refactor(github_hooks): Force webhook signature check for GitHub Apps (#97)

forestileao · web-flow · commit 7cba6a2ea732 · 2025-03-06T09:55:21.000-03:00
diff --git a/github_hooks/Gemfile.lock b/github_hooks/Gemfile.lock
@@ -246,7 +246,7 @@ GEM
       nio4r (~> 2.0)
     raabro (1.4.0)
     racc (1.8.1)
-    rack (2.2.11)
+    rack (2.2.12)
     rack-session (1.0.2)
       rack (< 3)
     rack-test (2.1.0)
@@ -423,7 +423,7 @@ GEM
       unicode-emoji (~> 4.0, >= 4.0.4)
     unicode-emoji (4.0.4)
     uniform_notifier (1.16.0)
-    uri (1.0.2)
+    uri (1.0.3)
     useragent (0.16.11)
     vcr (6.3.1)
       base64
diff --git a/github_hooks/app/controllers/projects_controller.rb b/github_hooks/app/controllers/projects_controller.rb
@@ -20,7 +20,7 @@ def repo_host_post_commit_hook
         head :ok and return
       end
 
-      if webhook_filter.github_app_webhook? && App.check_github_app_webhook?
+      if webhook_filter.github_app_webhook?
         signature = repo_host_request.headers["X-Hub-Signature-256"]
         secret = Semaphore::GithubApp::Credentials.github_app_webhook_secret
 
diff --git a/github_hooks/config/app/development.rb b/github_hooks/config/app/development.rb
@@ -12,7 +12,6 @@
   config.github_app_id = SemaphoreConfig.github_app_id
   config.github_secret_id = SemaphoreConfig.github_secret_id
   config.github_app_webhook_secret = SemaphoreConfig.github_app_webhook_secret
-  config.check_github_app_webhook = SemaphoreConfig.check_github_app_webhook
 
   config.bitbucket_app_id = SemaphoreConfig.bitbucket_app_id
   config.bitbucket_secret_id = SemaphoreConfig.bitbucket_secret_id
diff --git a/github_hooks/config/app/production.rb b/github_hooks/config/app/production.rb
@@ -14,7 +14,6 @@
   config.github_app_id = SemaphoreConfig.github_app_id
   config.github_secret_id = SemaphoreConfig.github_secret_id
   config.github_app_webhook_secret = SemaphoreConfig.github_app_webhook_secret
-  config.check_github_app_webhook = SemaphoreConfig.check_github_app_webhook.to_s == "true"
 
   config.bitbucket_app_id = SemaphoreConfig.bitbucket_app_id
   config.bitbucket_secret_id = SemaphoreConfig.bitbucket_secret_id
diff --git a/github_hooks/config/app/test.rb b/github_hooks/config/app/test.rb
@@ -10,7 +10,6 @@
   config.github_app_id = "bd59c3a0c448179b5f3f"
   config.github_secret_id = "c40e646d16dca15d4a5155397e4e66b928678f15"
   config.github_app_webhook_secret = "lkasjdlkjKSJHKsa123lskdfn"
-  config.check_github_app_webhook = true
 
   config.bitbucket_app_id = "G3cXBDsDEwVp25rCXL"
   config.bitbucket_secret_id = "LNNfhaLKsfuzjYEeJLkN5Y93cNDb2ej4"
