Iss #98 - Initial commit of Github webhooks code

Additionally contains code to move API client models to a separate package to allow for application specific models to live separately from consumed upstream models.

mentioned in issue #114 (closed)

added 26 commits

• d86e4b0c...6d9df112 - 19 commits from branch eclipsefdn/it/api:master
• 7ea8345a - Iss #98 (closed) - Initial commit of Github webhooks code
• 3a01be39 - Add BouncyCastle to enable PKCS#1 parsing, add manual parsing helper
• f308ffed - Add temp log statement to expose installation access token on fetch
• 6dc4e52e - Update GH commits fetch to have authentication for webhook processing
• 8af38471 - Update auth headers for GH api client
• 585d2f99 - Fix status bearer token using object instead of token as bearer token
• 1c09ed8f - Update GH webhook resource to bind to validation service

Compare with previous version

changed target branch from master to main

added 1 commit

• 116d7914 - Clean up the classes for GH hook binding

Compare with previous version

marked this merge request as ready

requested review from @cguindon, @zacharysabourin, and @heurtemattes

Why the issuer is this number?

The issuer is the Github app issuer ID. This would match the default production app when encoding JWTs for Github communication

Does that mean the same issuer is used in dev and in production? is there any particular impact?

Any particular reason to reduce the value for lifespan?

This is mostly following either existing code which has it set to 2m and guidance from GH on lifespan of tokens https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps#generating-a-json-web-token-jwt

LGTM!

why changing the default value from false to true?

I'll be honest, its been a while since I wrote this and I don't remember exactly. I believe it was something in how the keys are processed meant it was breaking without this. I can remove this and run the test suite and see if it breaks

ok, wait on your test.

changed this line in version 5 of the diff

api.eclipse.org should be externalize in order to test in other environments.

changed this line in version 5 of the diff

I look at API versionning for github, and there is a specific header to add X-GitHub-Api-Version:2022-11-28. See Documentation: https://docs.github.com/en/rest/overview/api-versions?apiVersion=2022-11-28

I think this header should be considered. WDYT?

Requests without the X-GitHub-Api-Version header will default to use the 2022-11-28 version.

It seems like they default to latest, which should be fine for us. I think adding a version would make it more likely to break as they deprecate old versions.

Sticking versions to latest IMO is a bad idea, especially when it can introduce breaking changes to production while relating on a roadmap, and/org a changelog provide the ability to plan, change code, refactor, test, push in production with less stress. But let see how it goes with github since their versionning is not really standard, the changelog is quiet new and I don't know how strict they are with breaking change.

I somewhat agree, but I think this will lead to an unexpected break down the line as it's 100% going to be something that is forgotten after it's merged since we only have 2 APIs that use it. If it was graceful in any way I'd have no issue setting a version, but considering the default is to return a bad request for a deprecated version, it's a case of 2 kind of bad options IMO. I think the best way would be to include the recommended version in our base api-common lib, and use that. There's a burden to upgrade, but its less likely to randomly break, and easier to maintain

added 2 commits

• a2a3db3e - Update GH webhook target to be configurable
• 0fce3d07 - Update GH API binding to include a base version string

Compare with previous version

mentioned in commit ad363bea

merged