2

I want to create a GitHub web hook that scans the names and contents of the files being committed, and disallows a commit if a specific token appears in either.

I have found the GitHub webhook documentation, and it is clear that there are many events that can be caught, including the push event. There is a lot of data available in the JSON object that is sent with the push event, including the commits array, which is "An array of commit objects describing the pushed commits. (The array includes a maximum of 20 commits. If necessary, you can use the Commits API to fetch additional commits. This limit is applied to timeline events only and isn't applied to webhook deliveries.)"

However, it is not clear how to turn this into a list of filenames and file contents.

How do I do that?

vy32
  • 28,461
  • 37
  • 122
  • 246
  • I believe you can use a pre-push git hook to parse the contents of the file you're about to commit and fail if a list of specific token appears. `.git/hooks` on the top level directory of a git repo. – Naman Sep 24 '17 at 02:25
  • 2
    I want to use a server-side hook, not a client-side hook. – vy32 Sep 24 '17 at 11:49

1 Answers1

0

A webhook is a server-side hook which simply calls any URL you want with a JSON payload.

That means the actual hook (listening for the webhook) will live anywhere you want (meaning, not on GitHub side)

And don't forget that, by the time the hook is triggered, the commit has already been pushed and cannot easily be "refused" (maybe reverted?)

Your webhook listener can pull and list files in a local repo which will be used for analysis.
Plus, the git pull will pull all the commits pushed, not just "an array of 20"

And it can use said local repo as gateway, pushing the commits pulled to a final target remote repo, if their file content match your policy.
That is another way to "accept" or "refuse" commits in a webhook scenario.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250