From 3e59f2069e1026195f2982b9c62096680422723d Mon Sep 17 00:00:00 2001 From: Peter Surda Date: Fri, 16 Apr 2021 03:55:32 +0200 Subject: [PATCH] Feat: add support for secret provider for webhook --- buildbot_gitea/webhook.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/buildbot_gitea/webhook.py b/buildbot_gitea/webhook.py index eb730fa..2659b2f 100644 --- a/buildbot_gitea/webhook.py +++ b/buildbot_gitea/webhook.py @@ -2,10 +2,13 @@ import json import re import hmac import hashlib -from buildbot.util import bytes2unicode +from buildbot.process.properties import Properties +from buildbot.util import bytes2unicode, unicode2bytes from buildbot.www.hooks.base import BaseHookHandler +from twisted.internet import defer from twisted.python import log + from dateutil.parser import parse as dateparse _HEADER_EVENT_TYPE = 'X-Gitea-Event' @@ -118,6 +121,7 @@ class GiteaHandler(BaseHookHandler): change['codebase'] = codebase return [change] + @defer.inlineCallbacks def getChanges(self, request): secret = None if isinstance(self.options, dict): @@ -130,9 +134,12 @@ class GiteaHandler(BaseHookHandler): raise ValueError('Error loading JSON: ' + str(exception)) if secret is not None: + p = Properties() + p.master = self.master + rendered_secret = yield p.render(secret) signature = hmac.new( - secret.encode("UTF-8"), - content_text.strip().encode("UTF-8"), + unicode2bytes(rendered_secret), + unicode2bytes(content_text.strip()), digestmod=hashlib.sha256) header_signature = bytes2unicode( request.getHeader(_HEADER_SIGNATURE))