aboutsummaryrefslogtreecommitdiff
path: root/mod/mod-ci-github.cxx
diff options
context:
space:
mode:
Diffstat (limited to 'mod/mod-ci-github.cxx')
-rw-r--r--mod/mod-ci-github.cxx174
1 files changed, 87 insertions, 87 deletions
diff --git a/mod/mod-ci-github.cxx b/mod/mod-ci-github.cxx
index 2d351f4..13e6d32 100644
--- a/mod/mod-ci-github.cxx
+++ b/mod/mod-ci-github.cxx
@@ -371,111 +371,111 @@ handle (request& rq, response& rs)
// is that we want be "notified" of new actions at which point we can decide
// whether to ignore them or to handle.
//
- try
+ if (event == "check_suite")
{
- if (event == "check_suite")
+ check_suite_event cs;
+ try
{
json::parser p (rq.content (64 * 1024), "check_suite webhook");
- check_suite_event cs (p);
+ cs = check_suite_event (p);
+ }
+ catch (const json::invalid_json_input& e)
+ {
+ // @@ TODO: should we write more detailed diagnostics to log? Maybe we
+ // should do this for all unsuccessful calls to respond().
+ //
+ // Note: these exceptions end up in the apache error log.
+ //
+ // @@ TMP Actually I was wrong, these do not end up in any logs. Pretty
+ // sure I saw them go there but they're definitely not anymore.
+ //
+ throw invalid_request (400, "malformed JSON in request body");
+ }
+
+ // @@ TODO: log and ignore unknown.
+ //
+ if (cs.action == "requested")
+ {
+ }
+ else if (cs.action == "rerequested")
+ {
+ // Someone manually requested to re-run the check runs in this check
+ // suite.
+ }
+ else if (cs.action == "completed")
+ {
+ // GitHub thinks that "all the check runs in this check suite have
+ // completed and a conclusion is available". Looks like this one we
+ // ignore?
+ }
+ else
+ throw invalid_request (400, "unsupported action: " + cs.action);
+
+ cout << "<check_suite webhook>" << endl << cs << endl;
- // @@ TODO: log and ignore unknown.
+ string jwt;
+ try
+ {
+ // Set token's "issued at" time 60 seconds in the past to combat clock
+ // drift (as recommended by GitHub).
//
- if (cs.action == "requested")
- {
- }
- else if (cs.action == "rerequested")
- {
- // Someone manually requested to re-run the check runs in this check
- // suite.
- }
- else if (cs.action == "completed")
- {
- // GitHub thinks that "all the check runs in this check suite have
- // completed and a conclusion is available". Looks like this one we
- // ignore?
- }
- else
- throw invalid_request (400, "unsupported action: " + cs.action);
+ jwt = gen_jwt (
+ *options_,
+ options_->ci_github_app_private_key (),
+ to_string (options_->ci_github_app_id ()),
+ chrono::minutes (options_->ci_github_jwt_validity_period ()),
+ chrono::seconds (60));
+
+ cout << "JWT: " << jwt << endl;
+ }
+ catch (const system_error& e)
+ {
+ fail << "unable to generate JWT: [" << e.code () << "] " << e.what ();
+ }
- cout << "<check_suite webhook>" << endl << cs << endl;
+ // Authenticate to GitHub as an app installation.
+ //
+ installation_access_token iat;
+ try
+ {
+ // API endpoint.
+ //
+ string ep ("app/installations/" + to_string (cs.installation.id) +
+ "/access_tokens");
- string jwt;
- try
- {
- // Set token's "issued at" time 60 seconds in the past to combat clock
- // drift (as recommended by GitHub).
- //
- jwt = gen_jwt (
- *options_,
- options_->ci_github_app_private_key (),
- to_string (options_->ci_github_app_id ()),
- chrono::minutes (options_->ci_github_jwt_validity_period ()),
- chrono::seconds (60));
-
- cout << "JWT: " << jwt << endl;
- }
- catch (const system_error& e)
- {
- fail << "unable to generate JWT: [" << e.code () << "] " << e.what ();
- }
+ int sc (github_post (iat, ep, strings {"Authorization: Bearer " + jwt}));
- // Authenticate to GitHub as an app installation.
+ // Possible response status codes from the access_tokens endpoint:
//
- installation_access_token iat;
- try
- {
- // API endpoint.
- //
- string ep ("app/installations/" + to_string (cs.installation.id) +
- "/access_tokens");
-
- int sc (
- github_post (iat, ep, strings {"Authorization: Bearer " + jwt}));
-
- // Possible response status codes from the access_tokens endpoint:
- //
- // 201 Created
- // 401 Requires authentication
- // 403 Forbidden
- // 404 Resource not found
- // 422 Validation failed, or the endpoint has been spammed.
- //
- if (sc != 201)
- {
- throw runtime_error ("error status code received from GitHub: " +
- to_string (sc));
- }
- }
- catch (const system_error& e)
+ // 201 Created
+ // 401 Requires authentication
+ // 403 Forbidden
+ // 404 Resource not found
+ // 422 Validation failed, or the endpoint has been spammed.
+ //
+ if (sc != 201)
{
- fail << "unable to get installation access token: [" << e.code ()
- << "] " << e.what ();
+ throw runtime_error ("error status code received from GitHub: " +
+ to_string (sc));
}
-
- cout << "<installation_access_token>" << endl << iat << endl;
-
- return true;
}
- else if (event == "pull_request")
+ catch (const system_error& e)
{
- throw invalid_request (501, "pull request events not implemented yet");
+ fail << "unable to get installation access token: [" << e.code ()
+ << "] " << e.what ();
}
- else
- throw invalid_request (400, "unexpected event: '" + event + "'");
+
+ cout << "<installation_access_token>" << endl << iat << endl;
+
+ return true;
}
- catch (const json::invalid_json_input& e)
+ else if (event == "pull_request")
{
- // @@ TODO: should we write more detailed diagnostics to log? Maybe we
- // should do this for all unsuccessful calls to respond().
- //
- // Note: these exceptions end up in the apache error log.
- //
- // @@ TMP Actually I was wrong, these do not end up in any logs. Pretty
- // sure I saw them go there but they're definitely not anymore.
- //
- throw invalid_request (400, "malformed JSON in request body");
+ throw invalid_request (501, "pull request events not implemented yet");
}
+ else
+ throw invalid_request (400, "unexpected event: '" + event + "'");
}
using event = json::event;