I have developed a Python script to detect stale users in GitHub anizations. In particular a script that gets all the users of a given GitHub anization and prints it's last activity date.
The script is as follows (explained below):
import requests
def get_github_anization_members(token, anization):
url = f"/{anization}/members"
headers = {
"Authorization": f"token {token}",
"Accept": "application/vnd.github.v3+json"
}
members = []
while url:
response = requests.get(url, headers=headers)
if response.status_code == 200:
members_page = response.json()
members.extend(members_page)
url = response.links.get('next', {}).get('url')
else:
print(f"Failed to retrieve members: {response.status_code}")
break
for member in members:
member_login = member['login']
events_url = f"/{member_login}/events/s/{anization}"
events_response = requests.get(events_url, headers=headers)
if events_response.status_code == 200:
events = events_response.json()
if events:
last_event = events[0]
last_activity = last_event['created_at']
print(f"{member_login}: Last activity on {last_activity}")
else:
print(f"{member_login}: No recent activity")
else:
print(f"Failed to retrieve events for {member_login}: {events_response.status_code}")
if __name__ == "__main__":
token = "<a given PAT token>"
anization = "<a given GitHub anization>"
get_github_anization_members(token, anization)
It works as follows:
- It get a list of the users using the
/{anization}/membersGitHub API method. - For each member in that list, it gets user information using
/{member_login}/events/s/{anization}GitHubAPI method. - The
<a given GitHub anization>is actually an anization name - The
<a given PAT token>is a GitHub token (as the API methods need authentication). It belongs to theuser42(actual user obfuscated) which belongs to the<a given GitHub anization>anization with "Owner" role.
With regards to the user42 PAT (Personal Access Token), taking into account above API documentation, it needs following permissions:
"Events" anization permissions (read)
...
"Members" anization permissions (read)
So the token is configured in that way:
So far, so good.
But, when I run the script I get this:
Failed to retrieve events for user1: 404
Failed to retrieve events for user2: 404
Failed to retrieve events for ...
Failed to retrieve events for user41: 404
user42: Last activity on 2025-02-15T20:56:16Z
Failed to retrieve events for user42: 404
...
Failed to retrieve events for user79: 404
Failed to retrieve events for user80: 404
So:
- The members of the anization are obtained correctly (the anization has 80 users, all them are printed)
- Activity information is not get in any user, except
user42(the one to who the PAT token belongs). All the other cases return a 404.
Probably I'm missing something... maybe the PAT token needs some other permissions? Maybe the users has to configure some way "I want my activity to be shared with the <a given GitHub anization>" in their profiles? Another reason?
In fact, any other way of achieving the goal of detecting stale users in GitHub anizations would suffice. Any feedback on this sense is also very welcome.