diff --git a/client-templates/github-com/accept.json.sample b/client-templates/github-com/accept.json.sample index 3c29d91bf..01dd7978f 100644 --- a/client-templates/github-com/accept.json.sample +++ b/client-templates/github-com/accept.json.sample @@ -2136,6 +2136,12 @@ "method": "POST", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", "origin": "https://${GITHUB_TOKEN}@${GITHUB_API}" + }, + { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "path": "/repos/:name/:repo/hooks/:id/config", + "origin": "https://${GITHUB_TOKEN}@${GITHUB_API}" } ] } diff --git a/client-templates/github-enterprise/accept.json.sample b/client-templates/github-enterprise/accept.json.sample index 9475790b7..d2c07502b 100644 --- a/client-templates/github-enterprise/accept.json.sample +++ b/client-templates/github-enterprise/accept.json.sample @@ -1416,6 +1416,12 @@ "method": "POST", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", "origin": "https://${GITHUB_TOKEN}@${GITHUB_API}" + }, + { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "path": "/repos/:name/:repo/hooks/:id/config", + "origin": "https://${GITHUB_TOKEN}@${GITHUB_API}" } ] } diff --git a/client-templates/github-server-app/accept.json.sample b/client-templates/github-server-app/accept.json.sample index 046aa3712..4b612612e 100644 --- a/client-templates/github-server-app/accept.json.sample +++ b/client-templates/github-server-app/accept.json.sample @@ -1416,6 +1416,12 @@ "method": "POST", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", "origin": "https://${GITHUB_API}" + }, + { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "path": "/repos/:name/:repo/hooks/:id/config", + "origin": "https://${GITHUB_API}" } ] } diff --git a/defaultFilters/github-enterprise.json b/defaultFilters/github-enterprise.json index ed3ffb0cc..f0d4e54f7 100644 --- a/defaultFilters/github-enterprise.json +++ b/defaultFilters/github-enterprise.json @@ -1416,6 +1416,12 @@ "method": "POST", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", "origin": "https://${GITHUB_TOKEN}@${GITHUB_API}" + }, + { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "path": "/repos/:name/:repo/hooks/:id/config", + "origin": "https://${GITHUB_TOKEN}@${GITHUB_API}" } ] } \ No newline at end of file diff --git a/defaultFilters/github-server-app.json b/defaultFilters/github-server-app.json index 7c87f0c51..a3853c1a6 100644 --- a/defaultFilters/github-server-app.json +++ b/defaultFilters/github-server-app.json @@ -2022,6 +2022,16 @@ "scheme": "bearer", "token": "${GHA_ACCESS_TOKEN}" } - } + }, + { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "path": "/repos/:name/:repo/hooks/:id/config", + "origin": "https://${GITHUB_API}", + "auth": { + "scheme": "bearer", + "token": "${GHA_ACCESS_TOKEN}" + } + }, ] } \ No newline at end of file diff --git a/defaultFilters/github.json b/defaultFilters/github.json index 99324d501..b5645a701 100644 --- a/defaultFilters/github.json +++ b/defaultFilters/github.json @@ -2136,6 +2136,12 @@ "method": "POST", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", "origin": "https://${GITHUB_TOKEN}@${GITHUB_API}" + }, + { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "path": "/repos/:name/:repo/hooks/:id/config", + "origin": "https://${GITHUB_TOKEN}@${GITHUB_API}" } ] } \ No newline at end of file diff --git a/test/fixtures/accept/github.json b/test/fixtures/accept/github.json index f3164c67a..a4557378b 100644 --- a/test/fixtures/accept/github.json +++ b/test/fixtures/accept/github.json @@ -44,6 +44,12 @@ "method": "POST", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", "origin": "https://${GITHUB_TOKEN}@${GITHUB_API}" + }, + { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "path": "/repos/:name/:repo/hooks/:id/config", + "origin": "https://${GITHUB_TOKEN}@${GITHUB_API}" } ] } diff --git a/test/unit/__snapshots__/runtime-rules-hotloading.test.ts.snap b/test/unit/__snapshots__/runtime-rules-hotloading.test.ts.snap index 39252e06b..e3f3dfa03 100644 --- a/test/unit/__snapshots__/runtime-rules-hotloading.test.ts.snap +++ b/test/unit/__snapshots__/runtime-rules-hotloading.test.ts.snap @@ -4415,6 +4415,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, Object { "//": "used to get custom pull request template", "method": "GET", @@ -5851,6 +5857,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, Object { "//": "used to get custom pull request template", "method": "GET", @@ -12898,6 +12910,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, Object { "//": "used to get repo's teams list", "method": "GET", @@ -14382,6 +14400,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, Object { "//": "used to get repo's teams list", "method": "GET", @@ -20952,6 +20976,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, Object { "//": "used to get given manifest file", "method": "GET", @@ -22382,6 +22412,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, Object { "//": "used to get given manifest file", "method": "GET", @@ -28955,6 +28991,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, Object { "//": "allow info refs (for git clone)", "method": "GET", @@ -30397,6 +30439,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, Object { "//": "allow info refs (for git clone)", "method": "GET", @@ -37046,6 +37094,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, Object { "//": "used to scan IAC files", "method": "GET", @@ -38500,6 +38554,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, Object { "//": "used to scan IAC files", "method": "GET", @@ -45127,6 +45187,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, Object { "//": "allow info refs (for git clone)", "method": "GET", @@ -46569,6 +46635,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, Object { "//": "allow info refs (for git clone)", "method": "GET", @@ -56156,6 +56228,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, Object { "//": "used to scan IAC files", "method": "GET", @@ -58360,6 +58438,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, Object { "//": "used to scan IAC files", "method": "GET", @@ -59808,6 +59892,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, Object { "//": "used to scan IAC files", "method": "GET", @@ -61292,6 +61382,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, Object { "//": "used to scan IAC files", "method": "GET", @@ -69465,6 +69561,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, ], "public": Array [ Object { @@ -70889,6 +70991,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, ], "public": Array [ Object { @@ -77363,6 +77471,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, ], "public": Array [ Object { @@ -78787,6 +78901,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, ], "public": Array [ Object { @@ -85261,6 +85381,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, ], "public": Array [ Object { @@ -86685,6 +86811,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, ], "public": Array [ Object { @@ -93159,6 +93291,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, ], "public": Array [ Object { @@ -94583,6 +94721,12 @@ Object { "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", "path": "/repos/:name/:repo/pulls/:pullRef/reviews", }, + Object { + "//": "allow webhook configs to be updated, to allow for secret upgrades", + "method": "PATCH", + "origin": "https://\${GITHUB_TOKEN}@\${GITHUB_API}", + "path": "/repos/:name/:repo/hooks/:id/config", + }, ], "public": Array [ Object { diff --git a/test/unit/filters.test.ts b/test/unit/filters.test.ts index 526f9483a..222dd41bd 100644 --- a/test/unit/filters.test.ts +++ b/test/unit/filters.test.ts @@ -88,6 +88,21 @@ describe('filters', () => { const filterResponseUrl = filterResponse ? filterResponse.url : ''; expect(filterResponseUrl).toMatch(url); }); + + it('should allow updating webhook config', () => { + const url = '/repos/test-org/test-repo/hooks/12345/config'; + + const filterResponse = filter({ + url, + method: 'PATCH', + }); + + console.log('filterResponse', filterResponse); + + expect(filterResponse).not.toEqual(false); + const filterResponseUrl = filterResponse ? filterResponse.url : ''; + expect(filterResponseUrl).toMatch(url); + }); }); describe('for bitbucket server private filters', () => {