From 90ef03ea3894fa7902cc952174caaa37772e457d Mon Sep 17 00:00:00 2001 From: William Martin Date: Tue, 21 Apr 2026 17:24:17 +0200 Subject: [PATCH 1/3] Enable telemetry without env var --- acceptance/testdata/skills/skills-install.txtar | 1 - acceptance/testdata/skills/skills-preview.txtar | 1 - acceptance/testdata/telemetry/command-invocation.txtar | 1 - acceptance/testdata/telemetry/no-telemetry-for-alias.txtar | 1 - acceptance/testdata/telemetry/no-telemetry-for-completion.txtar | 1 - acceptance/testdata/telemetry/no-telemetry-for-extension.txtar | 1 - acceptance/testdata/telemetry/no-telemetry-for-ghes-user.txtar | 1 - .../testdata/telemetry/no-telemetry-for-send-telemetry.txtar | 1 - .../telemetry/telemetry-failure-does-not-break-command.txtar | 1 - .../telemetry/telemetry-for-official-extension-stub.txtar | 1 - internal/ghcmd/cmd.go | 2 +- 11 files changed, 1 insertion(+), 11 deletions(-) diff --git a/acceptance/testdata/skills/skills-install.txtar b/acceptance/testdata/skills/skills-install.txtar index 0311a0db280..442edb797f6 100644 --- a/acceptance/testdata/skills/skills-install.txtar +++ b/acceptance/testdata/skills/skills-install.txtar @@ -21,7 +21,6 @@ grep 'github-repo' $WORK/custom-skills/git-commit/SKILL.md # Telemetry: skill_install event records agent hosts, repo identifiers, # and (for a public repo) the installed skill name. -env GH_PRIVATE_ENABLE_TELEMETRY=1 env GH_TELEMETRY=log env GH_TELEMETRY_SAMPLE_RATE=100 exec gh skill install github/awesome-copilot git-commit --scope user --force --agent github-copilot diff --git a/acceptance/testdata/skills/skills-preview.txtar b/acceptance/testdata/skills/skills-preview.txtar index af1d0bbbe2c..76aa9a6ecb1 100644 --- a/acceptance/testdata/skills/skills-preview.txtar +++ b/acceptance/testdata/skills/skills-preview.txtar @@ -10,7 +10,6 @@ stderr 'not found' # Telemetry: skill_preview event records repo identifiers and, for a # public repo, the skill name. -env GH_PRIVATE_ENABLE_TELEMETRY=1 env GH_TELEMETRY=log env GH_TELEMETRY_SAMPLE_RATE=100 exec gh skill preview github/awesome-copilot git-commit diff --git a/acceptance/testdata/telemetry/command-invocation.txtar b/acceptance/testdata/telemetry/command-invocation.txtar index 86d668da5bf..d174c5c08f1 100644 --- a/acceptance/testdata/telemetry/command-invocation.txtar +++ b/acceptance/testdata/telemetry/command-invocation.txtar @@ -1,5 +1,4 @@ # Telemetry log mode outputs command invocation event to stderr -env GH_PRIVATE_ENABLE_TELEMETRY=1 env GH_TELEMETRY=log env GH_TELEMETRY_SAMPLE_RATE=100 diff --git a/acceptance/testdata/telemetry/no-telemetry-for-alias.txtar b/acceptance/testdata/telemetry/no-telemetry-for-alias.txtar index 733bea11f5c..2bfe0657dc2 100644 --- a/acceptance/testdata/telemetry/no-telemetry-for-alias.txtar +++ b/acceptance/testdata/telemetry/no-telemetry-for-alias.txtar @@ -2,7 +2,6 @@ # resolved inner command should still record normally — its path is a core # gh command and conveys no user-authored identifier. -env GH_PRIVATE_ENABLE_TELEMETRY=1 env GH_TELEMETRY=log env GH_TELEMETRY_SAMPLE_RATE=100 diff --git a/acceptance/testdata/telemetry/no-telemetry-for-completion.txtar b/acceptance/testdata/telemetry/no-telemetry-for-completion.txtar index 20139ce5f41..1204a7913bb 100644 --- a/acceptance/testdata/telemetry/no-telemetry-for-completion.txtar +++ b/acceptance/testdata/telemetry/no-telemetry-for-completion.txtar @@ -1,5 +1,4 @@ # The completion command should not generate a telemetry event -env GH_PRIVATE_ENABLE_TELEMETRY=1 env GH_TELEMETRY=log env GH_TELEMETRY_SAMPLE_RATE=100 diff --git a/acceptance/testdata/telemetry/no-telemetry-for-extension.txtar b/acceptance/testdata/telemetry/no-telemetry-for-extension.txtar index 19f3d69ccaf..5e9d2ea5d2a 100644 --- a/acceptance/testdata/telemetry/no-telemetry-for-extension.txtar +++ b/acceptance/testdata/telemetry/no-telemetry-for-extension.txtar @@ -3,7 +3,6 @@ # organization or project name). [!exec:bash] skip -env GH_PRIVATE_ENABLE_TELEMETRY=1 env GH_TELEMETRY=log env GH_TELEMETRY_SAMPLE_RATE=100 diff --git a/acceptance/testdata/telemetry/no-telemetry-for-ghes-user.txtar b/acceptance/testdata/telemetry/no-telemetry-for-ghes-user.txtar index f04fabf364e..e8e1d8ffe97 100644 --- a/acceptance/testdata/telemetry/no-telemetry-for-ghes-user.txtar +++ b/acceptance/testdata/telemetry/no-telemetry-for-ghes-user.txtar @@ -1,5 +1,4 @@ # GHES users should not get telemetry even when telemetry is enabled -env GH_PRIVATE_ENABLE_TELEMETRY=1 env GH_TELEMETRY=log env GH_TELEMETRY_SAMPLE_RATE=100 env GH_ENTERPRISE_TOKEN=fake-enterprise-token diff --git a/acceptance/testdata/telemetry/no-telemetry-for-send-telemetry.txtar b/acceptance/testdata/telemetry/no-telemetry-for-send-telemetry.txtar index 28436aaae58..15e59fcf5e1 100644 --- a/acceptance/testdata/telemetry/no-telemetry-for-send-telemetry.txtar +++ b/acceptance/testdata/telemetry/no-telemetry-for-send-telemetry.txtar @@ -1,5 +1,4 @@ # The send-telemetry command should not itself generate a telemetry event -env GH_PRIVATE_ENABLE_TELEMETRY=1 env GH_TELEMETRY=log env GH_TELEMETRY_SAMPLE_RATE=100 env GH_TELEMETRY_ENDPOINT_URL=http://localhost:1 diff --git a/acceptance/testdata/telemetry/telemetry-failure-does-not-break-command.txtar b/acceptance/testdata/telemetry/telemetry-failure-does-not-break-command.txtar index ca1fc4b4ad2..14c4b67a6a8 100644 --- a/acceptance/testdata/telemetry/telemetry-failure-does-not-break-command.txtar +++ b/acceptance/testdata/telemetry/telemetry-failure-does-not-break-command.txtar @@ -1,5 +1,4 @@ # Command completes successfully even when telemetry endpoint is unreachable -env GH_PRIVATE_ENABLE_TELEMETRY=1 env GH_TELEMETRY=enabled env GH_TELEMETRY_SAMPLE_RATE=100 env GH_TELEMETRY_ENDPOINT_URL=http://localhost:1 diff --git a/acceptance/testdata/telemetry/telemetry-for-official-extension-stub.txtar b/acceptance/testdata/telemetry/telemetry-for-official-extension-stub.txtar index c64739af45d..b200590bf27 100644 --- a/acceptance/testdata/telemetry/telemetry-for-official-extension-stub.txtar +++ b/acceptance/testdata/telemetry/telemetry-for-official-extension-stub.txtar @@ -3,7 +3,6 @@ # names come from a fixed, hard-coded registry and do not contain any # user-authored identifiers. -env GH_PRIVATE_ENABLE_TELEMETRY=1 env GH_TELEMETRY=log env GH_TELEMETRY_SAMPLE_RATE=100 diff --git a/internal/ghcmd/cmd.go b/internal/ghcmd/cmd.go index 9512e4b55bb..67b1564e206 100644 --- a/internal/ghcmd/cmd.go +++ b/internal/ghcmd/cmd.go @@ -84,7 +84,7 @@ func Main() exitCode { telemetryService = &telemetry.NoOpService{} default: telemetryState := telemetry.ParseTelemetryState(cfg.Telemetry().Value) - telemetryDisabled := os.Getenv("GH_PRIVATE_ENABLE_TELEMETRY") == "" || mightBeGHESUser(cfg) + telemetryDisabled := mightBeGHESUser(cfg) switch telemetryState { case telemetry.Disabled: From f52acd51e92f24e467f3cac4380e632ca00ff2bc Mon Sep 17 00:00:00 2001 From: orbisai0security Date: Wed, 22 Apr 2026 16:05:54 +0530 Subject: [PATCH 2/3] fix: yaml.github-actions.security.run-shell-injection.run-shell-injection security vulnerability Automated security fix generated by Orbis Security AI --- .github/workflows/deployment.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml index ebda8eda5f6..19ffc51d46c 100644 --- a/.github/workflows/deployment.yml +++ b/.github/workflows/deployment.yml @@ -32,8 +32,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Validate tag name format + env: + TAG_NAME: ${{ inputs.tag_name }} run: | - if [[ ! "${{ inputs.tag_name }}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + if [[ ! "$TAG_NAME" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "Invalid tag name format. Must be in the form v1.2.3" exit 1 fi From 7095e2a4fcad136f196973ebd729c332e374ed41 Mon Sep 17 00:00:00 2001 From: William Martin Date: Wed, 22 Apr 2026 13:48:51 +0200 Subject: [PATCH 3/3] Fix SetSampleRate not updating sample_rate dimension The sample_rate common dimension was set once at service creation time and never updated when SetSampleRate was called later. This caused commands like 'gh skill publish' that override the sample rate via PersistentPreRunE to report the wrong sample_rate in telemetry events (e.g. 1 instead of 100). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- internal/telemetry/telemetry.go | 2 ++ internal/telemetry/telemetry_test.go | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/internal/telemetry/telemetry.go b/internal/telemetry/telemetry.go index e5dcbad9a49..3943060b124 100644 --- a/internal/telemetry/telemetry.go +++ b/internal/telemetry/telemetry.go @@ -14,6 +14,7 @@ import ( "path/filepath" "runtime" "slices" + "strconv" "strings" "sync" "time" @@ -283,6 +284,7 @@ func (s *service) SetSampleRate(rate int) { defer s.mu.Unlock() s.sampleRate = rate + s.commonDimensions["sample_rate"] = strconv.Itoa(rate) } func (s *service) Flush() { diff --git a/internal/telemetry/telemetry_test.go b/internal/telemetry/telemetry_test.go index a796afd677d..98180a1263c 100644 --- a/internal/telemetry/telemetry_test.go +++ b/internal/telemetry/telemetry_test.go @@ -579,6 +579,24 @@ func TestServiceSampling(t *testing.T) { assert.False(t, called, "flusher should not be called after SetSampleRate reduced the rate") }) + t.Run("SetSampleRate updates sample_rate dimension", func(t *testing.T) { + t.Cleanup(stubDeviceID("test-device")) + + var captured SendTelemetryPayload + svc := newService(func(p SendTelemetryPayload) { captured = p }, ghtelemetry.Dimensions{ + "sample_rate": "1", + }) + svc.sampleRate = 1 + svc.sampleBucket = 0 + + svc.SetSampleRate(100) + svc.Record(ghtelemetry.Event{Type: "test"}) + svc.Flush() + + require.Len(t, captured.Events, 1) + assert.Equal(t, "100", captured.Events[0].Dimensions["sample_rate"]) + }) + t.Run("WithSampleRate option sets rate on construction", func(t *testing.T) { t.Cleanup(stubDeviceID("test-device"))