github_webhook 1.1.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 482d71a9312b1b80aeee8af5c230e80ca9b5cd15
-  data.tar.gz: 8e788b3145ab2874ff71f5a4fda3c2a8f89557a3
+SHA256:
+  metadata.gz: 68085b2caf36fbd2af5d858a0fd98ce539d0c98a0c23b45e399eca378f17175b
+  data.tar.gz: 547ce4ef7686bb5a886a03e2f7c550a8602729608302aa1f9daeaacee9a26acd
 SHA512:
-  metadata.gz: cbe5e47e926c147748387234219b18a2b330b526f2f7804a5e8bb9d1fbe4ef16c978a72437525bdbfbdcd95f2f62901d5b7f26a4eb637721d734ac87c0a0b354
-  data.tar.gz: 8eda80c2a630d17eed37e66b8c15c30ae4eadf57d71430ba1ea1e3665d68c9514d39b8c75bcd1f4d8f8d86c0e550a53dd5bd1203f60438cd5759fffd2171e479
+  metadata.gz: e4cd1c3ff4f074510e1228e950b9d71d2e663869cb78e5f7f98cc0028d365ece7ddacd447c0bfd1525ed04739d3b156ffe1cc8f9fde12a865212ab379eed5252
+  data.tar.gz: 549b72dcc5a79abddbd693c1771c96f51a35a58dd53012240bad08164f5217f71c399d71ca4c4d30aff3d8047775907bb1132515601c6d0f0eea37bce4bff519

data/.github/workflows/ruby.yml

@@ -0,0 +1,24 @@
+name: Ruby
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby 2.7
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: 2.7.x
+    - name: Build and test with Rake
+      run: |
+        gem install bundler
+        bundle install --jobs 4 --retry 3
+        bundle exec rake

data/.gitignore

@@ -1,3 +1,5 @@
 .DS_Store
 *.gem
 coverage
+/Gemfile.lock
+/gemfiles/*.gemfile.lock

data/.ruby-version

@@ -1 +1 @@
-2.4.2
+2.7.4

data/Appraisals

@@ -0,0 +1,15 @@
+appraise "rails-4.2" do
+  gem "rails", "~> 4.2.0"
+end
+
+appraise "rails-5.0" do
+  gem "rails", "~> 5.0.0"
+end
+
+appraise "rails-5.1" do
+  gem "rails", "~> 5.1.0"
+end
+
+appraise "rails-6.0" do
+  gem "rails", "~> 6.0"
+end

data/Gemfile

@@ -2,3 +2,5 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in github_webhook.gemspec
 gemspec
+
+gem 'simplecov', require: false

data/README.md

@@ -1,19 +1,27 @@
-[![Build Status](https://travis-ci.org/ssaunier/github_webhook.svg?branch=master)](https://travis-ci.org/ssaunier/github_webhook)
-[![Code Climate](https://codeclimate.com/github/ssaunier/github_webhook/badges/gpa.svg)](https://codeclimate.com/github/ssaunier/github_webhook)
+
 [![Gem Version](https://badge.fury.io/rb/github_webhook.svg)](http://badge.fury.io/rb/github_webhook)
 
 
-# GithubWebhook
+# Github Webhook for Rails
 
 This gem will help you to quickly setup a route in your Rails application which listens
 to a [GitHub webhook](https://developer.github.com/webhooks/)
 
+## Alternatives
+
+If you want to use this logic outside of Rails, you should consider the following gems (cf [#19](https://github.com/ssaunier/github_webhook/issues/19)):
+
+- [`sinatra-github_webhooks`](https://github.com/chrismytton/sinatra-github_webhooks)
+- [`rack-github_webhooks`](https://github.com/chrismytton/rack-github_webhooks)
+
+If you are on Rails, please read on!
+
 ## Installation
 
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'github_webhook', '~> 1.1'
+gem 'github_webhook', '~> 1.2'
 ```
 
 And then execute:
@@ -93,3 +101,17 @@ You can have an overview of your webhooks at the following URL:
 ```
 https://github.com/:username/:repo/settings/hooks
 ```
+
+## Contributing
+
+### Specs
+
+This project uses [Appraisal](https://github.com/thoughtbot/appraisal) to test against multiple
+versions of Rails.
+
+On Travis, builds are also run on multiple versions of Ruby, each with multiple versions of Rails.
+
+When you run `bundle install`, it will use the latest version of Rails.
+You can then run `bundle exec rake spec` to run the test with that version of Rails.
+
+To run the specs against each version of Rails, use `bundle exec appraisal rake spec`.

data/Rakefile

@@ -1,4 +1,7 @@
 #!/usr/bin/env rake
+require "rubygems"
+require "bundler/setup"
+
 require "bundler/gem_tasks"
 
 require 'rspec'

data/gemfiles/rails_4.2.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 4.2.0"
+
+gemspec path: "../"

data/gemfiles/rails_5.0.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 5.0.0"
+
+gemspec path: "../"

data/gemfiles/rails_5.1.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 5.1.0"
+
+gemspec path: "../"

data/github_webhook.gemspec

@@ -22,8 +22,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "activesupport", ">= 4"
   spec.add_dependency "railties", ">= 4"
 
-  spec.add_development_dependency "bundler", "~> 1.5"
-  spec.add_development_dependency "rake", "~> 10.1"
-  spec.add_development_dependency "rspec", "~> 2.14"
-  spec.add_development_dependency "codeclimate-test-reporter"
+  spec.add_development_dependency "rake", "~> 12.3"
+  spec.add_development_dependency "rspec", "~> 3.9"
+  spec.add_development_dependency "appraisal"
 end

data/lib/github_webhook/processor.rb

@@ -13,54 +13,61 @@ module GithubWebhook::Processor
 
   # To fetch list from https://developer.github.com/v3/activity/events/types
   # run this little JS code in the console:
-  #   var events = "ping";
-  #   $('h3').each(function(i, item) {
-  #     if ($(item).text().match(/webhook event name/i)) {
-  #       events = events + ' ' + $(item).next('p').find('code').html();
-  #     }
-  #   });
-  #   console.log(events);
-  GITHUB_EVENTS_WHITELIST = %w(
+  #    document.querySelectorAll('.list-style-none li.lh-condensed a').forEach(e => console.log(e.text))
+  GITHUB_EVENTS = %w(
+    check_run
+    check_suite
+    code_scanning_alert
     commit_comment
+    content_reference
     create
     delete
+    deploy_key
     deployment
     deployment_status
-    download
-    follow
+    discussion
+    discussion_comment
     fork
-    fork_apply
-    gist
+    github_app_authorization
     gollum
     installation
     installation_repositories
-    integration_installation
-    integration_installation_repositories
-    issues
     issue_comment
+    issues
     label
     marketplace_purchase
     member
     membership
+    meta
     milestone
     organization
     org_block
+    package
     page_build
     ping
-    project
     project_card
     project_column
+    project
     public
     pull_request
     pull_request_review
     pull_request_review_comment
     push
     release
+    repository_dispatch
     repository
+    repository_import
+    repository_vulnerability_alert
+    secret_scanning_alert
+    security_advisory
+    sponsorship
+    star
     status
     team
     team_add
     watch
+    workflow_dispatch
+    workflow_run
   )
 
   def create
@@ -79,14 +86,14 @@ module GithubWebhook::Processor
 
   private
 
-  HMAC_DIGEST = OpenSSL::Digest.new('sha1')
+  HMAC_DIGEST = OpenSSL::Digest.new('sha256')
 
   def authenticate_github_request!
     raise UnspecifiedWebhookSecretError.new unless respond_to?(:webhook_secret, true)
     secret = webhook_secret(json_body)
 
-    expected_signature = "sha1=#{OpenSSL::HMAC.hexdigest(HMAC_DIGEST, secret, request_body)}"
-    if signature_header != expected_signature
+    expected_signature = "sha256=#{OpenSSL::HMAC.hexdigest(HMAC_DIGEST, secret, request_body)}"
+    unless ActiveSupport::SecurityUtils.secure_compare(signature_header, expected_signature)
       GithubWebhook.logger && GithubWebhook.logger.warn("[GithubWebhook::Processor] signature "\
         "invalid, actual: #{signature_header}, expected: #{expected_signature}")
       raise SignatureError
@@ -94,8 +101,8 @@ module GithubWebhook::Processor
   end
 
   def check_github_event!
-    unless GITHUB_EVENTS_WHITELIST.include?(request.headers['X-GitHub-Event'])
-      raise UnsupportedGithubEventError.new("#{request.headers['X-GitHub-Event']} is not a whiltelisted GitHub event. See https://developer.github.com/v3/activity/events/types/")
+    unless GITHUB_EVENTS.include?(request.headers['X-GitHub-Event'])
+      raise UnsupportedGithubEventError.new("#{request.headers['X-GitHub-Event']} is not a whitelisted GitHub event. See https://developer.github.com/v3/activity/events/types/")
     end
   end
 
@@ -117,14 +124,14 @@ module GithubWebhook::Processor
         payload = request_body
       else
         raise UnsupportedContentTypeError.new(
-          "Content-Type #{content_type} is not supported. Use 'application/x-www-form-urlencoded' or 'application.json")
+          "Content-Type #{content_type} is not supported. Use 'application/x-www-form-urlencoded' or 'application/json")
       end
       ActiveSupport::HashWithIndifferentAccess.new(JSON.load(payload))
     )
   end
 
   def signature_header
-    @signature_header ||= request.headers['X-Hub-Signature']
+    @signature_header ||= request.headers['X-Hub-Signature-256'] || ''
   end
 
   def event_method

data/lib/github_webhook/version.rb

@@ -1,3 +1,3 @@
 module GithubWebhook
-  VERSION = "1.1.0"
+  VERSION = "1.3.0"
 end

data/spec/github_webhook/processor_spec.rb

@@ -65,7 +65,7 @@ module GithubWebhook
         it "calls the #push method in controller" do
           expect(controller).to receive(:github_push)
           controller.request.body = StringIO.new({ :foo => "bar" }.to_json.to_s)
-          controller.request.headers['X-Hub-Signature'] = "sha1=52b582138706ac0c597c315cfc1a1bf177408a4d"
+          controller.request.headers['X-Hub-Signature-256'] = "sha256=3f3ab3986b656abb17af3eb1443ed6c08ef8fff9fea83915909d1b421aec89be"
           controller.request.headers['X-GitHub-Event'] = 'push'
           controller.request.headers['Content-Type'] = 'application/json'
           controller.send :authenticate_github_request!  # Manually as we don't have the before_filter logic in our Mock object
@@ -75,7 +75,7 @@ module GithubWebhook
 
       it "calls the #push method in controller (json)" do
         controller.request.body = StringIO.new({ :foo => "bar" }.to_json.to_s)
-        controller.request.headers['X-Hub-Signature'] = "sha1=52b582138706ac0c597c315cfc1a1bf177408a4d"
+        controller.request.headers['X-Hub-Signature-256'] = "sha256=3f3ab3986b656abb17af3eb1443ed6c08ef8fff9fea83915909d1b421aec89be"
         controller.request.headers['X-GitHub-Event'] = 'push'
         controller.request.headers['Content-Type'] = 'application/json'
         controller.send :authenticate_github_request!  # Manually as we don't have the before_action logic in our Mock object
@@ -86,7 +86,7 @@ module GithubWebhook
       it "calls the #push method (x-www-form-urlencoded encoded)" do
         body = "payload=" + CGI::escape({ :foo => "bar" }.to_json.to_s)
         controller.request.body = StringIO.new(body)
-        controller.request.headers['X-Hub-Signature'] = "sha1=6986874ecdf710b04de7ef5a040161d41687407a"
+        controller.request.headers['X-Hub-Signature-256'] = "sha256=cefe60b775fcb22483ceece8f20be4869868a20fb4aa79829e53c1de61b99d01"
         controller.request.headers['X-GitHub-Event'] = 'push'
         controller.request.headers['Content-Type'] = 'application/x-www-form-urlencoded'
         controller.send :authenticate_github_request!  # Manually as we don't have the before_action logic in our Mock object
@@ -96,7 +96,7 @@ module GithubWebhook
 
       it "raises an error when signature does not match" do
         controller.request.body = StringIO.new({ :foo => "bar" }.to_json.to_s)
-        controller.request.headers['X-Hub-Signature'] = "sha1=FOOBAR"
+        controller.request.headers['X-Hub-Signature-256'] = "sha256=FOOBAR"
         controller.request.headers['X-GitHub-Event'] = 'push'
         controller.request.headers['Content-Type'] = 'application/json'
         expect { controller.send :authenticate_github_request! }.to raise_error(Processor::SignatureError)
@@ -116,11 +116,18 @@ module GithubWebhook
 
       it "raises an error when the content type is not correct" do
         controller.request.body = StringIO.new({ :foo => "bar" }.to_json.to_s)
-        controller.request.headers['X-Hub-Signature'] = "sha1=52b582138706ac0c597c315cfc1a1bf177408a4d"
+        controller.request.headers['X-Hub-Signature-256'] = "sha256=3f3ab3986b656abb17af3eb1443ed6c08ef8fff9fea83915909d1b421aec89be"
         controller.request.headers['X-GitHub-Event'] = 'ping'
         controller.request.headers['Content-Type'] = 'application/xml'
         expect { controller.send :authenticate_github_request! }.to raise_error(Processor::UnsupportedContentTypeError)
       end
+
+      it 'raises SignatureError when the X-Hub-Signature header is missing' do
+        controller.request.body = StringIO.new('{}')
+        controller.request.headers['Content-Type'] = 'application/json'
+        controller.request.headers['X-GitHub-Event'] = 'ping'
+        expect { controller.send :authenticate_github_request! }.to raise_error(Processor::SignatureError)
+      end
     end
   end
 end

data/spec/spec_helper.rb

@@ -1,7 +1,7 @@
 ENV['RAILS_ENV'] ||= 'test'
 
-require "codeclimate-test-reporter"
-CodeClimate::TestReporter.start
+require 'simplecov'
+SimpleCov.start
 
 require "github_webhook"
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: github_webhook
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Sebastien Saunier
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-10-03 00:00:00.000000000 Z
+date: 2021-12-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -52,50 +52,36 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '4'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.5'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.1'
+        version: '12.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.1'
+        version: '12.3'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.14'
+        version: '3.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.14'
+        version: '3.9'
 - !ruby/object:Gem::Dependency
-  name: codeclimate-test-reporter
+  name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -115,14 +101,17 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ruby.yml"
 - ".gitignore"
 - ".ruby-version"
-- ".travis.yml"
+- Appraisals
 - Gemfile
-- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
+- gemfiles/rails_4.2.gemfile
+- gemfiles/rails_5.0.gemfile
+- gemfiles/rails_5.1.gemfile
 - github_webhook.gemspec
 - lib/github_webhook.rb
 - lib/github_webhook/processor.rb
@@ -134,7 +123,7 @@ homepage: https://github.com/ssaunier/github_webhook
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -149,9 +138,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.13
-signing_key: 
+rubygems_version: 3.1.6
+signing_key:
 specification_version: 4
 summary: Process GitHub Webhooks in your Rails app (Controller mixin)
 test_files:

data/.travis.yml

@@ -1,7 +0,0 @@
-language: ruby
-rvm:
-  - 2.4.2
-  - 2.3.5
-addons:
-  code_climate:
-    repo_token: 50425d682162d68af0b65bd9e5160da8337d2159fc3ebc00d2a5b14386548ac5

data/Gemfile.lock

@@ -1,92 +0,0 @@
-PATH
-  remote: .
-  specs:
-    github_webhook (1.1.0)
-      activesupport (>= 4)
-      rack (>= 1.3)
-      railties (>= 4)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actionpack (5.1.4)
-      actionview (= 5.1.4)
-      activesupport (= 5.1.4)
-      rack (~> 2.0)
-      rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.1.4)
-      activesupport (= 5.1.4)
-      builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activesupport (5.1.4)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (~> 0.7)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    builder (3.2.3)
-    codeclimate-test-reporter (0.4.8)
-      simplecov (>= 0.7.1, < 1.0.0)
-    concurrent-ruby (1.0.5)
-    crass (1.0.2)
-    diff-lcs (1.2.5)
-    docile (1.1.5)
-    erubi (1.6.1)
-    i18n (0.8.6)
-    json (1.8.6)
-    loofah (2.1.1)
-      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    method_source (0.9.0)
-    mini_portile2 (2.3.0)
-    minitest (5.10.3)
-    nokogiri (1.8.1)
-      mini_portile2 (~> 2.3.0)
-    rack (2.0.3)
-    rack-test (0.7.0)
-      rack (>= 1.0, < 3)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
-      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.3)
-      loofah (~> 2.0)
-    railties (5.1.4)
-      actionpack (= 5.1.4)
-      activesupport (= 5.1.4)
-      method_source
-      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-    rake (10.3.1)
-    rspec (2.14.1)
-      rspec-core (~> 2.14.0)
-      rspec-expectations (~> 2.14.0)
-      rspec-mocks (~> 2.14.0)
-    rspec-core (2.14.8)
-    rspec-expectations (2.14.5)
-      diff-lcs (>= 1.1.3, < 2.0)
-    rspec-mocks (2.14.6)
-    simplecov (0.11.2)
-      docile (~> 1.1.0)
-      json (~> 1.8)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.0)
-    thor (0.20.0)
-    thread_safe (0.3.6)
-    tzinfo (1.2.3)
-      thread_safe (~> 0.1)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  bundler (~> 1.5)
-  codeclimate-test-reporter
-  github_webhook!
-  rake (~> 10.1)
-  rspec (~> 2.14)
-
-BUNDLED WITH
-   1.16.0.pre.2