Expand captured release actions in audit log
Problem to solve
In #32807 (closed), we added the capability for the audit logs to reflect common release actions. This issue will expand the audit log for release to include:
UI release created event
assets added to release content
Primary use case for auditing release events include:
- Tracking when and who created a release from GitLab after a deployment has occurred
- Surfacing records of evidence attached to releases upon request from an auditing firm in the download
- Reviewing content of edits with who made the edits to a release in a retrospective
In this second iteration, we will record the user action in releases that are now supported: `delete release'
Similar to the example above
||"Release Created in UI"
||"Associated assets to release"
- [Add package]
Permissions and Security
- Changes to audit logs should follow the normal access/permissions of Audit Logs at GitLab
- Downloads of audit logs should follow the normal access/permissions of Audit Logs at GitLab
- Guests/non-GitLab users should not be able to download, edit, or change audit logs
- Audit Events Documentation - for audit events permissions and implementation
- Log System Documentation - Administrations of Audit Logs
- This audit log content needs to be
view onlyby all users, with
edit logpermissions following the audit log permission structure
What does success look like, and how can we measure that?
- The usage of this feature will be related to the downloads of the audit logs, so we should see an increase in audit log downloads for releases when these items are added
- % increase in MAU for release audit logs
Links / references
- #121 (closed) - this API might be leveraged for this issue