We wanted to change our default visibility to private or internal. After receiving some report and doing tests on our own this is what we found. I’m posting here in case anyone else is searching for help on this topic.
Drone server has a lot of “undocumented” environment variables you can set. By default, a project’s visibility is set to public. You can set it to internal if you want.
However, setting it to “private” for the default doesn’t seem to work. Basically, leave it unset for public, or set it to internal for internal.
This setting only affects newly “synced” repositories. It does not affect ones that were already created and are listed in drone. We used an admin token and the CLI to iterate through the repos and set their visibility to internal if they were previously set to public. Use at your own risk, disclaimers, MIT license, etc…
drone repo ls > drone-public.yml
That would list all your repos and write them to a drone.yml file. This can take a long time depending on how many repos you have. It may even be untenable - then you should use the database and direct access.
#!/bin/bash input="drone-public.yml" while IFS= read -r line do visibility=$(drone repo info $line | grep Visibility) if [ "$visibility" == "Visibility: public" ]; then echo "$line public" echo $line >> drone-moved.yml drone repo update $line --visibility=internal else echo "$line $visibility" fi done < "$input"
That will read in your output file and change the visibility of all of them, one by one, if their visibility was public. It will write the repos you changed to a new file (for auditing, or whatever - maybe undo the changes). And it prints out the visibility of the repositories as it found them.