Skip to content

Commit a2f5be7

Browse files
committed
Add telemetry for commands
This commit adds telemetry capturing for command execution. The data captured explicitly captured and sent to application insights is only the command id, execution time, and command completion status. We also capture errors thrown by any command execution, but these are not sent to application insights. Telemetry capturing is opt-in. No data will be sent to application insights unless the user explicitly allows it. There are two new config settings added. The first controls whether or not telemetry should be sent. This setting AND the global telemetry setting must be enabled in order for telemetry to be sent. The second setting controls whether or not telemetry event data should be logged to the extension console. The hope here is that users can inspect exactly what data is sent to the server and can have confidence that nothing concerning is being leaked. Note that the global setting for disabling telemetry collection is handled inside the `vscode-extension-telemetry` package implicitly, so this extension doesn't touch that setting explicitly. The `codeql.canary` setting is being used to add an additional flag to telemetry events. This flag will help us determine if a user in internal or not. The application insights key is injected at build time through a repository secret. This commit also includes a new `TELEMETRY.md` file that explains what is being captured, and why.
1 parent f741deb commit a2f5be7

23 files changed

+992
-38
lines changed

.github/workflows/main.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,8 @@ jobs:
3030

3131
- name: Build
3232
working-directory: extensions/ql-vscode
33+
env:
34+
APP_INSIGHTS_KEY: '${{ secrets.APP_INSIGHTS_KEY }}'
3335
run: |
3436
npm run build
3537
shell: bash
@@ -71,6 +73,8 @@ jobs:
7173

7274
- name: Build
7375
working-directory: extensions/ql-vscode
76+
env:
77+
APP_INSIGHTS_KEY: '${{ secrets.APP_INSIGHTS_KEY }}'
7478
run: |
7579
npm run build
7680
shell: bash

.github/workflows/release.yml

Lines changed: 19 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,6 @@ jobs:
2020
build:
2121
name: Release
2222
runs-on: ubuntu-latest
23-
# TODO Share steps with the main workflow.
2423
steps:
2524
- name: Checkout
2625
uses: actions/checkout@v2
@@ -36,7 +35,10 @@ jobs:
3635
shell: bash
3736

3837
- name: Build
38+
env:
39+
APP_INSIGHTS_KEY: '${{ secrets.APP_INSIGHTS_KEY }}'
3940
run: |
41+
echo "APP INSIGHTS KEY LENGTH: ${#APP_INSIGHTS_KEY}"
4042
cd extensions/ql-vscode
4143
npm run build -- --release
4244
shell: bash
@@ -65,6 +67,7 @@ jobs:
6567

6668
- name: Create release
6769
id: create-release
70+
if: github.event_name == 'pull_request'
6871
uses: actions/create-release@v1.0.0
6972
env:
7073
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -79,7 +82,7 @@ jobs:
7982

8083
- name: Upload release asset
8184
uses: actions/upload-release-asset@v1.0.1
82-
if: success()
85+
if: success() && github.event_name == 'pull_request'
8386
env:
8487
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
8588
with:
@@ -90,16 +93,27 @@ jobs:
9093
asset_name: ${{ format('vscode-codeql-{0}.vsix', steps.prepare-artifacts.outputs.ref_name) }}
9194
asset_content_type: application/zip
9295

96+
97+
- name: No Release
98+
if: github.event_name != 'pull_request'
99+
run: |
100+
echo "Not making a release because this is not a pull request"
101+
102+
###
103+
# Do Post release work: version bump and changelog PR
104+
# Only do this if we are running from a PR (ie- this is part of the release process)
105+
93106
# The checkout action does not fetch the main branch.
94107
# Fetch the main branch so that we can base the version bump PR against main.
95108
- name: Fetch main branch
109+
if: github.event_name == 'pull_request'
96110
run: |
97111
git fetch --depth=1 origin main:main
98112
git checkout main
99113
100114
- name: Bump patch version
101115
id: bump-patch-version
102-
if: success()
116+
if: success() && github.event_name == 'pull_request'
103117
run: |
104118
cd extensions/ql-vscode
105119
# Bump to the next patch version. Major or minor version bumps will have to be done manually.
@@ -108,14 +122,14 @@ jobs:
108122
echo "::set-output name=next_version::$NEXT_VERSION"
109123
110124
- name: Add changelog for next release
111-
if: success()
125+
if: success() && github.event_name == 'pull_request'
112126
run: |
113127
cd extensions/ql-vscode
114128
perl -i -pe 's/^/## \[UNRELEASED\]\n\n/ if($.==3)' CHANGELOG.md
115129
116130
- name: Create version bump PR
117131
uses: peter-evans/create-pull-request@c7f493a8000b8aeb17a1332e326ba76b57cb83eb # v3.4.1
118-
if: success()
132+
if: success() && github.event_name == 'pull_request'
119133
with:
120134
token: ${{ secrets.GITHUB_TOKEN }}
121135
commit-message: Bump version to ${{ steps.bump-patch-version.outputs.next_version }}

extensions/ql-vscode/CHANGELOG.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@
22

33
## [UNRELEASED]
44

5+
- Capture usage data from users. See [TELEMETRY.md](https://github.com/github/vscode-codeql/blob/main/TELEMETRY.md) for more information. [#611](https://github.com/github/vscode-codeql/pull/611)
6+
57
## 1.3.10 - 20 January 2021
68

79
- Include the full stack in error log messages to help with debugging. [#726](https://github.com/github/vscode-codeql/pull/726)

extensions/ql-vscode/README.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -110,3 +110,7 @@ For more information about the CodeQL extension, [see the documentation](https:/
110110
## License
111111

112112
The CodeQL extension for Visual Studio Code is [licensed](LICENSE.md) under the MIT License. The version of CodeQL used by the CodeQL extension is subject to the [GitHub CodeQL Terms & Conditions](https://securitylab.github.com/tools/codeql/license).
113+
114+
## Data and Telemetry
115+
116+
If you specifically opt-in to permit GitHub to do so, GitHub will collect usage data and metrics for the purposes of helping the core developers to improve the CodeQL extension for VS Code. This data will not be shared with any parties outside of GitHub. IP addresses and installation IDs will be retained for a maximum of 30 days. Anonymous data will be retained for a maximum of 180 days. Please see [telemetry](TELEMETRY.md) for more information.

extensions/ql-vscode/TELEMETRY.md

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
# Telemetry in the CodeQL extension for VS Code
2+
3+
If you specifically opt-in to permit GitHub to do so, GitHub will collect usage data and metrics for the purposes of helping the core developers to improve the CodeQL extension for VS Code. This data will not be shared with any parties outside of GitHub. IP addresses and installation IDs will be retained for a maximum of 30 days. Anonymous data will be retained for a maximum of 180 days.
4+
5+
## Why do you collect data?
6+
7+
GitHub collects aggregated, anonymous usage data and metrics to help us improve CodeQL for VS Code. IP addresses and installation IDs are collected only to ensure that anonymous data is not duplicated during aggregation.
8+
9+
## What data is collected
10+
11+
GitHub collects the following information related to the usage of the extension. The data collected are:
12+
13+
- The identifiers of any CodeQL-related [VS Code commands](https://code.visualstudio.com/docs/getstarted/tips-and-tricks#_command-palette) that are run
14+
- For each command: the timestamp, time taken, and whether or not the command completed successfully
15+
- VS Code and extension version
16+
- Randomly generated GUID that uniquely identifies a CodeQL extension installation. (Discarded before aggregation.)
17+
- IP address of the client sending the telemetry data. (Discarded before aggregation.)
18+
- Whether or not the `codeQL.canary` setting is enabled and set to `true`
19+
20+
## How long will data be retained?
21+
22+
IP address and GUIDs will be retained for a maximum of 30 days. Anonymous, aggregated data that includes command identifiers, run times, and timestamps will be retained for a maximum of 180 days.
23+
24+
## Who will have access to this data?
25+
26+
IP address and GUIDs will only be available to the core developers of CodeQL. Aggregated data will be available to GitHub employees.
27+
28+
## What data is **NOT** collected?
29+
30+
We only collect the minimal amount of data we need to answer the questions about how our users are experiencing this product. To that end, we do not collect the following information:
31+
32+
- No GitHub user ID
33+
- No CodeQL database names or contents
34+
- No contents of CodeQL queries
35+
- No filesystem paths.
36+
37+
## How do I disable telemetry reporting?
38+
39+
You can disable telemetry collection by setting `codeQL.telemetry.enableTelemetry` to `false` in [your settings](https://code.visualstudio.com/docs/getstarted/settings#_settings-editor). Telemetry collection is disabled by default.
40+
41+
Additionally, telemetry collection will be disabled if the global `telemetry.enableTelemetry` setting is set to `false`. For more information on global telemetry collection, see [Microsoft’s documentation](https://code.visualstudio.com/docs/supporting/faq#_how-to-disable-telemetry-reporting).
42+
43+
## More information
44+
45+
See GitHub's [Privacy Statement](https://docs.github.com/en/free-pro-team@latest/github/site-policy/github-privacy-statement) and [Terms of Service](https://docs.github.com/en/free-pro-team@latest/github/site-policy/github-terms-of-service) for more information.
Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
import * as gulp from 'gulp';
2+
import * as replace from 'gulp-replace';
3+
4+
/** Inject the application insights key into the telemetry file */
5+
export function injectAppInsightsKey() {
6+
if (!process.env.APP_INSIGHTS_KEY) {
7+
// noop
8+
console.log('APP_INSIGHTS_KEY environment variable is not set. So, cannot inject it into the application.');
9+
return Promise.resolve();
10+
}
11+
12+
// replace the key
13+
return gulp.src(['out/telemetry.js'])
14+
.pipe(replace(/REPLACE-APP-INSIGHTS-KEY/, process.env.APP_INSIGHTS_KEY))
15+
.pipe(gulp.dest('out/'));
16+
}

extensions/ql-vscode/gulpfile.ts/index.ts

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,12 @@ import { compileTextMateGrammar } from './textmate';
44
import { copyTestData } from './tests';
55
import { compileView } from './webpack';
66
import { packageExtension } from './package';
7+
import { injectAppInsightsKey } from './appInsights';
78

8-
export const buildWithoutPackage = gulp.parallel(compileTypeScript, compileTextMateGrammar, compileView, copyTestData, copyViewCss);
9-
export { compileTextMateGrammar, watchTypeScript, compileTypeScript, copyTestData };
10-
exports.default = gulp.series(exports.buildWithoutPackage, packageExtension);
9+
export const buildWithoutPackage =
10+
gulp.parallel(
11+
compileTypeScript, compileTextMateGrammar, compileView, copyTestData, copyViewCss
12+
);
13+
14+
export { compileTextMateGrammar, watchTypeScript, compileTypeScript, copyTestData, injectAppInsightsKey };
15+
export default gulp.series(buildWithoutPackage, injectAppInsightsKey, packageExtension);

0 commit comments

Comments
 (0)