pdehaan
commented
4 years ago Why? We don't want somebody discovering our webhook endpoint server and spamming Slack channels with stuff and nonsense (if they want to do that, let them try and do it via Slack APIs or something that isn't my fault).
I just realized I added my GitHub secret code to GitHub repo settings and to the .env file locally, but I never tested the negative state to see if a secret mismatch fails spectacularly or if secrets arent even checked and I have to do more plumbing.
Be better.