aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBoris Kolpackov <boris@codesynthesis.com>2024-05-13 13:28:42 +0200
committerFrancois Kritzinger <francois@codesynthesis.com>2024-06-05 09:12:46 +0200
commit33019784783be4a1e1e2be66139ff56201b5952d (patch)
treed5242cbd4ccb45366ec2b6fcc089ba2a27e54271
parent75965979e68831b46cfde18a0aee51a7d63119e3 (diff)
Review
-rw-r--r--etc/brep-module.conf5
-rw-r--r--mod/mod-ci-github-service-data.cxx4
-rw-r--r--mod/mod-ci-github.cxx18
-rw-r--r--mod/module.cli5
4 files changed, 23 insertions, 9 deletions
diff --git a/etc/brep-module.conf b/etc/brep-module.conf
index c1fd26b..dce7f9f 100644
--- a/etc/brep-module.conf
+++ b/etc/brep-module.conf
@@ -444,13 +444,14 @@ menu About=?about
# ci-github-app-id
-# The GitHub app's configured webhook secret.
+# The GitHub App's configured webhook secret. If not set, then the GitHub CI
+# service is disabled.
#
# ci-github-app-webhook-secret
# The private key used during GitHub API authentication. Created in the GitHub
-# app's settings.
+# App's settings.
#
# ci-github-app-private-key
diff --git a/mod/mod-ci-github-service-data.cxx b/mod/mod-ci-github-service-data.cxx
index f1d5fd5..10de076 100644
--- a/mod/mod-ci-github-service-data.cxx
+++ b/mod/mod-ci-github-service-data.cxx
@@ -38,7 +38,7 @@ namespace brep
installation_id =
p.next_expect_member_number<uint64_t> ("installation_id");
- repository_node_id = p.next_expect_member_string ("repository_id");
+ repository_node_id = p.next_expect_member_string ("repository_node_id");
head_sha = p.next_expect_member_string ("head_sha");
p.next_expect_member_array ("check_runs");
@@ -100,7 +100,7 @@ namespace brep
s.end_object ();
s.member ("installation_id", installation_id);
- s.member ("repository_id", repository_node_id);
+ s.member ("repository_node_id", repository_node_id);
s.member ("head_sha", head_sha);
s.member_begin_array ("check_runs");
diff --git a/mod/mod-ci-github.cxx b/mod/mod-ci-github.cxx
index a99e516..ce2e4ec 100644
--- a/mod/mod-ci-github.cxx
+++ b/mod/mod-ci-github.cxx
@@ -34,7 +34,7 @@
//
// - Pull requests. Handle
//
-// - Choose strong webhook secret
+// - Choose strong webhook secret (when deploying).
//
// - Check that delivery UUID has not been received before (replay attack).
//
@@ -115,6 +115,7 @@ namespace brep
//
string event; // Webhook event.
string hmac; // Received HMAC.
+ try
{
bool content_type (false);
@@ -181,6 +182,11 @@ namespace brep
if (hmac.empty ())
throw invalid_request (400, "missing x-hub-signature-256 header");
}
+ catch (const invalid_request& e)
+ {
+ error << "request header error: " << e.content;
+ throw;
+ }
// Read the entire request body into a buffer because we need to compute
// an HMAC over it and then parse it as JSON. The alternative of reading
@@ -535,7 +541,10 @@ namespace brep
//
warn << "check run " << bid << ": unexpected rebuild";
}
- else {} // Ignore interrupted.
+ else
+ {
+ // Ignore interrupted.
+ }
}
else
{
@@ -678,7 +687,10 @@ namespace brep
cr = move (*scr);
cr->state_synced = false;
}
- else {} // Network error during queued notification, ignore.
+ else
+ {
+ // Network error during queued notification, ignore.
+ }
}
else
warn << "check run " << bid << ": out of order building "
diff --git a/mod/module.cli b/mod/module.cli
index 3b47aec..2362811 100644
--- a/mod/module.cli
+++ b/mod/module.cli
@@ -833,14 +833,15 @@ namespace brep
string ci-github-app-webhook-secret
{
"<secret>",
- "The GitHub app's configured webhook secret."
+ "The GitHub App's configured webhook secret. If not set, then the
+ GitHub CI service is disabled."
}
path ci-github-app-private-key
{
"<path>",
"The private key used during GitHub API authentication. Created in
- the GitHub app's settings."
+ the GitHub App's settings."
}
uint16_t ci-github-jwt-validity-period = 600