-
-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[catalog] Write a script that scrapes the GH traffic API #53
Comments
IIUC Github Apps can access the Perhaps a Github App could be a good way to set this up. Each repo to be listed on the catalog could install the app and that app could periodically query the traffic endpoint and send the data wherever it's needed. As a simpler alternative I tried running the query in a GH action, but it looks like the automatic |
That's a good idea, and we've been working with the Google team on permissions for another GitHub App (publishing new ruleset releases to BCR) so I think this can reuse a lot of work from @kormide |
@ashi009 this might be a place to start. |
I believe the best approach's to build an GitHub app to do this. So that we no longer need a personal access token to access the endpoint. Instead we can grant permission to this app, which will definitively make secops happy. |
Yes and it might also let us handle "registration" - installing that app is enough to get your ruleset added to our catalog instead of needing to send a separate PR |
Correct. Which sounds like a more user friendly approach. And by having
this app installed we will be able to automate a lot of things, ie what
dependencybot is doing today.
But on the other hand, creating a GitHub App is more demanding on initial
designing compared to a single purpose script.
Alex Eagle ***@***.***>于2023年2月5日 周日23:16写道:
Yes and it might also let us handle "registration" - installing that app
is enough to get your ruleset added to our catalog instead of needing to
send a separate PR
—
Reply to this email directly, view it on GitHub
<#53 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAFH2B4T7LMKL3J3I6CBUXDWV6757ANCNFSM56B45P7A>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
Sent from Gmail Mobile
|
I just finished a POC Github App in go. The traffic API requires only read-only access to admin and meta to work. We can talk about this more after I send the PR. |
I think @kormide will be a good code reviewer for that. |
Some Googler with GH auth token could run this script on some cadence and hand the data dump to the SIG so we get relative numbers.
I emailed with the team:
"
Maybe obvious, but the Bazel team doesn't actually have to do any work here, if you were willing to share a GitHub access token that has needed permission across the bazelbuild org. This is what blocks an outside party from gathering numbers:
@meteorcloudy indicated willingness to accept a PR on the bazelbuild/bazel_metrics repo via email:
So this ticket is to create such a script, along with a process (can just be a scheduled reminder email) for someone at Google to run the script, and it should publish the data to a place we can ingest (maybe a GH Gist or something simple like that)
The text was updated successfully, but these errors were encountered: