github_webhook 1.0.5 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/workflows/ruby.yml +24 -0
- data/.gitignore +2 -0
- data/.ruby-version +1 -0
- data/Appraisals +15 -0
- data/Gemfile +2 -0
- data/README.md +17 -3
- data/Rakefile +3 -0
- data/gemfiles/rails_4.2.gemfile +7 -0
- data/gemfiles/rails_5.0.gemfile +7 -0
- data/gemfiles/rails_5.1.gemfile +7 -0
- data/github_webhook.gemspec +4 -4
- data/lib/github_webhook/processor.rb +34 -24
- data/lib/github_webhook/railtie.rb +9 -0
- data/lib/github_webhook/version.rb +1 -1
- data/lib/github_webhook.rb +8 -1
- data/spec/github_webhook/processor_spec.rb +31 -7
- data/spec/spec_helper.rb +2 -2
- metadata +24 -20
- data/.travis.yml +0 -8
- data/Gemfile.lock +0 -54
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: eeb186a10b99f572358acea6a3cba8678fb064b203a98afda9f07bab407b9e24
|
4
|
+
data.tar.gz: 8393af3c4ff44abf949488732113c200110dfe040886e17bda22c5ba18f33e9c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: adbcecc3754189f8c73d68839ae8b4a3e48b1711e81b7d6ce95a74011a9e5212412dd4aeaa3dad86c435435063f3e2f3f665fa96294251b5550e11cf794400ad
|
7
|
+
data.tar.gz: 5b65bba2ee6a2ddc1b3f61ad05db8a635e6456f18cbc541fb9370e26c90f44ffacf9b796c02c9fd77ff3cb4ec4cff1533d5acadcd0e2a7e764ff3886824a5e83
|
@@ -0,0 +1,24 @@
|
|
1
|
+
name: Ruby
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
branches: [ master ]
|
6
|
+
pull_request:
|
7
|
+
branches: [ master ]
|
8
|
+
|
9
|
+
jobs:
|
10
|
+
build:
|
11
|
+
|
12
|
+
runs-on: ubuntu-latest
|
13
|
+
|
14
|
+
steps:
|
15
|
+
- uses: actions/checkout@v2
|
16
|
+
- name: Set up Ruby 2.7
|
17
|
+
uses: actions/setup-ruby@v1
|
18
|
+
with:
|
19
|
+
ruby-version: 2.7.x
|
20
|
+
- name: Build and test with Rake
|
21
|
+
run: |
|
22
|
+
gem install bundler
|
23
|
+
bundle install --jobs 4 --retry 3
|
24
|
+
bundle exec rake
|
data/.gitignore
CHANGED
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
2.7.4
|
data/Appraisals
ADDED
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -1,5 +1,3 @@
|
|
1
|
-
[![Build Status](https://travis-ci.org/ssaunier/github_webhook.svg?branch=master)](https://travis-ci.org/ssaunier/github_webhook)
|
2
|
-
[![Code Climate](https://codeclimate.com/github/ssaunier/github_webhook/badges/gpa.svg)](https://codeclimate.com/github/ssaunier/github_webhook)
|
3
1
|
[![Gem Version](https://badge.fury.io/rb/github_webhook.svg)](http://badge.fury.io/rb/github_webhook)
|
4
2
|
|
5
3
|
|
@@ -13,7 +11,7 @@ to a [GitHub webhook](https://developer.github.com/webhooks/)
|
|
13
11
|
Add this line to your application's Gemfile:
|
14
12
|
|
15
13
|
```ruby
|
16
|
-
gem 'github_webhook', '~> 1.
|
14
|
+
gem 'github_webhook', '~> 1.2'
|
17
15
|
```
|
18
16
|
|
19
17
|
And then execute:
|
@@ -46,6 +44,8 @@ class GithubWebhooksController < ActionController::Base
|
|
46
44
|
# TODO: handle create webhook
|
47
45
|
end
|
48
46
|
|
47
|
+
private
|
48
|
+
|
49
49
|
def webhook_secret(payload)
|
50
50
|
ENV['GITHUB_WEBHOOK_SECRET']
|
51
51
|
end
|
@@ -91,3 +91,17 @@ You can have an overview of your webhooks at the following URL:
|
|
91
91
|
```
|
92
92
|
https://github.com/:username/:repo/settings/hooks
|
93
93
|
```
|
94
|
+
|
95
|
+
## Contributing
|
96
|
+
|
97
|
+
### Specs
|
98
|
+
|
99
|
+
This project uses [Appraisal](https://github.com/thoughtbot/appraisal) to test against multiple
|
100
|
+
versions of Rails.
|
101
|
+
|
102
|
+
On Travis, builds are also run on multiple versions of Ruby, each with multiple versions of Rails.
|
103
|
+
|
104
|
+
When you run `bundle install`, it will use the latest version of Rails.
|
105
|
+
You can then run `bundle exec rake spec` to run the test with that version of Rails.
|
106
|
+
|
107
|
+
To run the specs against each version of Rails, use `bundle exec appraisal rake spec`.
|
data/Rakefile
CHANGED
data/github_webhook.gemspec
CHANGED
@@ -20,9 +20,9 @@ Gem::Specification.new do |spec|
|
|
20
20
|
|
21
21
|
spec.add_dependency "rack", ">= 1.3"
|
22
22
|
spec.add_dependency "activesupport", ">= 4"
|
23
|
+
spec.add_dependency "railties", ">= 4"
|
23
24
|
|
24
|
-
spec.add_development_dependency "
|
25
|
-
spec.add_development_dependency "
|
26
|
-
spec.add_development_dependency "
|
27
|
-
spec.add_development_dependency "codeclimate-test-reporter"
|
25
|
+
spec.add_development_dependency "rake", "~> 12.3"
|
26
|
+
spec.add_development_dependency "rspec", "~> 3.9"
|
27
|
+
spec.add_development_dependency "appraisal"
|
28
28
|
end
|
@@ -13,58 +13,65 @@ module GithubWebhook::Processor
|
|
13
13
|
|
14
14
|
# To fetch list from https://developer.github.com/v3/activity/events/types
|
15
15
|
# run this little JS code in the console:
|
16
|
-
#
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
# });
|
22
|
-
# console.log(events);
|
23
|
-
GITHUB_EVENTS_WHITELIST = %w(
|
16
|
+
# document.querySelectorAll('.list-style-none li.lh-condensed a').forEach(e => console.log(e.text))
|
17
|
+
GITHUB_EVENTS = %w(
|
18
|
+
check_run
|
19
|
+
check_suite
|
20
|
+
code_scanning_alert
|
24
21
|
commit_comment
|
22
|
+
content_reference
|
25
23
|
create
|
26
24
|
delete
|
25
|
+
deploy_key
|
27
26
|
deployment
|
28
27
|
deployment_status
|
29
|
-
|
30
|
-
|
28
|
+
discussion
|
29
|
+
discussion_comment
|
31
30
|
fork
|
32
|
-
|
33
|
-
gist
|
31
|
+
github_app_authorization
|
34
32
|
gollum
|
35
33
|
installation
|
36
34
|
installation_repositories
|
37
|
-
integration_installation
|
38
|
-
integration_installation_repositories
|
39
|
-
issues
|
40
35
|
issue_comment
|
36
|
+
issues
|
41
37
|
label
|
42
38
|
marketplace_purchase
|
43
39
|
member
|
44
40
|
membership
|
41
|
+
meta
|
45
42
|
milestone
|
46
43
|
organization
|
47
44
|
org_block
|
45
|
+
package
|
48
46
|
page_build
|
49
47
|
ping
|
50
|
-
project
|
51
48
|
project_card
|
52
49
|
project_column
|
50
|
+
project
|
53
51
|
public
|
54
52
|
pull_request
|
55
53
|
pull_request_review
|
56
54
|
pull_request_review_comment
|
57
55
|
push
|
58
56
|
release
|
57
|
+
repository_dispatch
|
59
58
|
repository
|
59
|
+
repository_import
|
60
|
+
repository_vulnerability_alert
|
61
|
+
secret_scanning_alert
|
62
|
+
security_advisory
|
63
|
+
sponsorship
|
64
|
+
star
|
60
65
|
status
|
61
66
|
team
|
62
67
|
team_add
|
63
68
|
watch
|
69
|
+
workflow_dispatch
|
70
|
+
workflow_run
|
64
71
|
)
|
65
72
|
|
66
73
|
def create
|
67
|
-
if self.respond_to?
|
74
|
+
if self.respond_to?(event_method, true)
|
68
75
|
self.send event_method, json_body
|
69
76
|
head(:ok)
|
70
77
|
else
|
@@ -73,7 +80,8 @@ module GithubWebhook::Processor
|
|
73
80
|
end
|
74
81
|
|
75
82
|
def github_ping(payload)
|
76
|
-
|
83
|
+
GithubWebhook.logger && GithubWebhook.logger.info("[GithubWebhook::Processor] Hook ping "\
|
84
|
+
"received, hook_id: #{payload[:hook_id]}, #{payload[:zen]}")
|
77
85
|
end
|
78
86
|
|
79
87
|
private
|
@@ -81,18 +89,20 @@ module GithubWebhook::Processor
|
|
81
89
|
HMAC_DIGEST = OpenSSL::Digest.new('sha1')
|
82
90
|
|
83
91
|
def authenticate_github_request!
|
84
|
-
raise UnspecifiedWebhookSecretError.new unless respond_to?(:webhook_secret)
|
92
|
+
raise UnspecifiedWebhookSecretError.new unless respond_to?(:webhook_secret, true)
|
85
93
|
secret = webhook_secret(json_body)
|
86
94
|
|
87
95
|
expected_signature = "sha1=#{OpenSSL::HMAC.hexdigest(HMAC_DIGEST, secret, request_body)}"
|
88
|
-
|
89
|
-
|
96
|
+
unless ActiveSupport::SecurityUtils.secure_compare(signature_header, expected_signature)
|
97
|
+
GithubWebhook.logger && GithubWebhook.logger.warn("[GithubWebhook::Processor] signature "\
|
98
|
+
"invalid, actual: #{signature_header}, expected: #{expected_signature}")
|
99
|
+
raise SignatureError
|
90
100
|
end
|
91
101
|
end
|
92
102
|
|
93
103
|
def check_github_event!
|
94
|
-
unless
|
95
|
-
raise UnsupportedGithubEventError.new("#{request.headers['X-GitHub-Event']} is not a
|
104
|
+
unless GITHUB_EVENTS.include?(request.headers['X-GitHub-Event'])
|
105
|
+
raise UnsupportedGithubEventError.new("#{request.headers['X-GitHub-Event']} is not a whitelisted GitHub event. See https://developer.github.com/v3/activity/events/types/")
|
96
106
|
end
|
97
107
|
end
|
98
108
|
|
@@ -114,7 +124,7 @@ module GithubWebhook::Processor
|
|
114
124
|
payload = request_body
|
115
125
|
else
|
116
126
|
raise UnsupportedContentTypeError.new(
|
117
|
-
"Content-Type #{content_type} is not supported. Use 'application/x-www-form-urlencoded' or 'application
|
127
|
+
"Content-Type #{content_type} is not supported. Use 'application/x-www-form-urlencoded' or 'application/json")
|
118
128
|
end
|
119
129
|
ActiveSupport::HashWithIndifferentAccess.new(JSON.load(payload))
|
120
130
|
)
|
data/lib/github_webhook.rb
CHANGED
@@ -4,4 +4,11 @@ require 'active_support/concern'
|
|
4
4
|
require 'active_support/core_ext/hash/indifferent_access'
|
5
5
|
|
6
6
|
require 'github_webhook/version'
|
7
|
-
require 'github_webhook/processor'
|
7
|
+
require 'github_webhook/processor'
|
8
|
+
require 'github_webhook/railtie'
|
9
|
+
|
10
|
+
module GithubWebhook
|
11
|
+
class <<self
|
12
|
+
attr_accessor :logger
|
13
|
+
end
|
14
|
+
end
|
@@ -28,25 +28,49 @@ module GithubWebhook
|
|
28
28
|
end
|
29
29
|
end
|
30
30
|
|
31
|
+
class ControllerWithPrivateSecret < ControllerWithoutSecret
|
32
|
+
private
|
33
|
+
def webhook_secret(payload)
|
34
|
+
"secret"
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
31
38
|
class Controller < ControllerWithoutSecret
|
32
39
|
def webhook_secret(payload)
|
33
40
|
"secret"
|
34
41
|
end
|
35
42
|
end
|
36
43
|
|
44
|
+
let(:controller_class) { Controller }
|
45
|
+
|
37
46
|
let(:controller) do
|
38
|
-
controller =
|
47
|
+
controller = controller_class.new
|
39
48
|
controller.request = Request.new
|
40
49
|
controller
|
41
50
|
end
|
42
51
|
|
43
|
-
let(:controller_without_secret) do
|
44
|
-
ControllerWithoutSecret.new
|
45
|
-
end
|
46
|
-
|
47
52
|
describe "#create" do
|
48
|
-
|
49
|
-
|
53
|
+
context 'when #webhook_secret is not defined' do
|
54
|
+
let(:controller_class) { ControllerWithoutSecret }
|
55
|
+
|
56
|
+
it "raises a Processor::UnspecifiedWebhookSecretError" do
|
57
|
+
expect { controller.send :authenticate_github_request! }
|
58
|
+
.to raise_error(Processor::UnspecifiedWebhookSecretError)
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
context 'when #webhook_secret is private' do
|
63
|
+
let(:controller_class) { ControllerWithPrivateSecret }
|
64
|
+
|
65
|
+
it "calls the #push method in controller" do
|
66
|
+
expect(controller).to receive(:github_push)
|
67
|
+
controller.request.body = StringIO.new({ :foo => "bar" }.to_json.to_s)
|
68
|
+
controller.request.headers['X-Hub-Signature'] = "sha1=52b582138706ac0c597c315cfc1a1bf177408a4d"
|
69
|
+
controller.request.headers['X-GitHub-Event'] = 'push'
|
70
|
+
controller.request.headers['Content-Type'] = 'application/json'
|
71
|
+
controller.send :authenticate_github_request! # Manually as we don't have the before_filter logic in our Mock object
|
72
|
+
controller.create
|
73
|
+
end
|
50
74
|
end
|
51
75
|
|
52
76
|
it "calls the #push method in controller (json)" do
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: github_webhook
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sebastien Saunier
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-08-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
@@ -39,49 +39,49 @@ dependencies:
|
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '4'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
|
-
name:
|
42
|
+
name: railties
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- - "
|
45
|
+
- - ">="
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: '
|
48
|
-
type: :
|
47
|
+
version: '4'
|
48
|
+
type: :runtime
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- - "
|
52
|
+
- - ">="
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: '
|
54
|
+
version: '4'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: rake
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: '
|
61
|
+
version: '12.3'
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version: '
|
68
|
+
version: '12.3'
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: rspec
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
73
|
- - "~>"
|
74
74
|
- !ruby/object:Gem::Version
|
75
|
-
version: '
|
75
|
+
version: '3.9'
|
76
76
|
type: :development
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
80
|
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version: '
|
82
|
+
version: '3.9'
|
83
83
|
- !ruby/object:Gem::Dependency
|
84
|
-
name:
|
84
|
+
name: appraisal
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
86
86
|
requirements:
|
87
87
|
- - ">="
|
@@ -101,16 +101,21 @@ executables: []
|
|
101
101
|
extensions: []
|
102
102
|
extra_rdoc_files: []
|
103
103
|
files:
|
104
|
+
- ".github/workflows/ruby.yml"
|
104
105
|
- ".gitignore"
|
105
|
-
- ".
|
106
|
+
- ".ruby-version"
|
107
|
+
- Appraisals
|
106
108
|
- Gemfile
|
107
|
-
- Gemfile.lock
|
108
109
|
- LICENSE.txt
|
109
110
|
- README.md
|
110
111
|
- Rakefile
|
112
|
+
- gemfiles/rails_4.2.gemfile
|
113
|
+
- gemfiles/rails_5.0.gemfile
|
114
|
+
- gemfiles/rails_5.1.gemfile
|
111
115
|
- github_webhook.gemspec
|
112
116
|
- lib/github_webhook.rb
|
113
117
|
- lib/github_webhook/processor.rb
|
118
|
+
- lib/github_webhook/railtie.rb
|
114
119
|
- lib/github_webhook/version.rb
|
115
120
|
- spec/github_webhook/processor_spec.rb
|
116
121
|
- spec/spec_helper.rb
|
@@ -118,7 +123,7 @@ homepage: https://github.com/ssaunier/github_webhook
|
|
118
123
|
licenses:
|
119
124
|
- MIT
|
120
125
|
metadata: {}
|
121
|
-
post_install_message:
|
126
|
+
post_install_message:
|
122
127
|
rdoc_options: []
|
123
128
|
require_paths:
|
124
129
|
- lib
|
@@ -133,9 +138,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
133
138
|
- !ruby/object:Gem::Version
|
134
139
|
version: '0'
|
135
140
|
requirements: []
|
136
|
-
|
137
|
-
|
138
|
-
signing_key:
|
141
|
+
rubygems_version: 3.1.6
|
142
|
+
signing_key:
|
139
143
|
specification_version: 4
|
140
144
|
summary: Process GitHub Webhooks in your Rails app (Controller mixin)
|
141
145
|
test_files:
|
data/.travis.yml
DELETED
data/Gemfile.lock
DELETED
@@ -1,54 +0,0 @@
|
|
1
|
-
PATH
|
2
|
-
remote: .
|
3
|
-
specs:
|
4
|
-
github_webhook (1.0.5)
|
5
|
-
activesupport (>= 4)
|
6
|
-
rack (>= 1.3)
|
7
|
-
|
8
|
-
GEM
|
9
|
-
remote: https://rubygems.org/
|
10
|
-
specs:
|
11
|
-
activesupport (5.1.2)
|
12
|
-
concurrent-ruby (~> 1.0, >= 1.0.2)
|
13
|
-
i18n (~> 0.7)
|
14
|
-
minitest (~> 5.1)
|
15
|
-
tzinfo (~> 1.1)
|
16
|
-
codeclimate-test-reporter (0.4.8)
|
17
|
-
simplecov (>= 0.7.1, < 1.0.0)
|
18
|
-
concurrent-ruby (1.0.5)
|
19
|
-
diff-lcs (1.2.5)
|
20
|
-
docile (1.1.5)
|
21
|
-
i18n (0.8.6)
|
22
|
-
json (1.8.6)
|
23
|
-
minitest (5.10.3)
|
24
|
-
rack (2.0.3)
|
25
|
-
rake (10.3.1)
|
26
|
-
rspec (2.14.1)
|
27
|
-
rspec-core (~> 2.14.0)
|
28
|
-
rspec-expectations (~> 2.14.0)
|
29
|
-
rspec-mocks (~> 2.14.0)
|
30
|
-
rspec-core (2.14.8)
|
31
|
-
rspec-expectations (2.14.5)
|
32
|
-
diff-lcs (>= 1.1.3, < 2.0)
|
33
|
-
rspec-mocks (2.14.6)
|
34
|
-
simplecov (0.11.2)
|
35
|
-
docile (~> 1.1.0)
|
36
|
-
json (~> 1.8)
|
37
|
-
simplecov-html (~> 0.10.0)
|
38
|
-
simplecov-html (0.10.0)
|
39
|
-
thread_safe (0.3.6)
|
40
|
-
tzinfo (1.2.3)
|
41
|
-
thread_safe (~> 0.1)
|
42
|
-
|
43
|
-
PLATFORMS
|
44
|
-
ruby
|
45
|
-
|
46
|
-
DEPENDENCIES
|
47
|
-
bundler (~> 1.5)
|
48
|
-
codeclimate-test-reporter
|
49
|
-
github_webhook!
|
50
|
-
rake (~> 10.1)
|
51
|
-
rspec (~> 2.14)
|
52
|
-
|
53
|
-
BUNDLED WITH
|
54
|
-
1.15.3
|