From 5474b6d042c5a0c51f861531fb7cf537d8c83a5a Mon Sep 17 00:00:00 2001 From: usiegl00 <50933431+usiegl00@users.noreply.github.com> Date: Tue, 15 Dec 2020 23:05:03 -0800 Subject: [PATCH 1/2] Update securing-your-webhooks.md (#1692) The request header is `HTTP_X_HUB_SIGNATURE_256` not `HTTP_X_HUB_SIGNATURE_2`. --- .../developers/webhooks-and-events/securing-your-webhooks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/developers/webhooks-and-events/securing-your-webhooks.md b/content/developers/webhooks-and-events/securing-your-webhooks.md index 9061e6ff10..8d9c3fea5c 100644 --- a/content/developers/webhooks-and-events/securing-your-webhooks.md +++ b/content/developers/webhooks-and-events/securing-your-webhooks.md @@ -72,7 +72,7 @@ end {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %} def verify_signature(payload_body) signature = 'sha256=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), ENV['SECRET_TOKEN'], payload_body) - return halt 500, "Signatures didn't match!" unless Rack::Utils.secure_compare(signature, request.env['HTTP_X_HUB_SIGNATURE_2']) + return halt 500, "Signatures didn't match!" unless Rack::Utils.secure_compare(signature, request.env['HTTP_X_HUB_SIGNATURE_256']) end{% elsif currentVersion ver_lt "enterprise-server@2.23" %} def verify_signature(payload_body) signature = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), ENV['SECRET_TOKEN'], payload_body) From 8b912a54adfc0274e46e8f7214c2acbbc5b3bf4b Mon Sep 17 00:00:00 2001 From: Paul Cowgill Date: Wed, 16 Dec 2020 01:20:15 -0600 Subject: [PATCH 2/2] Typo fix for setup-node variable (#1699) --- content/actions/guides/building-and-testing-nodejs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/actions/guides/building-and-testing-nodejs.md b/content/actions/guides/building-and-testing-nodejs.md index 9a3120d64f..7cf7d0667e 100644 --- a/content/actions/guides/building-and-testing-nodejs.md +++ b/content/actions/guides/building-and-testing-nodejs.md @@ -195,7 +195,7 @@ steps: To authenticate to your private registry, you'll need to store your npm authentication token as a secret. For example, create a repository secret called `NPM_TOKEN`. For more information, see "[Creating and using encrypted secrets](/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets)." -In the example below, the secret `NPM_TOKEN` stores the npm authentication token. The `setup-node` action configures the *.npmrc* file to read the npm authentication token from the `NODE_AUTH_TOKEN` environment variable. When using the `setup-node` action to create an *.npmrc* file, you must set the `NPM_AUTH_TOKEN` environment variable with the secret that contains your npm authentication token. +In the example below, the secret `NPM_TOKEN` stores the npm authentication token. The `setup-node` action configures the *.npmrc* file to read the npm authentication token from the `NODE_AUTH_TOKEN` environment variable. When using the `setup-node` action to create an *.npmrc* file, you must set the `NODE_AUTH_TOKEN` environment variable with the secret that contains your npm authentication token. Before installing dependencies, use the `setup-node` action to create the *.npmrc* file. The action has two input parameters. The `node-version` parameter sets the Node.js version, and the `registry-url` parameter sets the default registry. If your package registry uses scopes, you must use the `scope` parameter. For more information, see [`npm-scope`](https://docs.npmjs.com/misc/scope).