feat: Backup of repository security advisories #475
Conversation
|
@Iamrodos mind helping @lukasbestle figure out how to fix this/maybe add a test case for this too? |
Will do. Can get to it in a few hours later today. @lukasbestle you can give me access to the PR, otherwise I will just attach a patch file you can add which adjusts the tests. I can also add a new test for this. |
|
@lukasbestle here is a patch you can apply which will add the new argument to the tests. Download the file and OR Edit tests/test_all_starred.py and add this line after line 39 (args.include_milestones = False): args.include_security_advisories = FalseAfter this PR is merged, I will submit a new PR that makes the tests less fragile when a new parameter is added. I hit this myself on some of my other PRs and had it as a thing to fix. I might also submit a PR template that includes ## Test plan
- [ ] Tests pass locally (`pytest`)
- [ ] Linting passes (`flake8 --ignore=E501`) |
|
Thanks for your super quick replies and the patch. |
3 participants
About the feature
This PR adds a new
--security-advisoriesargument. This argument is included in--all.When enabled, it grabs the repository security advisories and dumps them into a
security-advisoriesdirectory.This implements #243.
Implementation
I've copied and adapted the existing implementation of
backup_milestonestobackup_security_advisoriesas the underlying GitHub API structure is basically identical.Advisories are indexed by their
ghsa_id(GitHub Security Advisory ID), which is used as a primary key in the GitHub web URLs and also the way these advisories are commonly referred to.Testing
I've tested the code on macOS with a public repo that contains both open and closed advisories.