Cleanup old users

Hello! I’m very new to Drone but I’ve been asked to find a way to automatically clean out old users in Drone when they’re disabled in our GitHub.

I can get a list of GitHub users through their api and I’ve also used the Drone cli to do the same on the Drone side. After a simple diff I can see which users I need to remove, but I’m just not certain the best way to automate this. We’d like this to be done from within Drone somehow.

We’re running Drone self-hosted.

It was suggested to me to create a pipeline in Drone for this but I suppose we could also just create a cron job on the server for it. Looking for thoughts on the matter…

The easiest way to automate would be to use the CLI or API (or SDK). You could use the CLI with xargs to remove users in batch. You could also setup a github webhook to notify you every time a user is removed from the organization, and then use the CLI or API to remove the user from Drone.

• https://docs.drone.io/cli/install/
• https://docs.drone.io/api/overview/
• https://github.com/drone/drone-go
• https://github.com/drone/drone-node

Thanks Brad, I wasn’t quite sure how to put all the pieces together that you suggested, particularly using a GitHub webhook. Can Drone process a webhook like that one? I’m afraid I don’t know Drone well enough yet to pull that off.

In the meantime, I’ve just created a local cron job on the vm hosting the drone server container that has tokens for GitHub and Drone and just uses gh and the drone cli to compare users and remove any deltas.

No, this is not something Drone would handle. You would have to write a small, standalone microservice that would be capable of receiving and parsing github webhooks. If if receives a user removal webhook from github, you could use the Drone API to remove the user from Drone.

Below is some example code that demonstrates how this might work.

First you would need to deploy this microservice somewhere with a public address so that it can receive GitHub wehbooks. Next you would create webhook in your organization settings screen in GitHub where the payload url is the public address of your microservice. Finally, you would configure the webhook to only trigger for Organization events (select the “Let me select individual events” radio button and check the “Organizations” checkbox that appears below).

Disclaimer that the below example is pseudocode and is non-functional; you will probably need to modify the code to get it working.

const axios = require('axios')
const express = require('express')
const app = express()
const port = 3000
const token = 'your-drone-access-token'

app.use(express.json());

app.post('/', (req, res) => {
  if (req.body.removed) {
    axios.delete(`https://drone.company.com/api/users/${req.body.member}?access_token=${token}`)
  }
})

app.listen(port, () => {
  console.log(`Example microservice listening at http://localhost:${port}`)
})