Skip to content
This repository was archived by the owner on Jan 16, 2025. It is now read-only.

Commit f9f705f

Browse files
npalmnpalm
authored
fix: update return codes, no error code for job that are ignored (#1381)
1 parent fcfbc53 commit f9f705f

File tree

4 files changed

+55
-39
lines changed

4 files changed

+55
-39
lines changed

Diff for: modules/webhook/lambdas/webhook/src/lambda.ts

+7-4
Original file line numberDiff line numberDiff line change
@@ -2,14 +2,17 @@ import { handle } from './webhook/handler';
22
import { APIGatewayEvent, Context, Callback } from 'aws-lambda';
33
import { logger } from './webhook/logger';
44

5+
export interface Response {
6+
statusCode: number;
7+
body?: string;
8+
}
9+
510
export const githubWebhook = async (event: APIGatewayEvent, context: Context, callback: Callback): Promise<void> => {
611
logger.setSettings({ requestId: context.awsRequestId });
712
logger.debug(JSON.stringify(event));
813
try {
9-
const statusCode = await handle(event.headers, event.body as string);
10-
callback(null, {
11-
statusCode: statusCode,
12-
});
14+
const response = await handle(event.headers, event.body as string);
15+
callback(null, response);
1316
} catch (e) {
1417
callback(e as Error);
1518
}

Diff for: modules/webhook/lambdas/webhook/src/local.ts

+1-1
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ app.use(bodyParser.json());
88

99
app.post('/event_handler', (req, res) => {
1010
handle(req.headers, JSON.stringify(req.body))
11-
.then((c) => res.status(c).end())
11+
.then((c) => res.status(c.statusCode).end())
1212
.catch((e) => {
1313
console.log(e);
1414
res.status(404);

Diff for: modules/webhook/lambdas/webhook/src/webhook/handler.test.ts

+19-19
Original file line numberDiff line numberDiff line change
@@ -38,12 +38,12 @@ describe('handler', () => {
3838

3939
it('returns 500 if no signature available', async () => {
4040
const resp = await handle({}, '');
41-
expect(resp).toBe(500);
41+
expect(resp.statusCode).toBe(500);
4242
});
4343

4444
it('returns 401 if signature is invalid', async () => {
4545
const resp = await handle({ 'X-Hub-Signature': 'bbb' }, 'aaaa');
46-
expect(resp).toBe(401);
46+
expect(resp.statusCode).toBe(401);
4747
});
4848

4949
describe('Test for workflowjob event: ', () => {
@@ -56,14 +56,14 @@ describe('handler', () => {
5656
{ 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'workflow_job' },
5757
event,
5858
);
59-
expect(resp).toBe(200);
59+
expect(resp.statusCode).toBe(201);
6060
expect(sendActionRequest).toBeCalled();
6161
});
6262

6363
it('does not handle other events', async () => {
6464
const event = JSON.stringify(workflowjob_event);
6565
const resp = await handle({ 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'push' }, event);
66-
expect(resp).toBe(200);
66+
expect(resp.statusCode).toBe(202);
6767
expect(sendActionRequest).not.toBeCalled();
6868
});
6969

@@ -73,7 +73,7 @@ describe('handler', () => {
7373
{ 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'workflow_job' },
7474
event,
7575
);
76-
expect(resp).toBe(200);
76+
expect(resp.statusCode).toBe(201);
7777
expect(sendActionRequest).not.toBeCalled();
7878
});
7979

@@ -83,7 +83,7 @@ describe('handler', () => {
8383
{ 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'workflow_job' },
8484
event,
8585
);
86-
expect(resp).toBe(200);
86+
expect(resp.statusCode).toBe(201);
8787
expect(sendActionRequest).not.toBeCalled();
8888
});
8989

@@ -94,7 +94,7 @@ describe('handler', () => {
9494
{ 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'workflow_job' },
9595
event,
9696
);
97-
expect(resp).toBe(403);
97+
expect(resp.statusCode).toBe(403);
9898
expect(sendActionRequest).not.toBeCalled();
9999
});
100100

@@ -105,7 +105,7 @@ describe('handler', () => {
105105
{ 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'workflow_job' },
106106
event,
107107
);
108-
expect(resp).toBe(200);
108+
expect(resp.statusCode).toBe(201);
109109
expect(sendActionRequest).toBeCalled();
110110
});
111111

@@ -122,7 +122,7 @@ describe('handler', () => {
122122
{ 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'workflow_job' },
123123
event,
124124
);
125-
expect(resp).toBe(200);
125+
expect(resp.statusCode).toBe(201);
126126
expect(sendActionRequest).toBeCalled();
127127
});
128128

@@ -139,7 +139,7 @@ describe('handler', () => {
139139
{ 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'workflow_job' },
140140
event,
141141
);
142-
expect(resp).toBe(200);
142+
expect(resp.statusCode).toBe(201);
143143
expect(sendActionRequest).toBeCalled();
144144
});
145145

@@ -156,7 +156,7 @@ describe('handler', () => {
156156
{ 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'workflow_job' },
157157
event,
158158
);
159-
expect(resp).toBe(200);
159+
expect(resp.statusCode).toBe(201);
160160
expect(sendActionRequest).toBeCalled();
161161
});
162162

@@ -173,7 +173,7 @@ describe('handler', () => {
173173
{ 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'workflow_job' },
174174
event,
175175
);
176-
expect(resp).toBe(200);
176+
expect(resp.statusCode).toBe(201);
177177
expect(sendActionRequest).toBeCalled();
178178
});
179179

@@ -191,7 +191,7 @@ describe('handler', () => {
191191
{ 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'workflow_job' },
192192
event,
193193
);
194-
expect(resp).toBe(200);
194+
expect(resp.statusCode).toBe(201);
195195
expect(sendActionRequest).toBeCalled();
196196
});
197197
it('Check not allowed runner label is declined', async () => {
@@ -207,7 +207,7 @@ describe('handler', () => {
207207
{ 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'workflow_job' },
208208
event,
209209
);
210-
expect(resp).toBe(403);
210+
expect(resp.statusCode).toBe(202);
211211
expect(sendActionRequest).not.toBeCalled();
212212
});
213213
});
@@ -219,7 +219,7 @@ describe('handler', () => {
219219
{ 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'check_run' },
220220
event,
221221
);
222-
expect(resp).toBe(200);
222+
expect(resp.statusCode).toBe(201);
223223
expect(sendActionRequest).toBeCalled();
224224
});
225225

@@ -229,7 +229,7 @@ describe('handler', () => {
229229
{ 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'check_run' },
230230
event,
231231
);
232-
expect(resp).toBe(200);
232+
expect(resp.statusCode).toBe(201);
233233
expect(sendActionRequest).not.toBeCalled();
234234
});
235235

@@ -239,7 +239,7 @@ describe('handler', () => {
239239
{ 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'check_run' },
240240
event,
241241
);
242-
expect(resp).toBe(200);
242+
expect(resp.statusCode).toBe(201);
243243
expect(sendActionRequest).not.toBeCalled();
244244
});
245245

@@ -250,7 +250,7 @@ describe('handler', () => {
250250
{ 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'check_run' },
251251
event,
252252
);
253-
expect(resp).toBe(403);
253+
expect(resp.statusCode).toBe(403);
254254
expect(sendActionRequest).not.toBeCalled();
255255
});
256256

@@ -261,7 +261,7 @@ describe('handler', () => {
261261
{ 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'check_run' },
262262
event,
263263
);
264-
expect(resp).toBe(200);
264+
expect(resp.statusCode).toBe(201);
265265
expect(sendActionRequest).toBeCalled();
266266
});
267267
});

Diff for: modules/webhook/lambdas/webhook/src/webhook/handler.ts

+28-15
Original file line numberDiff line numberDiff line change
@@ -4,38 +4,48 @@ import { sendActionRequest } from '../sqs';
44
import { CheckRunEvent, WorkflowJobEvent } from '@octokit/webhooks-types';
55
import { getParameterValue } from '../ssm';
66
import { logger as rootLogger } from './logger';
7+
import { Response } from '../lambda';
78

89
const logger = rootLogger.getChildLogger();
910

10-
export async function handle(headers: IncomingHttpHeaders, body: string): Promise<number> {
11+
export async function handle(headers: IncomingHttpHeaders, body: string): Promise<Response> {
1112
// ensure header keys lower case since github headers can contain capitals.
1213
for (const key in headers) {
1314
headers[key.toLowerCase()] = headers[key];
1415
}
1516

1617
const githubEvent = headers['x-github-event'] as string;
1718

18-
let status = await verifySignature(githubEvent, headers['x-hub-signature'] as string, body);
19-
if (status != 200) {
20-
return status;
19+
let response: Response = {
20+
statusCode: await verifySignature(githubEvent, headers['x-hub-signature'] as string, body),
21+
};
22+
23+
if (response.statusCode != 200) {
24+
return response;
2125
}
2226
const payload = JSON.parse(body);
2327
logger.info(`Received Github event ${githubEvent} from ${payload.repository.full_name}`);
2428

2529
if (isRepoNotAllowed(payload.repository.full_name)) {
26-
console.error(`Received event from unauthorized repository ${payload.repository.full_name}`);
27-
return 403;
30+
console.warn(`Received event from unauthorized repository ${payload.repository.full_name}`);
31+
return {
32+
statusCode: 403,
33+
};
2834
}
2935

3036
if (githubEvent == 'workflow_job') {
31-
status = await handleWorkflowJob(payload as WorkflowJobEvent, githubEvent);
37+
response = await handleWorkflowJob(payload as WorkflowJobEvent, githubEvent);
3238
} else if (githubEvent == 'check_run') {
33-
status = await handleCheckRun(payload as CheckRunEvent, githubEvent);
39+
response = await handleCheckRun(payload as CheckRunEvent, githubEvent);
3440
} else {
3541
logger.warn(`Ignoring unsupported event ${githubEvent}`);
42+
response = {
43+
statusCode: 202,
44+
body: `Ignoring unsupported event ${githubEvent}`,
45+
};
3646
}
3747

38-
return status;
48+
return response;
3949
}
4050

4151
async function verifySignature(githubEvent: string, signature: string, body: string): Promise<number> {
@@ -56,12 +66,15 @@ async function verifySignature(githubEvent: string, signature: string, body: str
5666
return 200;
5767
}
5868

59-
async function handleWorkflowJob(body: WorkflowJobEvent, githubEvent: string): Promise<number> {
69+
async function handleWorkflowJob(body: WorkflowJobEvent, githubEvent: string): Promise<Response> {
6070
const disableCheckWorkflowJobLabelsEnv = process.env.DISABLE_CHECK_WORKFLOW_JOB_LABELS || 'false';
6171
const disableCheckWorkflowJobLabels = JSON.parse(disableCheckWorkflowJobLabelsEnv) as boolean;
6272
if (!disableCheckWorkflowJobLabels && !canRunJob(body)) {
63-
logger.error(`Received event contains runner labels '${body.workflow_job.labels}' that are not accepted.`);
64-
return 403;
73+
logger.warn(`Received event contains runner labels '${body.workflow_job.labels}' that are not accepted.`);
74+
return {
75+
statusCode: 202,
76+
body: `Received event contains runner labels '${body.workflow_job.labels}' that are not accepted.`,
77+
};
6578
}
6679

6780
let installationId = body.installation?.id;
@@ -78,10 +91,10 @@ async function handleWorkflowJob(body: WorkflowJobEvent, githubEvent: string): P
7891
});
7992
}
8093
console.info(`Successfully queued job for ${body.repository.full_name}`);
81-
return 200;
94+
return { statusCode: 201 };
8295
}
8396

84-
async function handleCheckRun(body: CheckRunEvent, githubEvent: string): Promise<number> {
97+
async function handleCheckRun(body: CheckRunEvent, githubEvent: string): Promise<Response> {
8598
let installationId = body.installation?.id;
8699
if (installationId == null) {
87100
installationId = 0;
@@ -96,7 +109,7 @@ async function handleCheckRun(body: CheckRunEvent, githubEvent: string): Promise
96109
});
97110
}
98111
console.info(`Successfully queued job for ${body.repository.full_name}`);
99-
return 200;
112+
return { statusCode: 201 };
100113
}
101114

102115
function isRepoNotAllowed(repo_full_name: string): boolean {

0 commit comments

Comments
 (0)