From c7178833f29b9eacb37646db07a0cfeba4638c00 Mon Sep 17 00:00:00 2001 From: Arijit Basu Date: Wed, 10 Feb 2021 09:25:13 +0530 Subject: [PATCH 1/2] Add `--fail` to exit with non-zero return code when `curl` fails to create a PR. (#3187) --- content/actions/reference/authentication-in-a-workflow.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/actions/reference/authentication-in-a-workflow.md b/content/actions/reference/authentication-in-a-workflow.md index 74f6174055..5db39077b9 100644 --- a/content/actions/reference/authentication-in-a-workflow.md +++ b/content/actions/reference/authentication-in-a-workflow.md @@ -71,7 +71,8 @@ You can use the `GITHUB_TOKEN` to make authenticated API calls. This example wor --data '{ "title": "Automated issue for commit: ${{ github.sha }}", "body": "This issue was automatically created by the GitHub Action workflow **${{ github.workflow }}**. \n\n The commit hash was: _${{ github.sha }}_." - }' + }' \ + --fail ``` {% endraw %} From f61b9a7065b4c4f4d4e144f43fddaf2172e6bd9f Mon Sep 17 00:00:00 2001 From: Kristian Date: Tue, 9 Feb 2021 23:03:31 -0800 Subject: [PATCH 2/2] Add note to handle webhook payloads as UTF-8 (#3315) Co-authored-by: Lucas Costi --- .../webhooks-and-events/securing-your-webhooks.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/content/developers/webhooks-and-events/securing-your-webhooks.md b/content/developers/webhooks-and-events/securing-your-webhooks.md index 8d9c3fea5c..c32343b777 100644 --- a/content/developers/webhooks-and-events/securing-your-webhooks.md +++ b/content/developers/webhooks-and-events/securing-your-webhooks.md @@ -41,7 +41,7 @@ When your secret token is set, {% data variables.product.product_name %} uses it {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %} {% note %} -**Note:** For backward-compatibility, we also include the `X-Hub-Signature` header that is generated using the SHA-1 hash function. If possible, we recommend that you use the `X-Hub-Signature-256` header for improved security. The example below demonstrate using the `X-Hub-Signature-256` header. +**Note:** For backward-compatibility, we also include the `X-Hub-Signature` header that is generated using the SHA-1 hash function. If possible, we recommend that you use the `X-Hub-Signature-256` header for improved security. The example below demonstrates using the `X-Hub-Signature-256` header. {% endnote %} {% endif %} @@ -80,6 +80,12 @@ def verify_signature(payload_body) end{% endif %} ``` +{% note %} + +**Note:** Webhook payloads can contain unicode characters. If your language and server implementation specifies a character encoding, ensure that you handle the payload as UTF-8. + +{% endnote %} + Your language and server implementations may differ from this example code. However, there are a number of very important things to point out: * No matter which implementation you use, the hash signature starts with {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or "github-ae@latest" %}`sha256=`{% elsif currentVersion ver_lt "enterprise-server@2.23" %}`sha1=`{% endif %}, using the key of your secret token and your payload body.