feature: github event logging

[jbergstroem]

Read all events from github (from commits to pushes to merges to acl, etc) and store them in a database for later use. The idea here is to be able to:

• investigate security incidents (audits -- warn on force pushes, suspicious activity, etc)
• show interesting statistics, perhaps even part of nodejs.org (pushes day/interesting people/new joins/etc)

[williamkapke]

https://www.githubarchive.org keeps track of the events.

Additionally, I have a project that is tracking all of the everts which I import to a postgres database. Still a WIP.

[jbergstroem]

@williamkapke (ref gharchive) thats just public and not stuff like team changes. We want all the stuff.

[williamkapke]

@jbergstroem I was under the impression that the TSC wouldn't approve an org wide hook... but open an issue and find out for certain! It would really make things easier.

[jbergstroem]

@williamkapke i don't know the permissions well enough but was hoping we'd at least have a read-only option for the event logging scenario.

[phillipj]

The new integration feature seems to have read-only for everything. Such an integration could be created by the organization, giving the org admins all the control they need. And given the fact that it would be created and hosted by us, there's surely reason to challenge the no org wide hook policy.

All the "no access" buttons below can be set to "read-only":

[williamkapke]

... Anyhow, all I know is that there's private stuff in the Security repo that a few people said they didn't want broadcast anywhere. Integrations won't change that. I'm only the messenger... I'll let them speak up for themselves beyond this. ;)

[phillipj]

No worries, not trying to shoot down the messenger.

IMO there's a big difference in 3rd party integrations and integrations we create ourselves. Thinking about it, whenever I've heard about the no org wide webhook policy, there's been emphasis on 3rd party webhooks.

On Monday, 26 September 2016, William Kapke notifications@github.com wrote:

... Anyhow, all I know is that there's private stuff in the Security repo that a few people said they didn't want broadcast anywhere. Integrations won't change that. I'm only the messenger... I'll let them speak up for themselves beyond this. ;)

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/nodejs/github-bot/issues/73#issuecomment-249709670, or mute the thread https://github.com/notifications/unsubscribe-auth/ABLLE8N4PO3NxFCJR0wEhM49UKvtJFpYks5quD-ZgaJpZM4J3JlS .