dciy icon indicating copy to clipboard operation
dciy copied to clipboard

Published 20 hours ago verified publisher icon cobyism

[WIP] Accept Github webhooks payload

Open smashwilson opened this issue 10 years ago • 3 comments

This is the first step in implementing #5. Add a webhook to your repository with a URL in the following format:

http://<your-ip>:6161/webhooks/receive/<project-id>

... and DCIY will automatically build branches when they're pushed. Pretty neat! It's starting to feel like a proper CI, now.

This is the very core functionality for that ticket, though; it's pretty unrefined. What's left to do:

  • [ ] Show new builds live as they happen, with some kind of CoffeeScript polling on projects/:id/builds.
  • [ ] Either add a button to register the hook with the GitHub instance, or show you a "help" page that walks you through how to do it.
  • [ ] Build incoming pull requests, too! Maybe. This has Security Implications :tm: like @cobyism brought up earlier.

smashwilson avatar Jan 17 '14 21:01 smashwilson

:sparkling_heart: This is awesome! On the security side, I think it might be worth (at least in the short term) implementing some kind of ENV['WEBHOOK_SECRET_KEY'] variable check or something to make it possible to at least be reasonably sure incoming payloads are from the correct source. What are your thoughts on that as a low-tech solution?

cobyism avatar Jan 21 '14 14:01 cobyism

Hmmm, checking a secret token might let us "verify" that requests are coming from the right source, but that doesn't buy us much. An attacker who knows your DCIY's url could maybe DDoS you by running expensive builds over and over again, but the bigger issue is the code that's actually run as part of the build itself. All someone has to do is submit a pull request that adds a spec:

it "wipes your hard drive clean"

... and you're sunk! You can't even really whitelist PRs, as there's nothing stopping someone from adding bad code to the branch after the fact when you're not looking. (Er, no idea what I was thinking way back at the start with whitelisting commands.)

You'd mentioned using Vagrant and/or Docker to sandbox builds -- I think that's ultimately going to have to be the way we go.

smashwilson avatar Jan 21 '14 16:01 smashwilson

using Vagrant and/or Docker to sandbox builds -- I think that's ultimately going to have to be the way we go.

Fair enough. Yeah, sandboxing is something I’d really like to make possible eventually anyway, so if that means we can just bank on that then :+1: At the end of the day, if you’re really worried about the security implications here, people should just A) not run it on a machine they care about or have sensitive information on, and/or B) kill the server process when they don’t need it running.

cobyism avatar Jan 21 '14 16:01 cobyism