fix running incoming webhook on GHE

We were not passing the installation URL properly to the endpoint when detecting the X-GitHub-Enterprise-Host header. Clarify the documentation about this and add a test for it. Signed-off-by: Chmouel Boudjnah <[email protected]>
openshift-pipelines · Dec 1, 2023 · c0e0e5d · c0e0e5d
1 parent a105d55
commit c0e0e5d
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 8 deletions.
diff --git a/docs/content/docs/guide/incoming_webhook.md b/docs/content/docs/guide/incoming_webhook.md
@@ -147,6 +147,16 @@ curl -H "Content-Type: application/json" -X POST "https://control.pac.url/incomi
 
 The parameter value of `pull_request_number` will be set to `12345` when using the variable `{{pull_request_number}}` in your PipelineRun.
 
+### Using incoming webhook with GitHub Enterprise application
+
+When using a GitHub application over to a GitHub Enterprise, you will need to
+specify the `X-GitHub-Enterprise-Host` header when making the incoming webhook
+request. For example when using curl:
+
+```shell
+curl -H "X-GitHub-Enterprise-Host: github.example.com" -X POST "https://control.pac.url/incoming?repository=repo&branch=main&secret=very-secure-shared-secret&pipelinerun=target_pipelinerun"
+```
+
 ### Using incoming webhook with webhook based providers
 
 Webhook based providers (i.e: GitHub Webhook, GitLab, Bitbucket etc..) supports

diff --git a/pkg/provider/github/app/token.go b/pkg/provider/github/app/token.go
@@ -19,18 +19,19 @@ import (
 
 func GetAndUpdateInstallationID(ctx context.Context, req *http.Request, run *params.Run, repo *v1alpha1.Repository, gh *github.Provider, ns string) (string, string, int64, error) {
 	var (
-		enterpriseURL, token string
-		installationID       int64
+		enterpriseHost, token string
+		installationID        int64
 	)
 	jwtToken, err := GenerateJWT(ctx, ns, run)
 	if err != nil {
 		return "", "", 0, err
 	}
 
 	installationURL := *gh.APIURL + keys.InstallationURL
-	enterpriseURL = req.Header.Get("X-GitHub-Enterprise-Host")
-	if enterpriseURL != "" {
-		installationURL = enterpriseURL + keys.InstallationURL
+	enterpriseHost = req.Header.Get("X-GitHub-Enterprise-Host")
+	if enterpriseHost != "" {
+		// NOTE: Hopefully this works even when the ghe URL is on another host than the api URL
+		installationURL = "https://" + enterpriseHost + "/api/v3" + keys.InstallationURL
 	}
 
 	res, err := GetReponse(ctx, http.MethodGet, installationURL, jwtToken, run)
@@ -39,7 +40,7 @@ func GetAndUpdateInstallationID(ctx context.Context, req *http.Request, run *par
 	}
 
 	if res.StatusCode >= 300 {
-		return "", "", 0, fmt.Errorf("Non-OK HTTP status: %d", res.StatusCode)
+		return "", "", 0, fmt.Errorf("Non-OK HTTP status while getting installation URL: %s : %d", installationURL, res.StatusCode)
 	}
 
 	defer res.Body.Close()
@@ -61,7 +62,7 @@ func GetAndUpdateInstallationID(ctx context.Context, req *http.Request, run *par
 			return "", "", 0, fmt.Errorf("installation ID is nil")
 		}
 		if *installationData[i].ID != 0 {
-			token, err = gh.GetAppToken(ctx, run.Clients.Kube, enterpriseURL, *installationData[i].ID, ns)
+			token, err = gh.GetAppToken(ctx, run.Clients.Kube, enterpriseHost, *installationData[i].ID, ns)
 			if err != nil {
 				return "", "", 0, err
 			}
@@ -75,7 +76,7 @@ func GetAndUpdateInstallationID(ctx context.Context, req *http.Request, run *par
 			break
 		}
 	}
-	return enterpriseURL, token, installationID, nil
+	return enterpriseHost, token, installationID, nil
 }
 
 func listRepos(ctx context.Context, repo *v1alpha1.Repository, gh *github.Provider) (bool, error) {