diggerhq · motatoes · Jul 24, 2025 · Jul 23, 2025 · Jul 23, 2025 · Jul 24, 2025
diff --git a/backend/utils/github.go b/backend/utils/github.go
@@ -83,7 +83,11 @@ func (gh DiggerGithubRealClientProvider) Get(githubAppId int64, installationId i
 		return nil, nil, fmt.Errorf("error initialising git app token: %v\n", err)
 	}
 
-	ghClient, err := gh.NewClient(&net.Client{Transport: itr})
+	clientWithLogging := &net.Client{
+		Transport: &LoggingRoundTripper{Rt: itr},
+	}
+
+	ghClient, err := gh.NewClient(clientWithLogging)
 	if err != nil {
 		slog.Error("Failed to create GitHub client", "error", err)
 		return nil, nil, fmt.Errorf("error creating new client: %v", err)

diff --git a/backend/utils/trip_logger.go b/backend/utils/trip_logger.go
@@ -0,0 +1,40 @@
+package utils
+
+import (
+	"log/slog"
+	net "net/http"
+)
+
+type LoggingRoundTripper struct {
+	Rt net.RoundTripper
+}
+
+func (lrt *LoggingRoundTripper) RoundTrip(req *net.Request) (*net.Response, error) {
+	// Log the request
+	slog.Debug("GitHub API Request",
+		"method", req.Method,
+		"url_path", req.URL.Path,
+	)
-	slog.Debug("GitHub API Request",
-		"method", req.Method,
-		"url_path", req.URL.Path,
-	)
+	// Sanitize URL path to remove potentially sensitive information
+	sanitizedPath := sanitizeUrlPath(req.URL.Path)
+	slog.Debug("GitHub API Request",
+		"method", req.Method,
+		"url_path", sanitizedPath,
+	)
-	// Log the request
-	slog.Debug("GitHub API Request",
-		"method", req.Method,
-		"url_path", req.URL.Path,
-	)
+	// Log the request method only to avoid potential sensitive information leakage
+	slog.Debug("GitHub API Request",
+		"method", req.Method,
+	)
-	slog.Debug("GitHub API Request",
-		"method", req.Method,
-		"url_path", req.URL.Path,
-	)
+	// Sanitize URL path to remove potentially sensitive information
+	sanitizedPath := sanitizeUrlPath(req.URL.Path)
+	slog.Debug("GitHub API Request",
+		"method", req.Method,
+		"url_path", sanitizedPath,
+	)
-	// Log the request
-	slog.Debug("GitHub API Request",
-		"method", req.Method,
-		"url_path", req.URL.Path,
-	)
+	// Log the request method only to avoid potential sensitive information leakage
+	slog.Debug("GitHub API Request",
+		"method", req.Method,
+	)
+
+	resp, err := lrt.Rt.RoundTrip(req)
+	if err != nil {
+		slog.Error("GitHub API Request failed", "error", err)
+		return nil, err
+	}
+
+	slog.Debug("GitHub API Response",
+		"status", resp.Status,
+	)
+
+	if resp.Header != nil {
+		slog.Debug("GitHub API Rate Limits",
+			"X-RateLimit-Limit", resp.Header.Get("X-RateLimit-Limit"),
+			"X-RateLimit-Remaining", resp.Header.Get("X-RateLimit-Remaining"),
+			"X-RateLimit-Used", resp.Header.Get("X-RateLimit-Used"),
+			"X-RateLimit-Resource", resp.Header.Get("X-RateLimit-Resource"),
+			"X-RateLimit-Reset", resp.Header.Get("X-RateLimit-Reset"),
+		)
+	}
-	slog.Debug("GitHub API Response",
-		"status", resp.Status,
-	)
-	
-	if resp.Header != nil {
-		slog.Debug("GitHub API Rate Limits",
-			"X-RateLimit-Limit", resp.Header.Get("X-RateLimit-Limit"),
-			"X-RateLimit-Remaining", resp.Header.Get("X-RateLimit-Remaining"),
-			"X-RateLimit-Used", resp.Header.Get("X-RateLimit-Used"),
-			"X-RateLimit-Resource", resp.Header.Get("X-RateLimit-Resource"),
-			"X-RateLimit-Reset", resp.Header.Get("X-RateLimit-Reset"),
-		)
-	}
+	slog.Debug("GitHub API Response",
+		"status", resp.Status,
+	)
+	
+	if resp.Header != nil {
+		slog.Debug("GitHub API Rate Limits",
+			"X-RateLimit-Limit", resp.Header.Get("X-RateLimit-Limit"),
+			"X-RateLimit-Remaining", resp.Header.Get("X-RateLimit-Remaining"),
+			"X-RateLimit-Used", resp.Header.Get("X-RateLimit-Used"),
+			"X-RateLimit-Resource", resp.Header.Get("X-RateLimit-Resource"),
+			"X-RateLimit-Reset", resp.Header.Get("X-RateLimit-Reset"),
+		)
+	}
+	
+	// Log response body for non-2xx status codes to aid debugging
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		body, err := net.ReadAll(resp.Body)
+		if err != nil {
+			slog.Error("Failed to read error response body", "error", err)
+		} else {
+			// We need to restore the response body for downstream consumers
+			resp.Body = net.NopCloser(bytes.NewBuffer(body))
+			slog.Error("GitHub API Error Response",
+				"status", resp.Status,
+				"body", string(body),
+			)
+		}
+	}
-	slog.Debug("GitHub API Response",
-		"status", resp.Status,
-	)
-	
-	if resp.Header != nil {
-		slog.Debug("GitHub API Rate Limits",
-			"X-RateLimit-Limit", resp.Header.Get("X-RateLimit-Limit"),
-			"X-RateLimit-Remaining", resp.Header.Get("X-RateLimit-Remaining"),
-			"X-RateLimit-Used", resp.Header.Get("X-RateLimit-Used"),
-			"X-RateLimit-Resource", resp.Header.Get("X-RateLimit-Resource"),
-			"X-RateLimit-Reset", resp.Header.Get("X-RateLimit-Reset"),
-		)
-	}
+	slog.Debug("GitHub API Response",
+		"status", resp.Status,
+	)
+	
+	if resp.Header != nil {
+		slog.Debug("GitHub API Rate Limits",
+			"X-RateLimit-Limit", resp.Header.Get("X-RateLimit-Limit"),
+			"X-RateLimit-Remaining", resp.Header.Get("X-RateLimit-Remaining"),
+			"X-RateLimit-Used", resp.Header.Get("X-RateLimit-Used"),
+			"X-RateLimit-Resource", resp.Header.Get("X-RateLimit-Resource"),
+			"X-RateLimit-Reset", resp.Header.Get("X-RateLimit-Reset"),
+		)
+	}
+	
+	// Log response body for non-2xx status codes to aid debugging
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		body, err := net.ReadAll(resp.Body)
+		if err != nil {
+			slog.Error("Failed to read error response body", "error", err)
+		} else {
+			// We need to restore the response body for downstream consumers
+			resp.Body = net.NopCloser(bytes.NewBuffer(body))
+			slog.Error("GitHub API Error Response",
+				"status", resp.Status,
+				"body", string(body),
+			)
+		}
+	}
+
+	return resp, nil
+}
diff --git a/ee/backend/providers/github/providers.go b/ee/backend/providers/github/providers.go
@@ -80,7 +80,11 @@ func (gh DiggerGithubEEClientProvider) Get(githubAppId int64, installationId int
 		return nil, nil, fmt.Errorf("error initialising git app token: %v\n", err)
 	}
 
-	ghClient, err := gh.NewClient(&net.Client{Transport: itr})
+	clientWithLogging := &net.Client{
+		Transport: &utils.LoggingRoundTripper{Rt: itr},
+	}
+
+	ghClient, err := gh.NewClient(clientWithLogging)
 	if err != nil {
 		return nil, nil, fmt.Errorf("could not get digger client: %v", err)
 	}