Closed Bug 1891871 Opened 1 year ago Closed 1 year ago

GH Admin assistance required to re-enable webhook for ReadTheDocs.org

Categories

(mozilla.org :: Github: Administration, task)

Product:
mozilla.org
Component:
Github: Administration
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: sjalim, Assigned: cknowles)

Details

Hi Chris and team

This one's a bit of a fiddly one, but we've noticed the webhook that used to trigger automatic builds for https://bedrock.readthedocs.io is no longer firing.

We can see that it's failing in GH (https://github.com/mozilla/bedrock/settings/hooks/76849843?tab=deliveries) and the response tells us what to do, namely read https://blog.readthedocs.com/security-update-on-incoming-webhooks/

That page tells us to go to the webhook in our RTD account (https://readthedocs.org/dashboard/bedrock/integrations/59670/) and hit the Resync webhook button.

However, that fails with "Webhook activation failed. Make sure you have permissions to set it." and comments on this issue (https://github.com/readthedocs/readthedocs.org/issues/4065) suggest that it's because one needs to be the admin of the GH repo (and presumably authed for Github) in order to use that Resync button.

I am an Admin on mozilla/bedrock, but seem to not have the right permissons and wonder if there's a way to see why the request is being denied.

So, there's nothing magical about access above repo admin when it comes to repos. If you were working with an org level app, then maybe an org owner would come into play. The logs you have in the webhook are better than anything in the audit log at the org level.

Looking at the docs https://blog.readthedocs.com/security-update-on-incoming-webhooks/ --- it looks like hitting the resync button is only the first part - that appears to mainly set the secret. And then you have to have the same secret defined in the webhook. And looking at the webhook, the secret appears to be empty.

https://docs.readthedocs.io/en/stable/guides/setup/git-repo-manual.html --- is linked from the blog entry and mentions the need to set the secret on the github side.

obviously - I'm happy to keep this open, reach out here or on slack, and if a zoom meeting would help, I'm happy to be present.

Assignee: nobody → cknowles

Gosh, sorry Chris - serves me right for not reading all the way to the end. All appears to be fine, with 200 OK again, after updating the webhook. Sorry for the noisw!

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED

No apologies - I'm happy there was a good and easy resolution

You need to log in before you can comment on or make changes to this bug.