Closed Bug 1802737 Opened 2 years ago Closed 9 months ago

GitHub announces commits to the private security repo on Discord

Categories

(Bugzilla :: bugzilla.org, task)

Tracking

()

RESOLVED FIXED

People

(Reporter: justdave, Unassigned)

Details

The Bugzilla GitHub organization has a webhook set up to announce commits on Discord.

Unfortunately, it even includes private repos, so commits to the security repo are also included. Fortunately so far that's only been merge commits, but we need to fix this before we commit anything real since it gets posted to a public channel.

Other than upvoting https://github.com/community/community/discussions/36180 there doesn't seem to be anything we can do besides removing the organization-wide webhook and putting repository-specific webhooks on EVERY SINGLE REPOSITORY except for security... (there are 50 of them)

GitHub is currently pointed at Discord's built-in webhook for GitHub, which has almost zero configuration just like the sender on GitHub itself.

There do appear to be one or more open source Discord bots that can accept webhooks from GitHub, though, and I'm guessing we can probably easily modify one of those to filter out events from the security repo and use it instead of the built-in one.

Oh, I forgot to resolve this. This is fixed and live now. Ended up writing my own.

https://github.com/bugzilla/github-discord-relay

Status: NEW → RESOLVED
Closed: 9 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.