GitHub Action that provides an Enterprise Account or Organization Audit of members, repositories and which permissions these members have. The output of this action is a published CSV file in the Actions tab. The user can also configure the action to publish the results to an issue.
The output looks like this running on enterprise
mode:
enterprise | organization | repo | user | login | permission | |
---|---|---|---|---|---|---|
goodcorp | goodcorp-os | node-utils | Vitor Monteiro | bitoiu | ADMIN | |
goodcorp | goodcorp-os | node-utils | Richard Erwin | rerwinx | ADMIN | |
goodcorp | goodcorp-os | node-utils | Kai Hilton-Jones | evil-clone | WRITE | |
goodcorp | core | innersource-docs | Vitor Monteiro | bitoiu | ADMIN | |
goodcorp | core | innersource-docs | Richard Erwin | rerwinx | READ |
- name: Membership Audit Log Action
uses: svanboxel/org-audit-action@master
with:
## `organization` and `enterprise` are mutually exclusive
enterprise: 'goodcorp'
## repo, read:org, read:enterprise (if running with enterprise option)
token: ${{ secrets.TOKEN }}
## issue is optional
issue: true
## samlIdentities is optional
samlIdentities: true
## affiliation is optional - values are 'ALL', 'DIRECT' (i.e. members only) or 'OUTSIDE' (i.e. outside collaborators only)
affiliation: 'ALL'
Depending on your needs you might want to trigger the audit on different events. The simplest one to test it out is to trigger the workflow on push. For this workflow to run properly you'll need to provide it with a secret personal access token from someone that is an org owner or from an application that has that privilege. Providing it a lesser scope might not show all the information for the organization.
The action in the following workflow is configured to:
- Work only on a single
organization
- Expose the linked SAML
nameId
field for your members if your organization is using SAML SSO and you want to retrieve this info (generally a corporate email address used to login with SSO) - Publish results also to an
issue
on: push
jobs:
audit_log:
runs-on: ubuntu-latest
name: Membership Audit Log
- name: Membership Audit Log Action
uses: svanboxel/org-audit-action@v1
with:
organization: 'octodemov2'
token: ${{ secrets.TOKEN }}
issue: true
samlIdentities: true
The action in the following workflow is configured to:
- Work on an
enterprise
account - Publish results also to an
issue
on:
schedule:
# Once a week on Saturday 00:00
- cron: '0 0 * * 6'
jobs:
audit_log:
runs-on: ubuntu-latest
name: Membership Audit Log
- name: Membership Audit Log Action
uses: svanboxel/org-audit-action@v1
with:
enterprise: 'goodcorp'
token: ${{ secrets.TOKEN }}
issue: true
Use a repository_dispatch
event to trigger this workflow. The action in the following workflow is configured to:
- Work on an
enterprise
account - Publish results also to an
issue
on: repository_dispatch
jobs:
audit_log:
runs-on: ubuntu-latest
name: Membership Audit Log
- name: Membership Audit Log Action
uses: svanboxel/org-audit-action@v1
with:
enterprise: 'goodcorp'
token: ${{ secrets.TOKEN }}
issue: true
You can test this action locally by using the following command:
TOKEN=<github_token> ORGANIZATION=<organization name (or use ENTERPRISE=<enterprise_name>)> GITHUB_REPOSITORY=<owner>/<repository> node src/index.js
Open an issue on: https://github.com/svanboxel/org-audit-action