copilot-metrics-viewer icon indicating copy to clipboard operation
copilot-metrics-viewer copied to clipboard

Published 20 hours ago verified publisher icon github-copilot-resources

Support for connecting via GitHub App

Open JackColeman opened this issue 9 months ago • 8 comments

In the .env file, there is an option to connect with a GitHub Personal Access Token:

VUE_APP_GITHUB_TOKEN=

In large organizations, there are policies against over granting privileges to tokens for sensitive things like copilot billing and usage. Following the principle of least privilege, we are required to access sensitive data via a GitHub app.

Support for connecting through a GitHub app would allow us to use this project as is. For example:

VUE_APP_GITHUB_KEY=<name of the private key file>
VUE_APP_GITHUB_APPLICATION_ID=<application ID>
VUE_APP_GITHUB_INSTALLATION_ID=<installation ID>

A workaround is to extract the data from the GitHub Copilot Usage endpoint, and store it in a file called src/resources/metricsExample.json and set VUE_APP_MOCKED_DATA=true. This would require additional automation, and the preferred way would be to pull real time data from the API with a GitHub App.

JackColeman avatar May 01 '24 14:05 JackColeman

Thanks for the suggestion @JackColeman - it makes sense. With the GitHub App approach, it would be possible to fetch Copilot usage metrics for organization and Teams but not for Enterprise members. cc: @djopatrny , for awareness

I am adding this one as an enhancement!

martedesco avatar May 01 '24 16:05 martedesco

I've done some experimentation and as per the nature of the app being frontend only it poses a complication to retrieve a pem file so it can authenticate as a GitHub app and generate an IAT. I am exploring if it makes sense to add a light backend for it.

martedesco avatar May 31 '24 16:05 martedesco

I've done a sample implementation here https://github.com/karpikpl/copilot-metrics-viewer it uses a github app user tokens and all the calls to GH are proxied via backend express API

karpikpl avatar Jun 24 '24 13:06 karpikpl

Hi @martedesco , This feature is required within our company. Although we don't see this token information in the page source code, we can see the token information generated through the user with our enterprise license within the outgoing requests to the GitHub APIs. This creates a security vulnerability. What is the current status on this issue? Will you be merging @karpikpl 's developments and PR into master?

muminkoykiran avatar Jul 05 '24 11:07 muminkoykiran

I can make changes if needed to that branch. I'm open to feedback. Right now there are some merge conflicts that I hope to resolve soon

karpikpl avatar Jul 22 '24 13:07 karpikpl

any update on when the "Github App Auth" will be added? Cannot see that it has been added

andersbackman-rf avatar Sep 16 '24 10:09 andersbackman-rf

we're working this week on merging it in. GitHub App Auth will allow viewing metrics on Organization level only (just because Apps are on the org level).

@andersbackman-rf do you also need ability to switch orgs? I'm working on it, but wasn't sure how important that feature is going to be

karpikpl avatar Sep 16 '24 14:09 karpikpl

@karpikpl thanks a lot for replying and big up for creating this tool 💯

I don't have a need to be able to switch orgs. No panic, I was just wondering :)

andersbackman-rf avatar Sep 26 '24 20:09 andersbackman-rf