From 74fb30f6ffb28e8cb3c73def1d4e4c322b7d3fdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 12 Oct 2023 15:59:26 +0200 Subject: [PATCH] also install webhooks secrets --- buildbot_nix/buildbot_nix.py | 5 ++++- buildbot_nix/github_projects.py | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/buildbot_nix/buildbot_nix.py b/buildbot_nix/buildbot_nix.py index a58ce67..d46c7c0 100644 --- a/buildbot_nix/buildbot_nix.py +++ b/buildbot_nix/buildbot_nix.py @@ -654,12 +654,15 @@ class NixConfigurator(ConfiguratorBase): config["projects"] = config.get("projects", []) + webhook_secret = read_secret_file(self.github.webhook_secret_name) + for project in projects: create_project_hook( project.owner, project.repo, self.github.token(), f"{self.url}/change_hook/github", + webhook_secret, ) for project in projects: @@ -707,7 +710,7 @@ class NixConfigurator(ConfiguratorBase): "change_hook_dialects", {} ) config["www"]["change_hook_dialects"]["github"] = { - "secret": read_secret_file(self.github.webhook_secret_name), + "secret": webhook_secret, "strict": True, "token": self.github.token(), "github_property_whitelist": "*", diff --git a/buildbot_nix/github_projects.py b/buildbot_nix/github_projects.py index 94cad9c..aec4835 100644 --- a/buildbot_nix/github_projects.py +++ b/buildbot_nix/github_projects.py @@ -101,11 +101,11 @@ class GithubProject: return self.data["topics"] -def create_project_hook(owner: str, repo: str, token: str, webhook_url: str) -> None: +def create_project_hook(owner: str, repo: str, token: str, webhook_url: str, webhook_secret) -> None: hooks = paginated_github_request( f"https://api.github.com/repos/{owner}/{repo}/hooks?per_page=100", token ) - config = dict(url=webhook_url, content_type="json", insecure_ssl="0") + config = dict(url=webhook_url, content_type="json", insecure_ssl="0", secret=webhook_secret) data = dict(name="web", active=True, events=["push", "pull_request"], config=config) headers = { "Authorization": f"Bearer {token}",