[prev in list] [next in list] [prev in thread] [next in thread]
List: opensuse-buildservice
Subject: Re: [opensuse-buildservice] Re: OBS + GitHub - deprecation of GitHub Services
From: Christian Bruckmayer <cbruckmayer () suse ! com>
Date: 2018-10-29 12:22:28
Message-ID: e485a6c8-2dd9-373a-7cd5-dd1a15b5c6dd () suse ! com
[Download RAW message or body]
On 10/25/2018 02:54 PM, Stephan Kulow wrote:
> Am 25.10.18 um 10:13 schrieb Andreas Schwab:
>> On Okt 25 2018, Stephan Kulow <coolo@suse.de> wrote:
>>
>>> Am 25.10.18 um 09:23 schrieb Christian:
>>>> Am 24.10.18 um 21:00 schrieb Stephan Kulow:
>>>>> The URL is https://build.opensuse.org/trigger/webhook?id=$TOKEN_ID
>>>>>
>>>>> The token_id is listed on osc tokens and you have to put the
>>>>> token itself as secret
>>>> the webhook config on GitHub is split up into two config parts ..
>>>> 1) Payload URL:
>>>> 2) secret
>>>>
>>>> did you test it that way ?
>>>>
>>> coolo@cleopatra#~>osc token --create home:coolo demopac
>>> Create a new token
>>> <status code="ok">
>>> <summary>Ok</summary>
>>> <data name="token">aWup8hf2dzF8c2GPfoKn1BpV</data>
>>> <data name="id">1920</data>
>>> </status>
>>>
>>> And then paste aWup... into the secret:
>>> https://pasteboard.co/HK3ry5c.png
>> Are you sure it's the token id and not the token string that you need to
>> use? osc token --trigger also uses the token string.
>>
> Well, you need both - don't ask me why. But it's in the code:
> https://bit.ly/2yzK1kx
Because GitHub creates a signature over the payload with this token. The
token gets not transferred by GitHub. GitHub only transfers the id which
OBS uses to verify this signature. This is a different concept than osc
does. We just leveraged that there was already functionality to create
tokens in OBS.
https://developer.github.com/webhooks/securing/#validating-payloads-from-github
Hope that helps.
And yes, we should document this :)
Christian
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic