also install webhooks secrets

buildbot_nix/buildbot_nix.py

@@ -654,12 +654,15 @@ class NixConfigurator(ConfiguratorBase):
 
         config["projects"] = config.get("projects", [])
 
+        webhook_secret = read_secret_file(self.github.webhook_secret_name)
+
         for project in projects:
             create_project_hook(
                 project.owner,
                 project.repo,
                 self.github.token(),
                 f"{self.url}/change_hook/github",
+                webhook_secret,
             )
 
         for project in projects:
@@ -707,7 +710,7 @@ class NixConfigurator(ConfiguratorBase):
             "change_hook_dialects", {}
         )
         config["www"]["change_hook_dialects"]["github"] = {
-            "secret": read_secret_file(self.github.webhook_secret_name),
+            "secret": webhook_secret,
             "strict": True,
             "token": self.github.token(),
             "github_property_whitelist": "*",

buildbot_nix/github_projects.py

@@ -101,11 +101,11 @@ class GithubProject:
         return self.data["topics"]
 
 
-def create_project_hook(owner: str, repo: str, token: str, webhook_url: str) -> None:
+def create_project_hook(owner: str, repo: str, token: str, webhook_url: str, webhook_secret) -> None:
     hooks = paginated_github_request(
         f"https://api.github.com/repos/{owner}/{repo}/hooks?per_page=100", token
     )
-    config = dict(url=webhook_url, content_type="json", insecure_ssl="0")
+    config = dict(url=webhook_url, content_type="json", insecure_ssl="0", secret=webhook_secret)
     data = dict(name="web", active=True, events=["push", "pull_request"], config=config)
     headers = {
         "Authorization": f"Bearer {token}",