fedora-infra
Add fedmsg hooks for transifex platform
It would be cool, to count with fedmsg hooks for monitoring the work of the Fedora translators team in transifex. for example, when a person becomes in translator, when does translation and so on
Looking in transifex website I encounter a good resource for started http://help.transifex.com/intro/projects.html#webhooks I will investigate a bit about that.
Yeah, the webhooks support here looks great.
http://support.transifex.com/customer/portal/articles/1077998-webhook-support
We would need to write a service to receive the webhook, a small webapp called maybe transifex2fedmsg. We could then receive the POST notification from transifex and rebroadcast the event to fedmsg.
The github2fedmsg webapp works much the same way: https://github.com/fedora-infra/github2fedmsg
I posted a question on their forums about this: http://support.transifex.com/customer/en/portal/questions/6100078-webhook-signature-
oh, seems that this notification was lost in my inbox :(, I was reading your blog (thus I came here.) and I saw that you said that is not possible of a secure way, make the transifex integration. Why?
It's a shame that supported ticket I linked to is gone now. :(
I asked if there was a way to have transifex provide a cryptographic signature of the message they would POST to us. github does this with a sha1 X-Hub-Signature header . we share a secret salt at the beginning, and if the signatures don't add up, we can reject the message.
Without something like this, any body (or any script) could start POSTing to our hook-handler webapp and make it publish whatever they wanted (signed with Fedora Infrastructure certificates). Does that help?
It looks like there's progress on this for zanata over at zanata/zanata-server#614 -- exciting!
Noting here that we've been waiting on this to be implemented, released, and deployed before moving further: https://bugzilla.redhat.com/show_bug.cgi?id=1213630