[web-console] Add Scarf Pixel to track OSS usage #5486
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds Scarf.sh tracking to monitor Open Source deployments of the Feldera web console, helping understand deployment patterns and version adoption in the wild.
Changes:
- Adds build source tracking (
civssource) through environment variables and API configuration - Implements Scarf tracking pixel in web console that loads only for Open Source edition deployments
- Updates OpenAPI schema and TypeScript types to include
build_sourcefield in Configuration
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| openapi.json | Adds build_source field to Configuration schema with description |
| js-packages/web-console/src/routes/+layout.svelte | Implements Scarf tracking pixel with conditional rendering for OSS deployments |
| js-packages/web-console/src/lib/services/manager/types.gen.ts | Generated TypeScript types including build_source and other API changes |
| js-packages/web-console/src/lib/services/manager/sdk.gen.ts | Generated SDK code for new API endpoints |
| crates/pipeline-manager/src/api/endpoints/config.rs | Adds build_source field to Configuration struct |
| crates/pipeline-manager/build.rs | Captures FELDERA_BUILD_SOURCE environment variable during build |
| .github/workflows/build-rust.yml | Sets FELDERA_BUILD_SOURCE=ci for GitHub Actions builds |
| const shouldTrack = $derived( | ||
| browser && page.data.feldera?.config?.edition === 'Open source' | ||
| ) | ||
| const scarfTrackingUrl = $derived( | ||
| shouldTrack | ||
| ? `https://static.scarf.sh/a.png?x-pxid=c5e8a21a-5f5a-424d-81c4-5ded97174900&version=${encodeURIComponent(page.data.feldera!.config!.version)}&build_source=${encodeURIComponent(page.data.feldera!.config!.build_source)}` |
There was a problem hiding this comment.
The hardcoded pixel ID and URL construction makes this difficult to maintain or test. Consider extracting the pixel ID and base URL as named constants at the module level.
| const shouldTrack = $derived( | |
| browser && page.data.feldera?.config?.edition === 'Open source' | |
| ) | |
| const scarfTrackingUrl = $derived( | |
| shouldTrack | |
| ? `https://static.scarf.sh/a.png?x-pxid=c5e8a21a-5f5a-424d-81c4-5ded97174900&version=${encodeURIComponent(page.data.feldera!.config!.version)}&build_source=${encodeURIComponent(page.data.feldera!.config!.build_source)}` | |
| const SCARF_BASE_URL = 'https://static.scarf.sh/a.png' | |
| const SCARF_PIXEL_ID = 'c5e8a21a-5f5a-424d-81c4-5ded97174900' | |
| const shouldTrack = $derived( | |
| browser && page.data.feldera?.config?.edition === 'Open source' | |
| ) | |
| const scarfTrackingUrl = $derived( | |
| shouldTrack | |
| ? `${SCARF_BASE_URL}?x-pxid=${SCARF_PIXEL_ID}&version=${encodeURIComponent(page.data.feldera!.config!.version)}&build_source=${encodeURIComponent(page.data.feldera!.config!.build_source)}` |
There was a problem hiding this comment.
if you do extract them, maybe create a function that generates the URL too
Is there a spec of the shape of the URL?
There was a problem hiding this comment.
Past the HTTP origin and the x-pxid query parameter there is no fixed spec. The $derived syntax already defines an expression that get's re-evaluated as needed, so I'll just separate the scarfPixelId as a constant
| const scarfTrackingUrl = $derived( | ||
| shouldTrack | ||
| ? `https://static.scarf.sh/a.png?x-pxid=c5e8a21a-5f5a-424d-81c4-5ded97174900&version=${encodeURIComponent(page.data.feldera!.config!.version)}&build_source=${encodeURIComponent(page.data.feldera!.config!.build_source)}` | ||
| : '' | ||
| ) | ||
|
|
There was a problem hiding this comment.
Non-null assertions (!) used on nested optional properties could cause runtime errors if the data structure is incomplete. While shouldTrack checks for the parent object, it doesn't verify that version and build_source exist before accessing them.
| const scarfTrackingUrl = $derived( | |
| shouldTrack | |
| ? `https://static.scarf.sh/a.png?x-pxid=c5e8a21a-5f5a-424d-81c4-5ded97174900&version=${encodeURIComponent(page.data.feldera!.config!.version)}&build_source=${encodeURIComponent(page.data.feldera!.config!.build_source)}` | |
| : '' | |
| ) | |
| let scarfTrackingUrl = '' | |
| $: { | |
| const version = page.data.feldera?.config?.version | |
| const buildSource = page.data.feldera?.config?.build_source | |
| if (shouldTrack && version && buildSource) { | |
| scarfTrackingUrl = `https://static.scarf.sh/a.png?x-pxid=c5e8a21a-5f5a-424d-81c4-5ded97174900&version=${encodeURIComponent( | |
| version | |
| )}&build_source=${encodeURIComponent(buildSource)}` | |
| } else { | |
| scarfTrackingUrl = '' | |
| } | |
| } |
.github/workflows/build-rust.yml
Outdated
| CARGO_FLAGS: "--release --locked --all-targets" | ||
| CARGO_FEATURES_BASE: "pubsub-emulator-test,iceberg-tests-fs,iceberg-tests-glue" | ||
| FELDERA_PLATFORM_VERSION_SUFFIX: ${{ github.sha }} | ||
| FELDERA_BUILD_SOURCE: ci |
There was a problem hiding this comment.
I interpreted this name as an imperative to build the sources
But maybe you want to use a name like "BUILD_ORIGIN"
| println!("cargo:rerun-if-env-changed=FELDERA_PLATFORM_VERSION_SUFFIX"); | ||
| println!("cargo:rustc-env=FELDERA_PLATFORM_VERSION_SUFFIX={platform_version_suffix}"); | ||
|
|
||
| // Capture build source (ci vs source) |
There was a problem hiding this comment.
what does the second "source" mean?
There was a problem hiding this comment.
As in, built locally from source
| ...options | ||
| }) | ||
|
|
||
| /** |
There was a problem hiding this comment.
I understand that this is generated code which does not need to be reviewed
There was a problem hiding this comment.
Yes, from the OpenAPI spec
| }, | ||
| "build_source": { | ||
| "type": "string", | ||
| "description": "Build source: \"ci\" for GitHub Actions builds, \"source\" for local builds" |
There was a problem hiding this comment.
what does "local" really mean?
can people fake this?
There was a problem hiding this comment.
Yes, easily, but I don't think that's a concern for us. Since the tracking pixel has all public info and is distributed in the app sources everything about it can be manipulated anyway
|
|
||
| // Scarf.sh tracking for OSS deployments | ||
| // Only track Open source edition (excludes Enterprise builds) | ||
| const shouldTrack = $derived( |
There was a problem hiding this comment.
people can easily change this. So I think it should be documented somewhere; you may need consent in places like EU perhaps anyway. Maybe you can document it in the README on github at least, but we should find out whether we need to do more to disclose this.
There was a problem hiding this comment.
Lalith said the privacy notice on the main website is enough
There was a problem hiding this comment.
I suggest keeping an opt out environment variable.
| const shouldTrack = $derived( | ||
| browser && page.data.feldera?.config?.edition === 'Open source' | ||
| ) | ||
| const scarfTrackingUrl = $derived( | ||
| shouldTrack | ||
| ? `https://static.scarf.sh/a.png?x-pxid=c5e8a21a-5f5a-424d-81c4-5ded97174900&version=${encodeURIComponent(page.data.feldera!.config!.version)}&build_source=${encodeURIComponent(page.data.feldera!.config!.build_source)}` |
There was a problem hiding this comment.
if you do extract them, maybe create a function that generates the URL too
Is there a spec of the shape of the URL?
3e23218 to
514a837
Compare
Signed-off-by: Karakatiza666 <[email protected]>
Add Scarf.sh Tracking for OSS Deployments
This PR adds lightweight usage tracking to help us understand how Feldera OSS is being deployed in the wild.
What Gets Tracked by Scarf
When users access the web-console in an Open Source deployment, a tracking pixel loads with two metadata fields:
What Doesn't Get Tracked
Why This Matters
This helps us answer important questions about the OSS community:
Privacy
The tracking pixel is visible in browser network requests and can be blocked by browser extensions or network policies. Geographic data is aggregated at the country/region level. We only see deployment patterns, not individual users or detailed usage behavior.