You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
From observing a couple of these, but not debugging the source code, the root cause of the issue in #213 seems to be that when ash-nazg imports a repository it adds a webhook but doesn't delete old copies, so the hooks run multiple times, and the old copies fail with "GitHub signature does not match known secret". Can it either delete the old ones or update them?
The text was updated successfully, but these errors were encountered:
Indeed, importing a repository will add a new webhook without checking if there's one already so adding that check can be useful even if we expect a repository to be imported once only. Do you have a use case where you had to import a repository again?
We also found that the signature error happened a few times even with a single import/webhook but it's not clear yet why the webhook secret no longer pass verification.
The hooks also break when a repository is moved between orgs, for example when it's adopted by a CG or WG, and the receiving chairs have learned to re-import the repositories in those cases.
From observing a couple of these, but not debugging the source code, the root cause of the issue in #213 seems to be that when ash-nazg imports a repository it adds a webhook but doesn't delete old copies, so the hooks run multiple times, and the old copies fail with "GitHub signature does not match known secret". Can it either delete the old ones or update them?
The text was updated successfully, but these errors were encountered: