diff options
author | Boris Kolpackov <boris@codesynthesis.com> | 2024-05-13 13:28:42 +0200 |
---|---|---|
committer | Francois Kritzinger <francois@codesynthesis.com> | 2024-06-05 09:12:46 +0200 |
commit | 33019784783be4a1e1e2be66139ff56201b5952d (patch) | |
tree | d5242cbd4ccb45366ec2b6fcc089ba2a27e54271 | |
parent | 75965979e68831b46cfde18a0aee51a7d63119e3 (diff) |
Review
-rw-r--r-- | etc/brep-module.conf | 5 | ||||
-rw-r--r-- | mod/mod-ci-github-service-data.cxx | 4 | ||||
-rw-r--r-- | mod/mod-ci-github.cxx | 18 | ||||
-rw-r--r-- | mod/module.cli | 5 |
4 files changed, 23 insertions, 9 deletions
diff --git a/etc/brep-module.conf b/etc/brep-module.conf index c1fd26b..dce7f9f 100644 --- a/etc/brep-module.conf +++ b/etc/brep-module.conf @@ -444,13 +444,14 @@ menu About=?about # ci-github-app-id -# The GitHub app's configured webhook secret. +# The GitHub App's configured webhook secret. If not set, then the GitHub CI +# service is disabled. # # ci-github-app-webhook-secret # The private key used during GitHub API authentication. Created in the GitHub -# app's settings. +# App's settings. # # ci-github-app-private-key diff --git a/mod/mod-ci-github-service-data.cxx b/mod/mod-ci-github-service-data.cxx index f1d5fd5..10de076 100644 --- a/mod/mod-ci-github-service-data.cxx +++ b/mod/mod-ci-github-service-data.cxx @@ -38,7 +38,7 @@ namespace brep installation_id = p.next_expect_member_number<uint64_t> ("installation_id"); - repository_node_id = p.next_expect_member_string ("repository_id"); + repository_node_id = p.next_expect_member_string ("repository_node_id"); head_sha = p.next_expect_member_string ("head_sha"); p.next_expect_member_array ("check_runs"); @@ -100,7 +100,7 @@ namespace brep s.end_object (); s.member ("installation_id", installation_id); - s.member ("repository_id", repository_node_id); + s.member ("repository_node_id", repository_node_id); s.member ("head_sha", head_sha); s.member_begin_array ("check_runs"); diff --git a/mod/mod-ci-github.cxx b/mod/mod-ci-github.cxx index a99e516..ce2e4ec 100644 --- a/mod/mod-ci-github.cxx +++ b/mod/mod-ci-github.cxx @@ -34,7 +34,7 @@ // // - Pull requests. Handle // -// - Choose strong webhook secret +// - Choose strong webhook secret (when deploying). // // - Check that delivery UUID has not been received before (replay attack). // @@ -115,6 +115,7 @@ namespace brep // string event; // Webhook event. string hmac; // Received HMAC. + try { bool content_type (false); @@ -181,6 +182,11 @@ namespace brep if (hmac.empty ()) throw invalid_request (400, "missing x-hub-signature-256 header"); } + catch (const invalid_request& e) + { + error << "request header error: " << e.content; + throw; + } // Read the entire request body into a buffer because we need to compute // an HMAC over it and then parse it as JSON. The alternative of reading @@ -535,7 +541,10 @@ namespace brep // warn << "check run " << bid << ": unexpected rebuild"; } - else {} // Ignore interrupted. + else + { + // Ignore interrupted. + } } else { @@ -678,7 +687,10 @@ namespace brep cr = move (*scr); cr->state_synced = false; } - else {} // Network error during queued notification, ignore. + else + { + // Network error during queued notification, ignore. + } } else warn << "check run " << bid << ": out of order building " diff --git a/mod/module.cli b/mod/module.cli index 3b47aec..2362811 100644 --- a/mod/module.cli +++ b/mod/module.cli @@ -833,14 +833,15 @@ namespace brep string ci-github-app-webhook-secret { "<secret>", - "The GitHub app's configured webhook secret." + "The GitHub App's configured webhook secret. If not set, then the + GitHub CI service is disabled." } path ci-github-app-private-key { "<path>", "The private key used during GitHub API authentication. Created in - the GitHub app's settings." + the GitHub App's settings." } uint16_t ci-github-jwt-validity-period = 600 |