Closed dscho closed 4 months ago
We should probably ignore such webhook events, maybe even all webhook events sent by bots (i.e. something like
if (req.body?.sender?.login?.endswith('[bot]')) return ok('Ignoring event sent by bot account')
).
We should probably prefer type
over login
, so if (req.body?.sender?.type == 'Bot') return ok('Ignoring event sent by bot account')
or maybe even if (req.body?.sender?.type != 'User') return ok('Ignoring event sent by non-user account')
.
We should probably prefer
type
overlogin
, soif (req.body?.sender?.type == 'Bot') return ok('Ignoring event sent by bot account')
Hmm. When looking at the release-git
check run events, to which want to react, I see that the sender is gitforwindowshelper[bot]
.
So I am coming to the conclusion that the idea of ignoring events originating From GitForWindowsHelper turns out to be one of the less stellar ones I've had.
For example, when the App edits a comment, we receive a webhook like this:
We should probably ignore such webhook events, maybe even all webhook events sent by bots (i.e. something like
if (req.body?.sender?.login?.endswith('[bot]')) return ok('Ignoring event sent by bot account')
).