Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Webhook secret is required
See original GitHub issueI updated my external app to use probot to listen to events which was awesome. However it then stopped working, returning 400’s on every webhook. It turns out that I hadn’t set the Webhook secret (optional) field in my GitHub app.
There wasn’t any indication why I was getting a 400. So I started spelunking.
I eventually found that setting DEBUG=webhooks:receiver prints out something useful. I got:
webhooks:receiver ignored: POST / due to missing headers: x-hub-signature
Searching that got me too:
https://developer.github.com/webhooks/securing/
Which then lead me back to:
https://probot.github.io/docs/development/
And I note under there it says I have to set that value. Ok did that.
Then where do I set the value in probot? In the end I just generated a simple app using npx create-probot-app and found it sticks WEBHOOK_SECRET=development in my env file.
So I went about this in the wrong order and I’m probably a little odd (in more ways than one) but I think there’s a few things that we could to possibly help here:
- document the environment variables that affect probot, including useful debug values (something we’ll want to have consistent across all repos)
- provide a “so your app isn’t authenticating” correctly part of the docs
- provide a URL to the docs in the error.
Although this could all be an octokit bug and not a probot one 😃
Sorry for the long rambling.
Issue Analytics
- State:
- Created 5 years ago
- Reactions:2
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
https://probot.github.io/docs/configuration/ is ace! Thank you @hiimbex 🥇 👍
Hi @andymckay! Thanks for the feedback!
We thought about this too super recently and I opened https://github.com/probot/probot/pull/544 to address that and those docs now exist here: https://github.com/probot/probot/blob/master/docs/configuration.md. It won’t be on the website until the next release is cut though, but any PRs to improve the clarity of that doc are welcome!
I’m all for this! This has come up in the past: https://github.com/probot/probot/issues/290 and https://github.com/probot/probot/issues/430 and then this PR: https://github.com/probot/probot/pull/434 which specifies the error message should have been: https://github.com/probot/probot/blob/7966de6a472481c8335b666d62cb0dbcb872080f/src/index.ts#L60-L61
but you got:
webhooks:receiver ignored: POST / due to missing headers: x-hub-signature, notNo X-Hub-Signature found on request. I think the solution is just to add another case statement in that code. Do you think this error message would have been more clear?