Org Audit Action Save
GitHub Action that provides an Organization Membership Audit
GitHub Membership Audit Action
GitHub Action that provides an Enterprise Account or Organization Audit of members, repositories and which permissions these members have. The output of this action is a published CSV file in the Actions tab. The user can also configure the action to publish the results to an issue.
The output looks like this running on enterprise mode:
| enterprise | organization | repo | user | login | permission | |
|---|---|---|---|---|---|---|
| goodcorp | goodcorp-os | node-utils | Vitor Monteiro | bitoiu | ADMIN | |
| goodcorp | goodcorp-os | node-utils | Richard Erwin | rerwinx | ADMIN | |
| goodcorp | goodcorp-os | node-utils | Kai Hilton-Jones | evil-clone | WRITE | |
| goodcorp | core | innersource-docs | Vitor Monteiro | bitoiu | ADMIN | |
| goodcorp | core | innersource-docs | Richard Erwin | rerwinx | READ |
Action configuration overview
- name: Membership Audit Log Action
uses: svanboxel/org-audit-action@master
with:
## `organization` and `enterprise` are mutually exclusive
enterprise: 'goodcorp'
## repo, read:org, read:enterprise (if running with enterprise option)
token: ${{ secrets.TOKEN }}
## issue is optional
issue: true
## samlIdentities is optional
samlIdentities: true
## affiliation is optional - values are 'ALL', 'DIRECT' (i.e. members only) or 'OUTSIDE' (i.e. outside collaborators only)
affiliation: 'ALL'
Example workflows
Depending on your needs you might want to trigger the audit on different events. The simplest one to test it out is to trigger the workflow on push. For this workflow to run properly you'll need to provide it with a secret personal access token from someone that is an org owner or from an application that has that privilege. Providing it a lesser scope might not show all the information for the organization.
Single org-audit audit on push (good for testing)
The action in the following workflow is configured to:
- Work only on a single
organization - Expose the linked SAML
nameIdfield for your members if your organization is using SAML SSO and you want to retrieve this info (generally a corporate email address used to login with SSO) - Publish results also to an
issue
on: push
jobs:
audit_log:
runs-on: ubuntu-latest
name: Membership Audit Log
- name: Membership Audit Log Action
uses: svanboxel/org-audit-action@v1
with:
organization: 'octodemov2'
token: ${{ secrets.TOKEN }}
issue: true
samlIdentities: true
Enterprise Account audit on a schedule (cron)
The action in the following workflow is configured to:
- Work on an
enterpriseaccount - Publish results also to an
issue
on:
schedule:
# Once a week on Saturday 00:00
- cron: '0 0 * * 6'
jobs:
audit_log:
runs-on: ubuntu-latest
name: Membership Audit Log
- name: Membership Audit Log Action
uses: svanboxel/org-audit-action@v1
with:
enterprise: 'goodcorp'
token: ${{ secrets.TOKEN }}
issue: true
Enterprise Audit triggered by an external service
Use a repository_dispatch event to trigger this workflow. The action in the following workflow is configured to:
- Work on an
enterpriseaccount - Publish results also to an
issue
on: repository_dispatch
jobs:
audit_log:
runs-on: ubuntu-latest
name: Membership Audit Log
- name: Membership Audit Log Action
uses: svanboxel/org-audit-action@v1
with:
enterprise: 'goodcorp'
token: ${{ secrets.TOKEN }}
issue: true
Local testing
You can test this action locally by using the following command:
TOKEN=<github_token> ORGANIZATION=<organization name (or use ENTERPRISE=<enterprise_name>)> GITHUB_REPOSITORY=<owner>/<repository> node src/index.js
Help us improve it
Open an issue on: https://github.com/svanboxel/org-audit-action
Open Source Agenda Badge
