github_app/src/lib.rs at f68d4b10ecdd515de3ebc509c5d3c7fd7730349d · inputlayer/github_app · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
pub mod app_auth;
pub mod config;
pub mod error;
pub mod gitops;
pub mod tracing_sanitizer;
pub mod webhook;

pub use app_auth::GitHubTokenProvider;
pub use config::GitHubAppConfig;
pub use error::GitHubError;
pub use gitops::GitHubGitOps;
pub use tracing_sanitizer::sanitize_sensitive_data;
pub use webhook::{PushEvent, WebhookEvent, WebhookVerifier};

use tracing_subscriber::{fmt, layer::SubscriberExt, util::SubscriberInitExt, EnvFilter};

/// Initialize tracing with automatic sanitization of sensitive data
///
/// This sets up structured logging with automatic redaction of:
/// - GitHub tokens (ghp_, gho_, ghu_, ghs_, ghr_)
/// - Credentials in URLs
/// - Bearer tokens
/// - x-access-token URLs
///
/// # Environment Variables
///
/// - `RUST_LOG`: Control log level (e.g., "debug", "info", "warn", "error")
///   - Default: "info"
///   - Example: `RUST_LOG=debug cargo run`
///
/// # Examples
///
/// ```no_run
/// use github_app::init_tracing;
///
/// // Initialize once at application startup
/// init_tracing();
///
/// // Now all logs will have sensitive data automatically redacted
/// tracing::info!("Starting application");
/// ```
///
/// # Panics
///
/// Panics if called more than once (tracing can only be initialized once per process)
pub fn init_tracing() {
    let filter = EnvFilter::try_from_default_env().unwrap_or_else(|_| EnvFilter::new("info"));

    // Create a formatter that writes to a sanitizing writer
    let fmt_layer = fmt::layer()
        .with_target(true)
        .with_thread_ids(false)
        .with_thread_names(false)
        .with_file(true)
        .with_line_number(true)
        .with_writer(tracing_sanitizer::SanitizingMakeWriter::new());

    tracing_subscriber::registry()
        .with(filter)
        .with(fmt_layer)
        .init();
}

/// Initialize tracing with JSON output for structured logging
///
/// Useful for production environments where logs are shipped to aggregation systems
/// like DataDog, Splunk, or ELK. All output is still sanitized.
///
/// # Examples
///
/// ```no_run
/// use github_app::init_tracing_json;
///
/// init_tracing_json();
/// tracing::info!(user = "alice", "User logged in");
/// ```
pub fn init_tracing_json() {
    let filter = EnvFilter::try_from_default_env().unwrap_or_else(|_| EnvFilter::new("info"));

    let fmt_layer = fmt::layer()
        .json()
        .with_target(true)
        .with_file(true)
        .with_line_number(true)
        .with_writer(tracing_sanitizer::SanitizingMakeWriter::new());

    tracing_subscriber::registry()
        .with(filter)
        .with(fmt_layer)
        .init();
}