Refactored update-check notifications and added opt-out config#27877
Draft
rob-ghost wants to merge 1 commit into
Draft
Refactored update-check notifications and added opt-out config#27877rob-ghost wants to merge 1 commit into
rob-ghost wants to merge 1 commit into
Conversation
Contributor
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
github-actions
Bot
added
the
migration
rob-ghost
force-pushed
the
feat/ber-3651-ghsa-notifications
branch
from
f8fa616 to
be73213
Compare
When set to false, the update-check service still polls (so Ghost continues to receive telemetry on the install) but the response is not processed into notifications — no banner, no admin email. Future upstream feeds like GHSA will read the same key. If an operator wants the install to stay silent end-to-end, the existing privacy.useUpdateCheck=false combined with this new setting short-circuits the poll entirely: neither purpose remains. The gate composes with the existing privacy lever as two independent opt-outs, not a single switch — operators can disable just notifications, just telemetry, both, or neither.
rob-ghost
force-pushed
the
feat/operator-update-checks
branch
from
63dad01 to
c113035
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Operators have no way to disable update notifications today.
privacy.useUpdateCheck: falselooks like an off switch but only changes POST → GET — the poll still happens and the response still produces banners and admin emails. For managed hosts running Ghost on behalf of customers, that means customers receive banner notifications and emails about updates they have no power to action.Solution
A single new operator-facing config that gates notifications without sacrificing Ghost's telemetry data. The two concerns — "should Ghost phone home with usage stats?" and "should my admins/customers be informed about updates?" — are now independently controllable. Self-hoster defaults stay the same; managed hosts get the off switch they need.
The composition is two-knob, four-quadrant: default everything, telemetry only, notifications only, or neither (the last case short-circuits the poll entirely since there's no purpose left).
The same config will also gate the GHSA security advisory feed once that lands — operators get one decision to make, not two. If finer granularity is needed later (separate auto-update behaviour, per-feed control), the namespace accommodates it.
Stacking
Built on top of the notifications domain refactor in #27868. The base branch is set accordingly so the diff shows only this PR's changes.