Skip to content

Add new stream only audit event for repo download of public projects

What does this MR do and why?

  1. Add new stream only audit event for repo download of public projects
  2. Make the existing repository_download_operation audit event only for repository download of non public projects.
  3. For public projects the new public_repository_download_operation stream only audit event is created.


Since this is a breaking change it needs to be deployed only during the following windows as per this slack message [INTERNAL]

  • 2024-04-22 09:00 UTC to 2024-04-24 22:00 UTC
  • 2024-04-29 09:00 UTC to 2024-05-01 22:00 UTC
  • 2024-05-06 09:00 UTC to 2024-05-08 22:00 UTC

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Ensure you have ultimate license.
  2. Setup audit event streaming destination (Eg: HTTP) by following the docs. You can use public products like for setting up streaming destination.
  3. Download the source code of public project. (See docs). Ensure that a streaming event is creating with event type public_repository_download_operation and no new audit event is created in the database.
  4. Now download the source code of a private project and ensure that a streaming event is created with event type repository_download_operation and a new audit event is also created in the database. You can verify this by going to the group audit events dashboard.

Closes #383218 (closed)

Edited by Huzaifa Iftikhar

Merge request reports