Benjamin_Boenisch/breakpilot-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: re-add HMAC-SHA256 signing on orca webhook (ORCA_WEBHOOK_SECRET)
All checks were successful
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go-consent (push) Successful in 33s
Details
CI / test-python-voice (push) Successful in 30s
Details
CI / test-bqas (push) Successful in 31s
Details

Browse Source
This commit is contained in:
Sharang Parnerkar
2026-04-14 08:31:29 +02:00
parent dbb476cc3b
commit eb118ebf92
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.gitea/workflows/build-pitch-deck.yml
View File

@@ -1,8 +1,8 @@
# Build + push pitch-deck Docker image to registry.meghsakha.com # Build + push pitch-deck Docker image to registry.meghsakha.com
# and trigger orca redeploy on every push to main that touches pitch-deck/. # and trigger orca redeploy on every push to main that touches pitch-deck/.
# #
# Orca's webhook endpoint doesn't require HMAC signing unless a secret is # Requires Gitea Actions secret: ORCA_WEBHOOK_SECRET
# configured on the webhook (orca webhooks add doesn't set one by default). # (must match the `secret` field in ~/.orca/webhooks.json on the orca master)
name: Build pitch-deck name: Build pitch-deck
@@ -20,7 +20,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
run: | run: |
apk add --no-cache git curl apk add --no-cache git openssl curl
git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git . git clone --depth 1 --branch ${GITHUB_REF_NAME} ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
- name: Build image - name: Build image
@@ -41,14 +41,17 @@ jobs:
- name: Trigger orca redeploy - name: Trigger orca redeploy
env: env:
ORCA_WEBHOOK_SECRET: ${{ secrets.ORCA_WEBHOOK_SECRET }}
ORCA_WEBHOOK_URL: https://46.225.100.82:6880/api/v1/webhooks/github ORCA_WEBHOOK_URL: https://46.225.100.82:6880/api/v1/webhooks/github
run: | run: |
SHA=$(git rev-parse HEAD) SHA=$(git rev-parse HEAD)
PAYLOAD="{\"ref\":\"refs/heads/main\",\"repository\":{\"full_name\":\"${GITHUB_REPOSITORY}\"},\"head_commit\":{\"id\":\"$SHA\",\"message\":\"ci: pitch-deck image build\"}}" PAYLOAD="{\"ref\":\"refs/heads/main\",\"repository\":{\"full_name\":\"${GITHUB_REPOSITORY}\"},\"head_commit\":{\"id\":\"$SHA\",\"message\":\"ci: pitch-deck image build\"}}"
SIG=$(printf '%s' "$PAYLOAD" | openssl dgst -sha256 -hmac "$ORCA_WEBHOOK_SECRET" -r | awk '{print $1}')
curl -sSf -k \ curl -sSf -k \
-X POST \ -X POST \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
-H "X-GitHub-Event: push" \ -H "X-GitHub-Event: push" \
-H "X-Hub-Signature-256: sha256=$SIG" \
-d "$PAYLOAD" \ -d "$PAYLOAD" \
"$ORCA_WEBHOOK_URL" \ "$ORCA_WEBHOOK_URL" \
|| { echo "Orca redeploy failed"; exit 1; } || { echo "Orca redeploy failed"; exit 1; }