feat: add GitHub webhook validation (!237) · Merge requests · opencraft / dev / Grove

Boros Gábor requested to merge gabor/webhook-validation into main Oct 31, 2023

Description

This MR implements GitHub Webhook secret validation. The webhooks are not validated at the moment, hence those who have the basic auth credentials could send any request. After merging this MR, the webhooks will be validated as well.

Supporting information

https://tasks.opencraft.com/browse/SE-6063
Getting the HTTP headers from env variables: https://github.com/openfaas/workshop/blob/master/lab4.md#inject-configuration-through-environmental-variables

Testing instructions

Steps to test the changes:

Check that https://github.com/open-craft/edx-platform/settings/hooks/434082134 has a webhook secret
Check that https://gitlab.com/opencraft/ops/grove-stage-digitalocean/-/hooks/29130938/edit has a webhook secret
Comment /grove sandbox update on https://github.com/open-craft/edx-platform/pull/583 and check for the PR comment that indicates the successful deployment start.

Dependencies

Screenshots

Checklist

If any of the items below is not applicable, do not remove them, but put a check in it.

All providers include the new feature/change
All affected providers can provision new clusters
Unit tests are added/updated
Documentation is added/updated
The TOOLS_CONTAINER_IMAGE_VERSION in ci_vars.yml is updated
The grove-template repository is updated

Additional context

Edited Oct 31, 2023 by Boros Gábor

feat: add GitHub webhook validation