search

palantir / policy-bot

A GitHub App that enforces approval policies on pull requests
Apache License 2.0
757 stars 103 forks source link

Got error from webhooks #170

Closed xiaotianq closed 4 years ago

xiaotianq commented 4 years ago 
{
  "error": "failed to fetch policy: xiaotianq/go-micro-test ref=master: failed to fetch content of xiaotianq/go-micro-test@master/.policy.yml: Get https://api.github.com/repos/xiaotianq/go-micro-test/contents/.policy.yml?ref=master: could not refresh installation id 0's token: received non 2xx response status \"404 Not Found\" when fetching https://api.github.com/installations/0/access_tokens\ngithub.com/palantir/policy-bot/server/handler.(*ConfigFetcher).fetchConfigContents\n\t/go/src/github.com/palantir/policy-bot/server/handler/fetcher.go:178\ngithub.com/palantir/policy-bot/server/handler.(*ConfigFetcher).fetchConfig\n\t/go/src/github.com/palantir/policy-bot/server/handler/fetcher.go:107\ngithub.com/palantir/policy-bot/server/handler.(*ConfigFetcher).ConfigForPR\n\t/go/src/github.com/palantir/policy-bot/server/handler/fetcher.go:85\ngithub.com/palantir/policy-bot/server/handler.(*Base).Evaluate\n\t/go/src/github.com/palantir/policy-bot/server/handler/base.go:145\ngithub.com/palantir/policy-bot/server/handler.(*PullRequest).Handle\n\t/go/src/github.com/palantir/policy-bot/server/handler/pull_request.go:52\ngithub.com/palantir/policy-bot/vendor/github.com/palantir/go-githubapp/githubapp.(*eventDispatcher).ServeHTTP\n\t/go/src/github.com/palantir/policy-bot/vendor/github.com/palantir/go-githubapp/githubapp/dispatcher.go:178\ngithub.com/palantir/policy-bot/vendor/goji%2eio.dispatch.ServeHTTP\n\t/go/src/github.com/palantir/policy-bot/vendor/goji.io/dispatch.go:17\ngithub.com/palantir/policy-bot/vendor/github.com/bluekeyes/hatpear.Recover.func1.1\n\t/go/src/github.com/palantir/policy-bot/vendor/github.com/bluekeyes/hatpear/hatpear.go:107\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2007\ngithub.com/palantir/policy-bot/vendor/github.com/bluekeyes/hatpear.Catch.func1.1\n\t/go/src/github.com/palantir/policy-bot/vendor/github.com/bluekeyes/hatpear/hatpear.go:60\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2007\ngithub.com/palantir/policy-bot/vendor/github.com/rs/zerolog/hlog.AccessHandler.func1.1\n\t/go/src/github.com/palantir/policy-bot/vendor/github.com/rs/zerolog/hlog/hlog.go:180\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2007\ngithub.com/palantir/policy-bot/vendor/github.com/rs/zerolog/hlog.RequestIDHandler.func1.1\n\t/go/src/github.com/palantir/policy-bot/vendor/github.com/rs/zerolog/hlog/hlog.go:169\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2007\ngithub.com/palantir/policy-bot/vendor/github.com/palantir/go-baseapp/baseapp.NewMetricsHandler.func1.1\n\t/go/src/github.com/palantir/policy-bot/vendor/github.com/palantir/go-baseapp/baseapp/middleware.go:55\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2007\ngithub.com/palantir/policy-bot/vendor/github.com/rs/zerolog/hlog.NewHandler.func1.1\n\t/go/src/github.com/palantir/policy-bot/vendor/github.com/rs/zerolog/hlog/hlog.go:30\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2007\ngithub.com/palantir/policy-bot/vendor/goji%2eio.(*Mux).ServeHTTP\n\t/go/src/github.com/palantir/policy-bot/vendor/goji.io/mux.go:74\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2802\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1890\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1357",
  "github_delivery_id": "4eefbe80-5fdc-11ea-928c-cd9bc8a3eb5a",
  "github_event_type": "pull_request",
  "level": "error",
  "message": "Unexpected error handling webhook request",
  "rid": "bph9q4fh6g6fle61f8e0",
  "time": "2020-03-06T18:57:22.120856433Z"
}

Above is my container logs

And inside the log there is an error says Get https://api.github.com/repos/xiaotianq/go-micro-test/contents/.policy.yml?ref=master: could not refresh installation id 0's token: received non 2xx response status

I set up the configs yml file like:

https://gist.github.com/xiaotianq/f5014ddd6960bd153d1d2d7dfea13ee7

iInside the config, I defined integration id: integration_id: 56314

I commented out sessions: A random string used to sign session cookies key: ?????

Q1. Where is this session number coming from? Q2. Why did I set the integration_id: 56314 to my app id, but the error said 0?

bluekeyes commented 4 years ago

Thanks for reporting this error and including your configuration.

  1. The session string is used as a key to sign sessions when users visit the details UI. It can be any random string. On macOS or Linux, you can generate an appropriate value using something like:

    head -c32 /dev/urandom | xxd -p -c 64

  2. There are two different IDs here. The integration ID is the ID of your app in GitHub. For each organization where your app is installed, an installation ID is also created, representing the "installation of this app on this organization". This should be included as part of the webhook payload automatically, so the fact that it is 0 leads me to believe it was not included. Did you install the app on this organization/repository or did you manually create a webhook?

xiaotianq commented 4 years ago

Hi, bluekeyes, thanks for your answer. For question 2, I installed the Gitapp on my own account with own repo for testing. and I created a webhook manually inside the repo. Here is the payload sending to my pod/container for pull request.

bluekeyes commented 4 years ago

Can you try deleting the manually created webhook? When you install the GitHub App, it automatically adds a webhook behind the scenes that does not appear in the normal webhook list on each repository. Instead, you can view all webhook deliveries associated with the application from the "Advanced" tab of the application settings.

xiaotianq commented 4 years ago

Thanks, I just reinstalled the policy-bot to my repo: here is the paste for GitApp's own webhook payload: https://gist.github.com/xiaotianq/8ec73041b2f2aa38f283fcfaed1dc425 See there are several ids, which one should I paste into field integration_id of policy-bot config?

xiaotianq commented 4 years ago

And the response on the installation action of webhook is:

Invalid webhook headers or payload

bluekeyes commented 4 years ago

The app_id value (56314) should be set as the integration_id in the policy-bot config.

If everything is working, payloads for this repository will contain 7185762 as the installation ID.

The most common cause for the Invalid webhook headers or payload is if the value set for webhook_secret in the configuration does not match the value that was set in the GitHub UI when you created the application.

xiaotianq commented 4 years ago

Thanks for all the help, bluekeyes