feat: add GitHub webhook validation
Description
This MR implements GitHub Webhook secret validation. The webhooks are not validated at the moment, hence those who have the basic auth credentials could send any request. After merging this MR, the webhooks will be validated as well.
Supporting information
- https://tasks.opencraft.com/browse/SE-6063
- Getting the HTTP headers from env variables: https://github.com/openfaas/workshop/blob/master/lab4.md#inject-configuration-through-environmental-variables
Testing instructions
Steps to test the changes:
- Check that https://github.com/open-craft/edx-platform/settings/hooks/434082134 has a webhook secret
- Check that https://gitlab.com/opencraft/ops/grove-stage-digitalocean/-/hooks/29130938/edit has a webhook secret
- Comment
/grove sandbox update
on https://github.com/open-craft/edx-platform/pull/583 and check for the PR comment that indicates the successful deployment start.
Dependencies
NA
Screenshots
NA
Checklist
If any of the items below is not applicable, do not remove them, but put a check in it.
-
All providers include the new feature/change -
All affected providers can provision new clusters -
Unit tests are added/updated -
Documentation is added/updated -
The TOOLS_CONTAINER_IMAGE_VERSION
in ci_vars.yml is updated -
The grove-template repository is updated
Additional context
NA
Edited by Boros Gábor