also install webhooks secrets

2023-10-12 15:59:26 +02:00 · 2023-10-12 15:59:26 +02:00 · 74fb30f6ff
parent 508714f7bf
commit 74fb30f6ff
2 changed files with 6 additions and 3 deletions
--- a/buildbot_nix/buildbot_nix.py
+++ b/buildbot_nix/buildbot_nix.py
@ -654,12 +654,15 @@ class NixConfigurator(ConfiguratorBase):

        config["projects"] = config.get("projects", [])

+        webhook_secret = read_secret_file(self.github.webhook_secret_name)
+
        for project in projects:
            create_project_hook(
                project.owner,
                project.repo,
                self.github.token(),
                f"{self.url}/change_hook/github",
+                webhook_secret,
            )

        for project in projects:
@ -707,7 +710,7 @@ class NixConfigurator(ConfiguratorBase):
            "change_hook_dialects", {}
        )
        config["www"]["change_hook_dialects"]["github"] = {
-            "secret": read_secret_file(self.github.webhook_secret_name),
+            "secret": webhook_secret,
            "strict": True,
            "token": self.github.token(),
            "github_property_whitelist": "*",
--- a/buildbot_nix/github_projects.py
+++ b/buildbot_nix/github_projects.py
@ -101,11 +101,11 @@ class GithubProject:
        return self.data["topics"]


-def create_project_hook(owner: str, repo: str, token: str, webhook_url: str) -> None:
+def create_project_hook(owner: str, repo: str, token: str, webhook_url: str, webhook_secret) -> None:
    hooks = paginated_github_request(
        f"https://api.github.com/repos/{owner}/{repo}/hooks?per_page=100", token
    )
-    config = dict(url=webhook_url, content_type="json", insecure_ssl="0")
+    config = dict(url=webhook_url, content_type="json", insecure_ssl="0", secret=webhook_secret)
    data = dict(name="web", active=True, events=["push", "pull_request"], config=config)
    headers = {
        "Authorization": f"Bearer {token}",