def post_github_webhook(snap_name=None, github_owner=None, github_repo=None): repo_url = flask.request.json["repository"]["html_url"] gh_owner = flask.request.json["repository"]["owner"]["login"] gh_repo = flask.request.json["repository"]["name"] if snap_name: lp_snap = launchpad.get_snap_by_store_name(snap_name) else: lp_snap = launchpad.get_snap(md5(repo_url.encode("UTF-8")).hexdigest()) # Check that this is the repo for this snap if lp_snap["git_repository_url"] != repo_url: return ("The repository does not match the one used by this Snap", 403) github = GitHub() if not github.validate_webhook_signature( flask.request.data, flask.request.headers.get("X-Hub-Signature")): return ("Invalid secret", 403) validation = validate_repo(GITHUB_SNAPCRAFT_USER_TOKEN, lp_snap["store_name"], gh_owner, gh_repo) if not validation["success"]: return (validation["error"]["message"], 400) if launchpad.is_snap_building(lp_snap["store_name"]): launchpad.cancel_snap_builds(lp_snap["store_name"]) launchpad.build_snap(lp_snap["store_name"]) return ("", 204)
def post_github_webhook(snap_name=None, github_owner=None, github_repo=None): payload = flask.request.json repo_url = payload["repository"]["html_url"] gh_owner = payload["repository"]["owner"]["login"] gh_repo = payload["repository"]["name"] gh_default_branch = payload["repository"]["default_branch"] # The first payload after the webhook creation # doesn't contain a "ref" key if "ref" in payload: gh_event_branch = payload["ref"][11:] else: gh_event_branch = gh_default_branch # Check the push event is in the default branch if gh_default_branch != gh_event_branch: return ("The push event is not for the default branch", 200) if snap_name: lp_snap = launchpad.get_snap_by_store_name(snap_name) else: lp_snap = launchpad.get_snap(md5(repo_url.encode("UTF-8")).hexdigest()) if not lp_snap: return ("This repository is not linked with any Snap", 403) # Check that this is the repo for this snap if lp_snap["git_repository_url"] != repo_url: return ("The repository does not match the one used by this Snap", 403) github = GitHub() signature = flask.request.headers.get("X-Hub-Signature") if not github.validate_webhook_signature(flask.request.data, signature): if not github.validate_bsi_webhook_secret( gh_owner, gh_repo, flask.request.data, signature ): return ("Invalid secret", 403) validation = validate_repo( GITHUB_SNAPCRAFT_USER_TOKEN, lp_snap["store_name"], gh_owner, gh_repo ) if not validation["success"]: return (validation["error"]["message"], 400) if launchpad.is_snap_building(lp_snap["store_name"]): launchpad.cancel_snap_builds(lp_snap["store_name"]) launchpad.build_snap(lp_snap["store_name"]) return ("", 204)