_org.get("org_name"):
-        logging.critical(
-            "No GitHub organisation name configured in organisation settings. Cannot continue"
-        )
-        sys.exit(1)
-
-    # Login to GitHub with token, get GitHub organisation
-    org.login(cfg_org.get("org_name", ""), cfg_app.get("github_token", ""))
-    # Get current rate limit
-    org.ratelimit()
-
-    # Create teams that aren't present at Github yet
-    org.create_missing_teams(dry=args.dry)
-    # Synchronise the team memberships
-    org.sync_teams_members(dry=args.dry)
-    # Report about organisation members that do not belong to any team
-    org.get_members_without_team()
-    # Synchronise the permissions of teams for all repositories
-    org.sync_repo_permissions(dry=args.dry, ignore_archived=args.ignore_archived)
-    # Remove individual collaborator permissions if they are higher than the one
-    # from team membership (or if they are in no configured team at all)
-    org.sync_repo_collaborator_permissions(dry=args.dry)
-
-    # Debug output
-    logging.debug("Final dataclass:\n%s", org.df2json())
-    org.ratelimit()