Add telemetry for commands #611
Conversation
aeisenberg
force-pushed
the
aeisenberg/telemetry
branch
6 times, most recently
from
17ad2a3 to
365b35b
Compare
aeisenberg
force-pushed
the
aeisenberg/telemetry
branch
5 times, most recently
from
1fc7aaf to
dc528bc
Compare
|
Ping @github/docs-content-dsp! We are going to need to create some documentation about what we are and what we are not collecting for telemetry. @sj is working on some of the wording. See our internal issue for more information on this. |
|
|
📚 Thanks for the docs ping! 🛎️ This was added to our docs first-responder project board. A team member will be along shortly to review this for docs impact, but you can also open a 
|
@aeisenberg docs first responder here. 👋 I've opened a tracking issue for add the documentation page that you mentioned above: https://github.com/github/docs-content/issues/3125 |
aeisenberg
force-pushed
the
aeisenberg/telemetry
branch
2 times, most recently
from
01c789d to
a62f6ef
Compare
|
@sj could you take a look at the And at some point, I can walk you through what the UX is going to be like. |
aeisenberg
force-pushed
the
aeisenberg/telemetry
branch
7 times, most recently
from
79c6f81 to
497e492
Compare
aeisenberg
force-pushed
the
aeisenberg/telemetry
branch
from
497e492 to
93831e2
Compare
aeisenberg
force-pushed
the
aeisenberg/telemetry
branch
2 times, most recently
from
531e8d8 to
29d8817
Compare
aeisenberg
force-pushed
the
aeisenberg/telemetry
branch
2 times, most recently
from
a8a28a4 to
89a809f
Compare
|
@sj We are hoping to release this shortly. Could you take a look at the |
aeisenberg
force-pushed
the
aeisenberg/telemetry
branch
3 times, most recently
from
426600c to
e2379bb
Compare
TELEMETRY.md
Outdated
| @@ -0,0 +1,43 @@ | |||
| # Telemetry in the CodeQL extension for VS Code | |||
|
|
|||
| If you specifically opt-in to permit GitHub to do so, GitHub will collect usage data and metrics for the purposes of helping the core developers to improve the CodeQL extension for VS Code. This data will not be shared with any parties outside of GitHub and will be retained for a maximum of 30 days. | |||
There was a problem hiding this comment.
Can we incorporate the fact that this is anonymous data? E.g.:
- "... collect anonymized usage data ..."
- "This anonymized data will ..."?
Or is there a legal reason why we can't?
TELEMETRY.md
Outdated
|
|
||
| ## Why do you collect data? | ||
|
|
||
| GitHub collects usage data and metrics to help us improve CodeQL for VS Code. |
There was a problem hiding this comment.
Again, if possible to include "anonymized" in here that'd be great 🙂
TELEMETRY.md
Outdated
|
|
||
| GitHub collects anonymized information related to the usage of the extensions. The data collected are: | ||
|
|
||
| - Which commands are run. |
There was a problem hiding this comment.
It's probably worth clarifying "commands" here, just to avoid folks thinking that we're collecting which queries they're running. Any security researcher thinking we snoop on their queries will immediately stop using CodeQL.
My suggestion:
"Which CodeQL-related VS Code commands are run" (which links to: https://code.visualstudio.com/docs/getstarted/tips-and-tricks#_command-palette)
TELEMETRY.md
Outdated
|
|
||
| ## How long will data be retained? | ||
|
|
||
| IP address and GUIDs will be retained for a maximum of 30 days. Aggregated data of command identifiers and run times will be retained for a maximum of 180 days. |
There was a problem hiding this comment.
That's not consistent with the text above:
This data will not be shared with any parties outside of GitHub and will be retained for a maximum of 30 days.
TELEMETRY.md
Outdated
|
|
||
| ## How do I disable telemetry reporting? | ||
|
|
||
| You can disable telemetry reporting by setting `codeQL.telemetry.enableTelemetry` to `false` in [your settings](https://code.visualstudio.com/docs/getstarted/settings#_settings-editor). |
There was a problem hiding this comment.
Here it is worth repeating again that telemetry reporting is disabled until and unless the user explicitly agrees with it.
extensions/ql-vscode/README.md
Outdated
|
|
||
| ## Data and Telemetry | ||
|
|
||
| If you specifically opt-in to permit GitHub to do so, GitHub will collect usage data and metrics for the purposes of helping the core developers to improve the CodeQL extension for VS Code. This data will not be shared with any parties outside of GitHub and will be retained for a maximum of 30 days. Please see [telemetry](TELEMENTRY.md) for more information. |
There was a problem hiding this comment.
and will be retained for a maximum of 30 days
There's a bit of an inconsistency here (see my other comment).
extensions/ql-vscode/README.md
Outdated
|
|
||
| ## Data and Telemetry | ||
|
|
||
| If you specifically opt-in to permit GitHub to do so, GitHub will collect usage data and metrics for the purposes of helping the core developers to improve the CodeQL extension for VS Code. This data will not be shared with any parties outside of GitHub and will be retained for a maximum of 30 days. Please see [telemetry](TELEMENTRY.md) for more information. |
There was a problem hiding this comment.
As per my other comments, it'd be great if we could work in the word "anonymized" a few times 🙂
|
Thanks for your comments, @sj. I think I addressed them all. The wording is more complex now, but also more precise sine I need to distinguish between the anonymous and non-anonymized data. |
|
|
|
Thanks @sj! Yes, this PR includes all of the telemetry code for the extension. |
|
Also, the failing |
aeisenberg
force-pushed
the
aeisenberg/telemetry
branch
3 times, most recently
from
a2f5be7 to
1130cbd
Compare
|
@aeisenberg : I think some changes that you made previously have now disappeared again. I've added some more comments in places where I think this might have happened (or I might have just completely misremembered). Thanks! |
This commit adds telemetry capturing for command execution. The data captured explicitly captured and sent to application insights is only the command id, execution time, and command completion status. We also capture errors thrown by any command execution, but these are not sent to application insights. Telemetry capturing is opt-in. No data will be sent to application insights unless the user explicitly allows it. There are two new config settings added. The first controls whether or not telemetry should be sent. This setting AND the global telemetry setting must be enabled in order for telemetry to be sent. The second setting controls whether or not telemetry event data should be logged to the extension console. The hope here is that users can inspect exactly what data is sent to the server and can have confidence that nothing concerning is being leaked. Note that the global setting for disabling telemetry collection is handled inside the `vscode-extension-telemetry` package implicitly, so this extension doesn't touch that setting explicitly. The `codeql.canary` setting is being used to add an additional flag to telemetry events. This flag will help us determine if a user in internal or not. The application insights key is injected at build time through a repository secret. This commit also includes a new `TELEMETRY.md` file that explains what is being captured, and why.
When someone disables and then re-enables the global telemetry setting, the telemetry recorder needs to be recreated in order to allow it to respond to events again. Also, write the telemetry log item in the same telemetry processor as is used to remove unused fields. This ensures there is no race condition on the order of telemetry processors being run. We always log after fields are removed.
aeisenberg
force-pushed
the
aeisenberg/telemetry
branch
from
125baf6 to
31718e4
Compare
Create them for appropriately named tags and workflow dispatch as well.
aeisenberg
force-pushed
the
aeisenberg/telemetry
branch
from
31718e4 to
83b1dd0
Compare
This commit adds telemetry capturing for command execution. The data captured is only the command id.
We also capture errors thrown by any command execution.
This adds telemetry to an Azure application insights instance. Talk to me if you want access to it.
We still need a way to notify users that telemetry is being collected and a way to disable it.
Also:
telemetry before using.
features.
Checklist
@github/docs-content-dsphas been cc'd in all issues for UI or other user-facing changes made by this pull request.