Remediate "GitHub signature does not match known secret" error #213
Comments
|
I also see two webhooks for https://labs.w3.org/repo-manager/api/hook in the repo which appears to lend credence to the idea that it having been migrated having an impact. I tried enabling one at a time, but both appear to be getting the same error about the secret not matching. I left both hooks in a disabled state for now but can do something else with them if needed. |
|
Indeed, the problem is probably related to the repository renaming. I see both I have the action to fix the code so renames can be handled automatically but in the meantime, this requires a manual intervention to update the token and the name of the repo. |
|
I'm getting this in wicg/urlpattern as well. See whatwg/urlpattern#107. |
Sure, I sent you an invite. I'll remove access after you've remediated the issue. |
|
@erik-anderson, Thanks for the invite. Updating the token of the webhook did the trick. The last 2 PRs now pass the check. |
|
@wanderview that's odd, the error on whatwg/urlpattern#100 is different from the signature issue but the logs show a problem with the webhook secret. |
Done. Thanks! |
|
@wanderview, the secret was updated and whatwg/urlpattern#100 now pass the IPR check. |
|
Closing this issue as it's being tracked in #210 |
|
This is also happening for |
|
@reillyeon Thanks for the report. It should now be fixed. |
|
This is also happening for |
|
@reillyeon It's not fixed. I also noticed there are 2 webhooks so I'm guessing the repository was renamed and re-imported in the repository manager but one of the webhook was pointing to the wrong URL ( |
|
I don't think the |
|
@csharrison it should now be fixed. The repository had 3 webhooks pointing to the repository manager. I disabled 2 of them but something is adding these webhooks and it's messing with the secret used. |
|
This is also happening for |
|
@xfq this is now fixed. I noticed the secret was updated about 3 weeks ago. Do you know if that repository was imported again in the repo-manager around that time? |
Thank you.
I don't know. I didn't do this. |
|
@deniak Not sure if I should abuse this now closed issue, but we're getting the same problem on w3c/webcodecs. Started at least a couple of weeks ago, so probably consistent with the previous errors. Any magic you may do to fix that? |
|
@tidoust it's now fixed. We did deploy a few changes that would help wrt this issue but for w3c/webcodecs, I can't find anything that could explain the problem. The secret we have was not updated and afaik, there was no major change to that repo in the last couple of weeks. I'll keep investigating. |
|
Thanks, @deniak! I don't recall any recent change on the settings of the w3c/webcodecs repo, indeed. I see repo migration could perhaps explain why this happened. The w3c/webcodecs was originally under the WICG organization, but that was a long time ago, already. |
Looking at the logs, that signature issue was actually there for at least a few months but we only started to surface the error on the PR recently so I suspect the transfer did cause the problem. I'm also guessing the repository was re-imported again in the repository manager after the transfer which duplicated the webhook. |
|
This is also happening for |
|
@xfq, all the secrets of known repositories have been updated earlier token so that issue should not happen anymore. |
|
@deniak Thank you. Sorry for abusing this issue, but w3c/miniapp-packaging#34 also failed, and I saw @espinr connected his W3C account and Github account. I also tried to revalidate the PR from the repository manager but it said "PR not found: w3c/miniapp-packaging/pulls/34". |
Ah, that one is due to the fact that the PR was created before we patch the code. I resubmitted the payloads for these commits and it now passes. |
|
we are also encountering this error on immersive-web/webxr-hand-input#105 |
|
@himorin, I see the secret we have was updated recently. Can you invite me to the repo so I can debug the webhook and eventually sync the secret? |
|
@deniak - I'm seeing this error message on WICG/visual-viewport#80 - the repo was renamed (from VisualViewport) but a long long time ago (years ago). I've granted you admin access - could you please take a look? Thanks! |
|
@bokand this should now be fixed. I deleted the duplicated webhook, which was probably added during a new repo import. |
It looks like because of the change in #212, we now have a repo where the IPR bot is now bubbling up an error but was presumably falling over silently before. Great!
The repo seeing the error is privacycg/first-party-sets. Here's an example PR showing the IPR bot error:
WICG/first-party-sets#58
It's not clear to me how I as a repo owner can remediate the issue. Is there an internal database on the https://labs.w3.org/repo-manager/ server that holds the secret and, if so, how can we reset it?
As far as how we entered this state, I'm curious if it's because the repo originally migrated from WICG/first-party-sets which was also being managed by the bot.
The text was updated successfully, but these errors were encountered: