def push_webhook_pusher_check(): try: Github.verify_webhook_signature(secret=os.environ.get('GITHUB_WEBHOOK_SECRET', None)) except ValueError: return 'Unauthroized, invalid hash', 401 # Parse event data try: push_event_data = json.loads(request.data.decode('utf-8')) except ValueError: return 'Failed to parse push event', 400 # Github's hook check if 'hook' in push_event_data and 'hook_id' in push_event_data: return 'OK', 200 # Valid pushers info with open(os.path.join(source_root, 'pusher_matches.json'), 'r') as f: pusher_matches = json.load(f) # get SNS topic sns_topic = os.environ.get('SNS_SCM_ADMIN_TOPIC', None) # Pusher info pusher = push_event_data.get('pusher', None) if pusher: pusher = pusher.get('name', None) repository = push_event_data.get('repository', None) if repository: repository_name = repository.get('full_name', None) else: repository_name = None branch = push_event_data.get('ref', '').split('/')[-1] if not pusher or not repository_name or not branch: logger.error('Cannot parse push event data') logger.error(request.data) sns_publish(sns_topic=sns_topic, event='SCM', subject='Failed to parse oush event data', message='received data is:\n\n{}'.format(request.data.decode('utf-8'))) return 'Bad Request, unknown push event payload', 400 # Match repo_to_be_matched = pusher_matches.get(repository_name, None) if repo_to_be_matched: if branch in repo_to_be_matched: branch_to_be_matched = repo_to_be_matched[branch] if pusher in branch_to_be_matched: return 'OK', 200 else: sns_publish(sns_topic=sns_topic, event='SCM', subject='Invalid push event @ {branch} of {repo}'.format(repo=repository_name, branch=branch), message='Pusher "{pusher}" pushed to `{branch}` branch at `{repo}` repo'.format( pusher=pusher, branch=branch, repo=repository_name, )) return 'Forbidden', 403 # Don't have to match return 'OK', 200