Mailinglist Archive: opensuse-buildservice (48 mails)

< Previous Next >
Re: [opensuse-buildservice] Re: OBS + GitHub - deprecation of GitHub Services


On 10/25/2018 02:54 PM, Stephan Kulow wrote:
Am 25.10.18 um 10:13 schrieb Andreas Schwab:
On Okt 25 2018, Stephan Kulow <coolo@xxxxxxx> wrote:

Am 25.10.18 um 09:23 schrieb Christian:
Am 24.10.18 um 21:00 schrieb Stephan Kulow:
The URL is https://build.opensuse.org/trigger/webhook?id=$TOKEN_ID

The token_id is listed on osc tokens and you have to put the
token itself as secret
the webhook config on GitHub is split up into two config parts ..
1) Payload URL:
2) secret

did you test it that way ?

coolo@cleopatra#~>osc token --create home:coolo demopac
Create a new token
<status code="ok">
<summary>Ok</summary>
<data name="token">aWup8hf2dzF8c2GPfoKn1BpV</data>
<data name="id">1920</data>
</status>

And then paste aWup... into the secret:
https://pasteboard.co/HK3ry5c.png
Are you sure it's the token id and not the token string that you need to
use? osc token --trigger also uses the token string.

Well, you need both - don't ask me why. But it's in the code:
https://bit.ly/2yzK1kx
Because GitHub creates a signature over the payload with this token. The
token gets not transferred by GitHub. GitHub only transfers the id which
OBS uses to verify this signature. This is a different concept than osc
does. We just leveraged that there was already functionality to create
tokens in OBS.

https://developer.github.com/webhooks/securing/#validating-payloads-from-github

Hope that helps.

And yes, we should document this :)

Christian
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >