find_inactive_members works with advisories (#289)

jonico · web-flow · commit fd0d09558291 · 2020-01-09T18:20:22.000+01:00
* private forks created to discuss and mitigate security advisories did work with find_incative_members.rb
* readson: GitHub's API returns 404 (not found) instead of an empty set for issues and issue comments of such a private fork if no access is granted
* fix: ignore 404 for issues and issue comments and proceed
diff --git a/api/ruby/find-inactive-members/find_inactive_members.rb b/api/ruby/find-inactive-members/find_inactive_members.rb
@@ -82,7 +82,7 @@ def organization_members
   # get all organization members and place into an array of hashes
     info "Finding #{@organization} members "
     @members = @client.organization_members(@organization).collect do |m|
-      email = 
+      email =
       {
         login: m["login"],
         email: member_email(m[:login]),
@@ -136,30 +136,40 @@ def commit_activity(repo)
   def issue_activity(repo, date=@date)
     # get all issues after specified date and iterate
     info "...Issues"
-    @client.list_issues(repo, { :since => date }).each do |issue|
-      # if there's no user (ghost user?) then skip this   // THIS NEEDS BETTER VALIDATION
-      if issue["user"].nil?
-        next
-      end
-      # if creator is a member of the org and not active, make active
-      if t = @members.find {|member| member[:login] == issue["user"]["login"] && member[:active] == false }
-        make_active(t[:login])
+    begin
+      @client.list_issues(repo, { :since => date }).each do |issue|
+        # if there's no user (ghost user?) then skip this   // THIS NEEDS BETTER VALIDATION
+        if issue["user"].nil?
+          next
+        end
+        # if creator is a member of the org and not active, make active
+        if t = @members.find {|member| member[:login] == issue["user"]["login"] && member[:active] == false }
+          make_active(t[:login])
+        end
       end
+    rescue Octokit::NotFound
+      #API responds with a 404 (instead of an empty set) when repo is a private fork for security advisories
+      info "...no access to issues in this repo ..."
     end
   end
 
   def issue_comment_activity(repo, date=@date)
     # get all issue comments after specified date and iterate
     info "...Issue comments"
-    @client.issues_comments(repo, { :since => date }).each do |comment|
-      # if there's no user (ghost user?) then skip this   // THIS NEEDS BETTER VALIDATION
-      if comment["user"].nil?
-        next
-      end
-      # if commenter is a member of the org and not active, make active
-      if t = @members.find {|member| member[:login] == comment["user"]["login"] && member[:active] == false }
-        make_active(t[:login])
+    begin
+      @client.issues_comments(repo, { :since => date }).each do |comment|
+        # if there's no user (ghost user?) then skip this   // THIS NEEDS BETTER VALIDATION
+        if comment["user"].nil?
+          next
+        end
+        # if commenter is a member of the org and not active, make active
+        if t = @members.find {|member| member[:login] == comment["user"]["login"] && member[:active] == false }
+          make_active(t[:login])
+        end
       end
+    rescue Octokit::NotFound
+      #API responds with a 404 (instead of an empty set) when repo is a private fork for security advisories
+      info "...no access to issue comments in this repo ..."
     end
   end
 
