search

alexellis / derek

Reduce maintainer fatigue by automating GitHub
https://github.com/alexellis/derek/blob/master/USER_GUIDE.md
MIT License
806 stars 72 forks source link

Move hmac from sha1 to sha256 #183

Closed rgee0 closed 2 years ago

rgee0 commented 2 years ago

Signed-off-by: Richard Gee richard@technologee.co.uk

Moves HMAC validation from using the shorter sha1 value to the now provided sha256 value

Description

Move from using: X-Hub-Signature: sha1=7d38cdd689735b008b3c702edd92eea23791c5f6 To using: X-Hub-Signature-256: sha256=d57c68ca6f92289e6987922ff26938930f6e66a2d161ef06abdf1859230aa23c

Motivation and Context

Fixes #181

How Has This Been Tested?

~Looks like the build is failing on account of modules too.~ resolved

Initial test to trigger the error message - no header is supplied through this route.

image

Use valid Derek command to test it is processed correctly

this is the test repo/issue

image

View of associated Github payload delivery

image

And the function logs:

2021-10-30T14:55:04Z 2021/10/30 14:55:04 Owner: rgee0, repo: Test, action: derek:handle_comment
2021-10-30T14:55:04Z rgee0 wants to add label(s) of 'fred' on issue #11.
2021-10-30T14:55:04Z Request to add label(s) of 'fred' on issue #11 was successfully completed.
2021-10-30T14:55:04Z 2021/10/30 14:55:04 Duration: 0.834128s
2021-10-30T14:55:05Z 2021/10/30 14:55:05 Forking fprocess.
2021-10-30T14:55:05Z 2021/10/30 14:55:05 Query  
2021-10-30T14:55:05Z 2021/10/30 14:55:05 Path  /
2021-10-30T14:55:05Z 2021/10/30 14:55:05 Duration: 0.003465s
2021-10-30T14:55:08Z 2021/10/30 14:55:08 Forking fprocess.
2021-10-30T14:55:08Z 2021/10/30 14:55:08 Query  
2021-10-30T14:55:08Z 2021/10/30 14:55:08 Path  /
2021-10-30T14:55:08Z 2021/10/30 14:55:08 Owner: rgee0, repo: Test, action: issue_comment
2021-10-30T14:55:08Z 2021/10/30 14:55:08 Duration: 0.112533s

Types of changes

Checklist:

alexellis commented 2 years ago

Thank you Richard