-
-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix: Tolerate any string values in github app events array schema #118
Fix: Tolerate any string values in github app events array schema #118
Conversation
Tolerate any string values in `check_suite.app.events` array. This works around github/rest-api-description#3775.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #118 +/- ##
=======================================
Coverage 17.60% 17.60%
=======================================
Files 4797 4797
Lines 222565 222565
=======================================
Hits 39191 39191
Misses 183374 183374
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
As mentioned in the readme, you could only verify the webhook body by calling For webhook parsing in githubkit, it will validate the event body to prevent runtime errors caused by type errors, data missing, etc. You can choose to verify signature only and use the event body directly to skip the validation. |
Thanks. I'm considering your suggestion of avoiding |
It seems many webhook event types related with github app contain the events field. I will search for these fields and make a workaround. |
check_suite.app.events
array
Thank you. |
GitHub generates
check_suite
webhook events withcheck_suite.app.events
containing illegal event names. I filed this upstream at github/rest-api-description#3775.E.g., I'm seeing events like:
I believe the best course of action would be for GitHubKit to not validate the
check_suite.app.events
array element values.Is this an appropriate change?
BTW, is it possible to disable validation in webhook event parsing? My presumption is that as long as the GitHub signature on the event checks out, then the event is trustworthy. Currently my GitHub application is unable to process critical events because GitHub started including these unspecified values in this kinda-unimportant field, and I would really like to go back to processing these events.