also install webhooks secrets
This commit is contained in:
parent
508714f7bf
commit
74fb30f6ff
|
@ -654,12 +654,15 @@ class NixConfigurator(ConfiguratorBase):
|
||||||
|
|
||||||
config["projects"] = config.get("projects", [])
|
config["projects"] = config.get("projects", [])
|
||||||
|
|
||||||
|
webhook_secret = read_secret_file(self.github.webhook_secret_name)
|
||||||
|
|
||||||
for project in projects:
|
for project in projects:
|
||||||
create_project_hook(
|
create_project_hook(
|
||||||
project.owner,
|
project.owner,
|
||||||
project.repo,
|
project.repo,
|
||||||
self.github.token(),
|
self.github.token(),
|
||||||
f"{self.url}/change_hook/github",
|
f"{self.url}/change_hook/github",
|
||||||
|
webhook_secret,
|
||||||
)
|
)
|
||||||
|
|
||||||
for project in projects:
|
for project in projects:
|
||||||
|
@ -707,7 +710,7 @@ class NixConfigurator(ConfiguratorBase):
|
||||||
"change_hook_dialects", {}
|
"change_hook_dialects", {}
|
||||||
)
|
)
|
||||||
config["www"]["change_hook_dialects"]["github"] = {
|
config["www"]["change_hook_dialects"]["github"] = {
|
||||||
"secret": read_secret_file(self.github.webhook_secret_name),
|
"secret": webhook_secret,
|
||||||
"strict": True,
|
"strict": True,
|
||||||
"token": self.github.token(),
|
"token": self.github.token(),
|
||||||
"github_property_whitelist": "*",
|
"github_property_whitelist": "*",
|
||||||
|
|
|
@ -101,11 +101,11 @@ class GithubProject:
|
||||||
return self.data["topics"]
|
return self.data["topics"]
|
||||||
|
|
||||||
|
|
||||||
def create_project_hook(owner: str, repo: str, token: str, webhook_url: str) -> None:
|
def create_project_hook(owner: str, repo: str, token: str, webhook_url: str, webhook_secret) -> None:
|
||||||
hooks = paginated_github_request(
|
hooks = paginated_github_request(
|
||||||
f"https://api.github.com/repos/{owner}/{repo}/hooks?per_page=100", token
|
f"https://api.github.com/repos/{owner}/{repo}/hooks?per_page=100", token
|
||||||
)
|
)
|
||||||
config = dict(url=webhook_url, content_type="json", insecure_ssl="0")
|
config = dict(url=webhook_url, content_type="json", insecure_ssl="0", secret=webhook_secret)
|
||||||
data = dict(name="web", active=True, events=["push", "pull_request"], config=config)
|
data = dict(name="web", active=True, events=["push", "pull_request"], config=config)
|
||||||
headers = {
|
headers = {
|
||||||
"Authorization": f"Bearer {token}",
|
"Authorization": f"Bearer {token}",
|
||||||
|
|
Loading…
Reference in a new issue