From 55dc85d432eb529bc088d2fe6d1eba0a252d08f2 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Sun, 22 Jan 2023 00:06:29 +0100 Subject: [PATCH] Secured buildbot change endpoint --- modules/buildbot/master.py | 6 +++--- secrets/github-webhook-secret | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/buildbot/master.py b/modules/buildbot/master.py index d288dc1..0e82e03 100644 --- a/modules/buildbot/master.py +++ b/modules/buildbot/master.py @@ -150,7 +150,7 @@ def build_config() -> dict[str, Any]: util.AnyControlEndpointMatcher(role="admins"), ], ), - "plugins": dict(waterfall_view={}, console_view={}, grid_view={}, badges ={ + "plugins": dict(console_view={}, badges ={ "left_pad" : 5, "left_text": "Build Status", # text on the left part of the image "left_color": "#555", # color of the left part of the image @@ -173,8 +173,8 @@ def build_config() -> dict[str, Any]: }), "change_hook_dialects": dict( github={ - "secret": "hello", - "strict": False, + "secret": str(read_secret_file("github-webhook-secret")).strip(), + "strict": True, "token": github_api_token, "github_property_whitelist": "*", } diff --git a/secrets/github-webhook-secret b/secrets/github-webhook-secret index a822940..2348c63 100644 --- a/secrets/github-webhook-secret +++ b/secrets/github-webhook-secret @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:OTKfqtilIkAmZ8vR/Idovk6F6n3qNgjsSUqMsUCDvg==,iv:WDSTdMHgbKVZKXyzixPcLnciWNWkT+42m68KLZrrLyU=,tag:pG58/qcEHzMw/0To3yqhhA==,type:str]", + "data": "ENC[AES256_GCM,data:o4ZtGlIgcypYecPiL5zSjfQhJbKK0GmxoQGA709i0A==,iv:4IhmMfldmXwZF0gSxDaQLDbLnzGnd9WV6tpqr4G+djU=,tag:LEJRPqqwsAoD+Z42zrtbwg==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -11,8 +11,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZ1BnamtUWTNRZjlnVUVw\ndGdHY2R6Z1Z5OFhkR0Vib2d0VEIxSVRpRldVCmN0MGxmQk9BemFZRGRKNElydXpo\nMGhEMHRBbUtDTFlGL0NrQnpLRVUwMzQKLS0tIFVCOG5EZktZdzl1K1VOYjVSSHN2\nbnFUTS9Cb0dOdjYxSTNEU3F3TWwzSkEKZZQU35SZLz92VKzjhaWup7tdvhsUfQuS\nin5fHgKVbSwTS2K5HIhRnyN7BiSYEhl5U9fLSpa/xs4hJBU3athWMg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2023-01-19T18:14:37Z", - "mac": "ENC[AES256_GCM,data:aiMwQIuFquMyfMKa95WPUCCUu6gtz0Q1WTnDs5AUBvGxcs19XysC9e9miiDIL0aq5dNHrPeIwlLtsO1HrefdvA4NUJfbHjkw+fA/k8TtSKQS0iZ9WzIvex1Y55v4QFR9o84T3shEOIIHd5itPxelIeHnXbb9bxi2p5bIlPBDwU0=,iv:uygW7naNT5PktVFsP7tHdQonnAFdlSP5bkhAoCGLORI=,tag:KlMM1YNCuwWRPweTDTjYPg==,type:str]", + "lastmodified": "2023-01-21T23:03:08Z", + "mac": "ENC[AES256_GCM,data:kdRUyVqlYU60+gLosipRun1UqoxiuLVr7hwVfuRquWHH+WnuDVVAax6BsA+R3zuc41cbC+Zj9d0L/fk39f5I9x+3WkRGVblsip48tmvN/fIrSNuH6s7l2FNP0i3CF6f2e7cHgLq6GEMNGSco3ziiVQxYJfomZWF0xRn4JPkqKPU=,iv:89o8NAHo3hXFJlyUT3mHBpgFDMf0mW7CtmtUzJPjEzA=,tag:AfYKJM5jZTxyvNytCQZZjQ==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.7.3"