Timmy_Foundation/timmy-config
15
0
Fork 0
Code Issues 163 Pull Requests 61 Actions Packages Projects Releases Wiki Activity
855 Commits 355 Branches 7 Tags
ca27e3f21432c6d525394fb3d7cf21487d89109c
Commit Graph

1 Commits

Author SHA1 Message Date
Rockachopa
ca27e3f214 feat(webhook): GEMINI-HARDEN-04 — authenticated webhook runner\n\nReplace print-only payload parser with production-hardened receiver:\n - HMAC-SHA256 signature verification (X-Gitea-Signature)\n - Event / repo / branch / action allowlists (config + env driven)\n - Idempotent event processing via X-Gitea-Delivery with TTL state file\n - Structured JSON logging (stdout + optional file)\n - Safe dispatch — pre-approved script invocations only, no arbitrary shell\n\nNew files:\n - scripts/webhook_runner.py — main HTTP server + policy engine\n - scripts/webhook_config.yaml — sample configuration\n - tests/test_webhook_runner.py — 40 pytest unit tests\n - tests/fixtures/webhook/*.json — payload fixtures for push/PR/issue\n\nAcceptance criteria:\n ✓ Verify Gitea webhook secret/signature\n ✓ Event, repo, branch, and action allowlists explicit and config-driven\n ✓ No direct git pull, shell execution, or fleet mutation from payload fields\n ✓ Structured logging with accepted/rejected events\n ✓ Idempotency via X-Gitea-Delivery tracking\n ✓ Local test fixtures: push, PR, issue, invalid-signature, unknown-event\n ✓ Deployment notes: config via env vars or scripts/webhook_config.yaml\n\nCloses #436
Some checks failed
Smoke Test / smoke (pull_request) Failing after 23s
Details
Architecture Lint / Linter Tests (pull_request) Successful in 27s
Details
Validate Config / YAML Lint (pull_request) Failing after 18s
Details
Validate Config / JSON Validate (pull_request) Successful in 20s
Details
Validate Config / Python Syntax & Import Check (pull_request) Failing after 58s
Details
Validate Config / Python Test Suite (pull_request) Has been skipped
Details
Validate Config / Shell Script Lint (pull_request) Failing after 1m1s
Details
Validate Config / Cron Syntax Check (pull_request) Successful in 10s
Details
Validate Config / Deploy Script Dry Run (pull_request) Successful in 12s
Details
Validate Config / Playbook Schema Validation (pull_request) Successful in 27s
Details
Architecture Lint / Lint Repository (pull_request) Failing after 23s
Details
PR Checklist / pr-checklist (pull_request) Successful in 3m4s
Details
2026-04-27 09:36:27 -04:00