From 0f633128bf18a7b24e52975d0b4446cedcf282af Mon Sep 17 00:00:00 2001
From: Ben Butler-Cole <ben@bridesmere.com>
Date: Mon, 4 Mar 2024 17:39:58 +0000
Subject: [PATCH] Include security metrics for repos that are later archived

It's fine to exclude all archived repos when looking at the current
state, but the data might be useful for looking at historical trends.
---
 metrics/github/security.py            |  6 ++----
 tests/metrics/github/test_security.py | 12 +++++++-----
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/metrics/github/security.py b/metrics/github/security.py
index 7127881f..c888a11a 100644
--- a/metrics/github/security.py
+++ b/metrics/github/security.py
@@ -32,12 +32,10 @@ def vulnerabilities(client, org, to_date):
     metrics = []
 
     for repo in query.repos(client, org):
-        if repo.archived_on:
-            continue
-
         vulns = list(map(Vulnerability.from_dict, query.vulnerabilities(client, repo)))
 
-        for day in dates.iter_days(repo.created_on, to_date):
+        end = min(to_date, repo.archived_on) if repo.archived_on else to_date
+        for day in dates.iter_days(repo.created_on, end):
             closed_vulns = sum(1 for v in vulns if v.is_closed_on(day))
             open_vulns = sum(1 for v in vulns if v.is_open_on(day))
 
diff --git a/tests/metrics/github/test_security.py b/tests/metrics/github/test_security.py
index 1c388cdd..ace80750 100644
--- a/tests/metrics/github/test_security.py
+++ b/tests/metrics/github/test_security.py
@@ -46,26 +46,28 @@ def test_vulnerability_closed_on_is_closed():
     assert v.is_closed_on(date(2023, 10, 29))
 
 
-def test_vulnerabilities_ignores_archived_repos(monkeypatch):
+def test_vulnerabilities_ignores_archived_repos_after_archive_date(monkeypatch):
+    archive_date = date(2022, 1, 3)
+
     def fake_repos(client, org):
         return [
             Repo(
                 "anything",
                 "anything",
                 created_on=date(2022, 1, 1),
-                archived_on=date(2022, 1, 31),
+                archived_on=archive_date,
             )
         ]
 
     monkeypatch.setattr(security.query, "repos", fake_repos)
 
     def fake_vulnerabilities(client, repo):
-        return [dict(createdAt="2022-02-10T00:00:00Z", fixedAt=None, dismissedAt=None)]
+        return []
 
     monkeypatch.setattr(security.query, "vulnerabilities", fake_vulnerabilities)
 
-    result = security.vulnerabilities({}, "org", date.today())
-    assert len(result) == 0
+    result = security.vulnerabilities({}, "org", date(2022, 1, 10))
+    assert result[-1]["time"] == archive_date
 
 
 def test_vulnerabilities(monkeypatch):