Activity via Deploy Keys should be presented differently than Users
Problem to solve
When a user creates a deploy key for a project and then uses that deploy key, the activity stream shows the user themselves performing the actions and does not indicate that this may be an automated process via deploy key.
This is particularly jarring once such a user has left the organization and is blocked, but they continue to appear in the activity stream.
Intended users
Systems Admin, Security Analyst
Further details
By clearly showing the activity is being done via a Deploy Key, it more accurately represents the activity taking place on the system. In addition, it could allow for users to filter out automated processes from the activity stream though I'm not sure how useful that would be.
Proposal
Instead of showing the activity as being from the user, the activity stream should show a deploy key was the source of the activity and the name of the deploy key.
Taken a step further, it seems like it would be useful to have a better management pane (or at least information page) for individual project deploy keys in the admin interface and that the activity stream should link to such a page for each deploy key for users that are admins.
Permissions and Security
NA
Documentation
Deploy Key and/or Activity Stream docs would probably need to be updated.
Testing
What does success look like, and how can we measure that?
Activity stream no longer shows users that created the deploy key as having performed the actions that the deploy key performed, and clearly denotes that it was a particular deploy key.