diff --git a/github/github.go b/github/github.go index bf0774d..be825a6 100644 --- a/github/github.go +++ b/github/github.go @@ -28,43 +28,44 @@ type Event string // GitHub hook types const ( - CheckRunEvent Event = "check_run" - CheckSuiteEvent Event = "check_suite" - CommitCommentEvent Event = "commit_comment" - CreateEvent Event = "create" - DeleteEvent Event = "delete" - DeploymentEvent Event = "deployment" - DeploymentStatusEvent Event = "deployment_status" - ForkEvent Event = "fork" - GollumEvent Event = "gollum" - InstallationEvent Event = "installation" - InstallationRepositoriesEvent Event = "installation_repositories" - IntegrationInstallationEvent Event = "integration_installation" - IssueCommentEvent Event = "issue_comment" - IssuesEvent Event = "issues" - LabelEvent Event = "label" - MemberEvent Event = "member" - MembershipEvent Event = "membership" - MilestoneEvent Event = "milestone" - OrganizationEvent Event = "organization" - OrgBlockEvent Event = "org_block" - PageBuildEvent Event = "page_build" - PingEvent Event = "ping" - ProjectCardEvent Event = "project_card" - ProjectColumnEvent Event = "project_column" - ProjectEvent Event = "project" - PublicEvent Event = "public" - PullRequestEvent Event = "pull_request" - PullRequestReviewEvent Event = "pull_request_review" - PullRequestReviewCommentEvent Event = "pull_request_review_comment" - PushEvent Event = "push" - ReleaseEvent Event = "release" - RepositoryEvent Event = "repository" - SecurityAdvisoryEvent Event = "security_advisory" - StatusEvent Event = "status" - TeamEvent Event = "team" - TeamAddEvent Event = "team_add" - WatchEvent Event = "watch" + CheckRunEvent Event = "check_run" + CheckSuiteEvent Event = "check_suite" + CommitCommentEvent Event = "commit_comment" + CreateEvent Event = "create" + DeleteEvent Event = "delete" + DeploymentEvent Event = "deployment" + DeploymentStatusEvent Event = "deployment_status" + ForkEvent Event = "fork" + GollumEvent Event = "gollum" + InstallationEvent Event = "installation" + InstallationRepositoriesEvent Event = "installation_repositories" + IntegrationInstallationEvent Event = "integration_installation" + IssueCommentEvent Event = "issue_comment" + IssuesEvent Event = "issues" + LabelEvent Event = "label" + MemberEvent Event = "member" + MembershipEvent Event = "membership" + MilestoneEvent Event = "milestone" + OrganizationEvent Event = "organization" + OrgBlockEvent Event = "org_block" + PageBuildEvent Event = "page_build" + PingEvent Event = "ping" + ProjectCardEvent Event = "project_card" + ProjectColumnEvent Event = "project_column" + ProjectEvent Event = "project" + PublicEvent Event = "public" + PullRequestEvent Event = "pull_request" + PullRequestReviewEvent Event = "pull_request_review" + PullRequestReviewCommentEvent Event = "pull_request_review_comment" + PushEvent Event = "push" + ReleaseEvent Event = "release" + RepositoryEvent Event = "repository" + RepositoryVulnerabilityAlertEvent Event = "repository_vulnerability_alert" + SecurityAdvisoryEvent Event = "security_advisory" + StatusEvent Event = "status" + TeamEvent Event = "team" + TeamAddEvent Event = "team_add" + WatchEvent Event = "watch" ) // EventSubtype defines a GitHub Hook Event subtype @@ -289,6 +290,10 @@ func (hook Webhook) Parse(r *http.Request, events ...Event) (interface{}, error) var pl RepositoryPayload err = json.Unmarshal([]byte(payload), &pl) return pl, err + case RepositoryVulnerabilityAlertEvent: + var pl RepositoryVulnerabilityAlertPayload + err = json.Unmarshal([]byte(payload), &pl) + return pl, err case SecurityAdvisoryEvent: var pl SecurityAdvisoryPayload err = json.Unmarshal([]byte(payload), &pl) diff --git a/github/github_test.go b/github/github_test.go index b484444..6fbb716 100644 --- a/github/github_test.go +++ b/github/github_test.go @@ -453,13 +453,23 @@ func TestWebhooks(t *testing.T) { "X-Hub-Signature": []string{"sha1=df442a8af41edd2d42ccdd997938d1d111b0f94e"}, }, }, + { + name: "RepositoryVulnerabilityAlertEvent", + event: RepositoryVulnerabilityAlertEvent, + typ: RepositoryVulnerabilityAlertPayload{}, + filename: "../testdata/github/repository-vulnerability-alert.json", + headers: http.Header{ + "X-Github-Event": []string{"repository_vulnerability_alert"}, + "X-Hub-Signature": []string{"sha1=c42c0649e7e06413bcd756763edbab48dff400db"}, + }, + }, { name: "SecurityAdvisoryEvent", event: SecurityAdvisoryEvent, typ: SecurityAdvisoryPayload{}, filename: "../testdata/github/security-advisory.json", headers: http.Header{ - "X-Github-Event": []string{"security_advisory"}, + "X-Github-Event": []string{"security_advisory"}, "X-Hub-Signature": []string{"sha1=6a71f24fa69f55469843a91dc3a5c3e29714a565"}, }, }, diff --git a/github/payload.go b/github/payload.go index b78668a..0e1bcdf 100644 --- a/github/payload.go +++ b/github/payload.go @@ -5260,6 +5260,40 @@ type RepositoryPayload struct { } `json:"sender"` } +// RepositoryVulnerabilityAlertEvent contains the information for GitHub's repository_vulnerability_alert hook event. +type RepositoryVulnerabilityAlertPayload struct { + Action string `json:"action"` + Alert struct { + ID int64 `json:"id"` + Summary string `json:"summary"` + AffectedRange string `json:"affected_range"` + AffectedPackageName string `json:"affected_package_name"` + ExternalReference string `json:"external_reference"` + ExternalIdentifier string `json:"external_identifier"` + FixedIn string `json:"fixed_in"` + Dismisser struct { + Login string `json:"login"` + ID int64 `json:"id"` + NodeID string `json:"node_id"` + AvatarURL string `json:"avatar_url"` + GravatarID string `json:"gravatar_id"` + URL string `json:"url"` + HTMLURL string `json:"html_url"` + FollowersURL string `json:"followers_url"` + FollowingURL string `json:"following_url"` + GistsURL string `json:"gists_url"` + StarredURL string `json:"starred_url"` + SubscriptionsURL string `json:"subscriptions_url"` + OrganizationsURL string `json:"organizations_url"` + ReposURL string `json:"repos_url"` + EventsURL string `json:"events_url"` + ReceivedEventsURL string `json:"received_events_url"` + Type string `json:"type"` + SiteAdmin bool `json:"site_admin"` + } `json:"dismisser"` + } `json:"alert"` +} + // SecurityAdvisoryPayload contains the information for GitHub's security_advisory hook event. type SecurityAdvisoryPayload struct { Action string `json:"action"` diff --git a/testdata/github/repository-vulnerability-alert.json b/testdata/github/repository-vulnerability-alert.json new file mode 100644 index 0000000..fe86fd8 --- /dev/null +++ b/testdata/github/repository-vulnerability-alert.json @@ -0,0 +1,33 @@ +{ + "action": "dismiss", + "alert": { + "id": 7649605, + "affected_range": "0.2.0", + "affected_package_name": "many_versioned_gem", + "external_reference": "https://nvd.nist.gov/vuln/detail/CVE-2018-3728", + "external_identifier": "CVE-2018-3728", + "fixed_in": "0.2.5", + "dismisser": { + "login":"octocat", + "id":1, + "node_id": "MDQ6VXNlcjIxMDMxMDY3", + "avatar_url":"https://github.com/images/error/octocat_happy.gif", + "gravatar_id":"", + "url":"https://api.github.com/users/octocat", + "html_url":"https://github.com/octocat", + "followers_url":"https://api.github.com/users/octocat/followers", + "following_url":"https://api.github.com/users/octocat/following{/other_user}", + "gists_url":"https://api.github.com/users/octocat/gists{/gist_id}", + "starred_url":"https://api.github.com/users/octocat/starred{/owner}{/repo}", + "subscriptions_url":"https://api.github.com/users/octocat/subscriptions", + "organizations_url":"https://api.github.com/users/octocat/orgs", + "repos_url":"https://api.github.com/users/octocat/repos", + "events_url":"https://api.github.com/users/octocat/events{/privacy}", + "received_events_url":"https://api.github.com/users/octocat/received_events", + "type":"User", + "site_admin":true + }, + "dismiss_reason": "No bandwidth to fix this", + "dismissed_at": "2017-10-25T00:00:00+00:00" + } +} \ No newline at end of file