Github Webhook

[di]

Details

• Read the Docs project URL: https://readthedocs.org/projects/python-packaging-user-guide
• Build URL (if applicable): n/a
• Read the Docs username (if applicable): di

Expected Result

Webhook successfully integrates.

Actual Result

The automated Github webhook for our project has been failing for the last ~4 months. When I logged in to https://readthedocs.org/dashboard/python-packaging-user-guide/integrations/ there was no integration listed. (I don't believe any of the administrators deleted it, but I can't be 100% sure).

I re-added this integration and updated the Github webhook. The initial ping succeeds with a 200, however, an actual event fails with a 400 and the following message:

{
  "detail": "Payload not valid, invalid or missing signature"
}

This seems similar to #5426, however AFAIK the original integration was not automatically created, and recreating it manually does not fix the problem.

The documentation says:

If your project was imported through a connected account, we create a secret for every integration that offers a way to verify that a webhook request is legitimate.

But I see no way to reveal this secret so I can include it in the Github webhook configuration. Furthermore, the same documentation also says:

The webhook token, intended for the GitHub Secret field, is not yet implemented.

which seems contradictory.

Any ideas?

[stsewd]

The first part of the documentation makes reference to automatically created webhooks.
For webhooks that were created manually (second part of the docs) we don't allow users to put a secret yet.

Do you have your webhook on github with a secret set? This should be blank for manually created webhooks.

[di]

Do you have your webhook on github with a secret set?

I do not. Here is the full request:

Headers

Request URL: https://readthedocs.org/api/v2/webhook/python-packaging-user-guide/96072/
Request method: POST
content-type: application/x-www-form-urlencoded
Expect: 
User-Agent: GitHub-Hookshot/a5788b1
X-GitHub-Delivery: a493c5c0-ca90-11e9-8816-5ef3a9de1d17
X-GitHub-Event: ping

Payload

{
  "zen": "Speak like a human.",
  "hook_id": 135839398,
  "hook": {
    "type": "Repository",
    "id": 135839398,
    "name": "web",
    "active": true,
    "events": [
      "create",
      "delete",
      "push"
    ],
    "config": {
      "content_type": "form",
      "insecure_ssl": "0",
      "url": "https://readthedocs.org/api/v2/webhook/python-packaging-user-guide/96072/"
    },
    "updated_at": "2019-08-29T19:10:19Z",
    "created_at": "2019-08-29T19:10:19Z",
    "url": "https://api.github.com/repos/pypa/packaging.python.org/hooks/135839398",
    "test_url": "https://api.github.com/repos/pypa/packaging.python.org/hooks/135839398/test",
    "ping_url": "https://api.github.com/repos/pypa/packaging.python.org/hooks/135839398/pings",
    "last_response": {
      "code": null,
      "status": "unused",
      "message": null
    }
  },
  "repository": {
    "id": 15926039,
    "node_id": "MDEwOlJlcG9zaXRvcnkxNTkyNjAzOQ==",
    "name": "packaging.python.org",
    "full_name": "pypa/packaging.python.org",
    "private": false,
    "owner": {
      "login": "pypa",
      "id": 647025,
      "node_id": "MDEyOk9yZ2FuaXphdGlvbjY0NzAyNQ==",
      "avatar_url": "https://avatars2.githubusercontent.com/u/647025?v=4",
      "gravatar_id": "",
      "url": "https://api.github.com/users/pypa",
      "html_url": "https://github.com/pypa",
      "followers_url": "https://api.github.com/users/pypa/followers",
      "following_url": "https://api.github.com/users/pypa/following{/other_user}",
      "gists_url": "https://api.github.com/users/pypa/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/pypa/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/pypa/subscriptions",
      "organizations_url": "https://api.github.com/users/pypa/orgs",
      "repos_url": "https://api.github.com/users/pypa/repos",
      "events_url": "https://api.github.com/users/pypa/events{/privacy}",
      "received_events_url": "https://api.github.com/users/pypa/received_events",
      "type": "Organization",
      "site_admin": false
    },
    "html_url": "https://github.com/pypa/packaging.python.org",
    "description": "Python Packaging User Guide",
    "fork": false,
    "url": "https://api.github.com/repos/pypa/packaging.python.org",
    "forks_url": "https://api.github.com/repos/pypa/packaging.python.org/forks",
    "keys_url": "https://api.github.com/repos/pypa/packaging.python.org/keys{/key_id}",
    "collaborators_url": "https://api.github.com/repos/pypa/packaging.python.org/collaborators{/collaborator}",
    "teams_url": "https://api.github.com/repos/pypa/packaging.python.org/teams",
    "hooks_url": "https://api.github.com/repos/pypa/packaging.python.org/hooks",
    "issue_events_url": "https://api.github.com/repos/pypa/packaging.python.org/issues/events{/number}",
    "events_url": "https://api.github.com/repos/pypa/packaging.python.org/events",
    "assignees_url": "https://api.github.com/repos/pypa/packaging.python.org/assignees{/user}",
    "branches_url": "https://api.github.com/repos/pypa/packaging.python.org/branches{/branch}",
    "tags_url": "https://api.github.com/repos/pypa/packaging.python.org/tags",
    "blobs_url": "https://api.github.com/repos/pypa/packaging.python.org/git/blobs{/sha}",
    "git_tags_url": "https://api.github.com/repos/pypa/packaging.python.org/git/tags{/sha}",
    "git_refs_url": "https://api.github.com/repos/pypa/packaging.python.org/git/refs{/sha}",
    "trees_url": "https://api.github.com/repos/pypa/packaging.python.org/git/trees{/sha}",
    "statuses_url": "https://api.github.com/repos/pypa/packaging.python.org/statuses/{sha}",
    "languages_url": "https://api.github.com/repos/pypa/packaging.python.org/languages",
    "stargazers_url": "https://api.github.com/repos/pypa/packaging.python.org/stargazers",
    "contributors_url": "https://api.github.com/repos/pypa/packaging.python.org/contributors",
    "subscribers_url": "https://api.github.com/repos/pypa/packaging.python.org/subscribers",
    "subscription_url": "https://api.github.com/repos/pypa/packaging.python.org/subscription",
    "commits_url": "https://api.github.com/repos/pypa/packaging.python.org/commits{/sha}",
    "git_commits_url": "https://api.github.com/repos/pypa/packaging.python.org/git/commits{/sha}",
    "comments_url": "https://api.github.com/repos/pypa/packaging.python.org/comments{/number}",
    "issue_comment_url": "https://api.github.com/repos/pypa/packaging.python.org/issues/comments{/number}",
    "contents_url": "https://api.github.com/repos/pypa/packaging.python.org/contents/{+path}",
    "compare_url": "https://api.github.com/repos/pypa/packaging.python.org/compare/{base}...{head}",
    "merges_url": "https://api.github.com/repos/pypa/packaging.python.org/merges",
    "archive_url": "https://api.github.com/repos/pypa/packaging.python.org/{archive_format}{/ref}",
    "downloads_url": "https://api.github.com/repos/pypa/packaging.python.org/downloads",
    "issues_url": "https://api.github.com/repos/pypa/packaging.python.org/issues{/number}",
    "pulls_url": "https://api.github.com/repos/pypa/packaging.python.org/pulls{/number}",
    "milestones_url": "https://api.github.com/repos/pypa/packaging.python.org/milestones{/number}",
    "notifications_url": "https://api.github.com/repos/pypa/packaging.python.org/notifications{?since,all,participating}",
    "labels_url": "https://api.github.com/repos/pypa/packaging.python.org/labels{/name}",
    "releases_url": "https://api.github.com/repos/pypa/packaging.python.org/releases{/id}",
    "deployments_url": "https://api.github.com/repos/pypa/packaging.python.org/deployments",
    "created_at": "2014-01-15T05:37:10Z",
    "updated_at": "2019-08-29T18:25:55Z",
    "pushed_at": "2019-08-29T18:25:53Z",
    "git_url": "git://github.com/pypa/packaging.python.org.git",
    "ssh_url": "[email protected]:pypa/packaging.python.org.git",
    "clone_url": "https://github.com/pypa/packaging.python.org.git",
    "svn_url": "https://github.com/pypa/packaging.python.org",
    "homepage": "http://packaging.python.org",
    "size": 2671,
    "stargazers_count": 799,
    "watchers_count": 799,
    "language": "Python",
    "has_issues": true,
    "has_projects": true,
    "has_downloads": true,
    "has_wiki": false,
    "has_pages": false,
    "forks_count": 343,
    "mirror_url": null,
    "archived": false,
    "disabled": false,
    "open_issues_count": 77,
    "license": null,
    "forks": 343,
    "open_issues": 77,
    "watchers": 799,
    "default_branch": "master"
  },
  "sender": {
    "login": "di",
    "id": 294415,
    "node_id": "MDQ6VXNlcjI5NDQxNQ==",
    "avatar_url": "https://avatars1.githubusercontent.com/u/294415?v=4",
    "gravatar_id": "",
    "url": "https://api.github.com/users/di",
    "html_url": "https://github.com/di",
    "followers_url": "https://api.github.com/users/di/followers",
    "following_url": "https://api.github.com/users/di/following{/other_user}",
    "gists_url": "https://api.github.com/users/di/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/di/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/di/subscriptions",
    "organizations_url": "https://api.github.com/users/di/orgs",
    "repos_url": "https://api.github.com/users/di/repos",
    "events_url": "https://api.github.com/users/di/events{/privacy}",
    "received_events_url": "https://api.github.com/users/di/received_events",
    "type": "User",
    "site_admin": false
  }
}

And the response:

Headers

Allow: POST, OPTIONS
CF-RAY: 50e0d30e1c4e54d2-ORD
Connection: keep-alive
Content-Language: en
Content-Length: 60
Content-Type: application/json
Date: Thu, 29 Aug 2019 19:10:20 GMT
Server: cloudflare
Set-Cookie: __cfduid=dd24da1f5a88656c61d6adb6c35a5a7a81567105819; expires=Fri, 28-Aug-20 19:10:19 GMT; path=/; domain=.readthedocs.org; HttpOnly
Strict-Transport-Security: max-age=31536000;
Vary: Accept, Accept-Language, Cookie
x-content-type-options: nosniff
X-Deity: web02
X-Frame-Options: DENY
x-xss-protection: 1; mode=block

Body

{"detail":"Payload not valid, invalid or missing signature"}

[stsewd]

Hmm, I just checked on the db, for some reason the integration was created with a secret. I just tested it with another project and the integration was created without a secret. I removed the secret from your integration.

When did you create the integration? Did you test recreating the integration? We can investigate more if this happens again, but I'm not able to replicate it now.

[stsewd]

ok, I think I know what happened, I think you pushed the Resync Integration button. For some reason it doesn't resync the integration, but the integration is given a secret. I'll open a new issue with these steps.

[di]

Thanks! I did press it at one point, but I believe I didn't press it for the most recent integration.

FWIW, if I create the integration manually, it still says this at the top:

This webhook was configured when this project was imported or it was automatically created with the correct configuration.

Even though that doesn't seem to be true.

[roycaihw]

Thanks for reporting and fixing the issue! I also hit the problem today.

[stsewd]

Fix isn't deployed yet, after it's deployed you shouldn't have this problem :) (next deploy should be in one or two weeks)