Route GitHub webhook events to the correct environment based on PR origin

[richardhjtan]

Summary

• GitHub webhook events are now routed only to the environment where the PR originated, instead of being broadcast to all environments (staging, production, local)
• The realm origin is resolved from the Submission Card URL in the PR body, with a fallback DB lookup by PR number for events without PR body (e.g. check_run, check_suite)
• Origin comparison ensures staging events stay on staging, production events stay on production
• Fail-closed: if origin cannot be resolved for a PR-related event, the event is rejected rather than broadcast

How it works

1. pull_request, pull_request_review events — extract the Submission Card URL from the PR body, compare its origin against filter.realm. Reject if origins don't match.

2. check_run, check_suite events — no PR body available, so query boxel_index for a PrCard matching the PR number and compare its realm origin.

3. Fail-closed — if origin cannot be resolved from a PR-related event, the match is rejected to prevent cross-environment broadcast.

Test plan

• Test with a staging PR — only staging environment should process the event
• Test with a production PR — only production environment should process the event
• Test check_run event routing via PrCard DB lookup
• Verify fail-closed behavior when realm cannot be resolved

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0599110aed

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[Copilot]

Pull request overview

This PR updates the realm-server webhook receiver so GitHub webhook commands are routed to the correct environment (staging vs production vs local) by resolving the PR’s “origin realm” and comparing origins, rather than broadcasting events to all environments.

Changes:

• Made webhook filter handlers async and added dynamic realm resolution from PR body (SubmissionCard URL) with DB fallback by PR number.
• Updated the webhook receiver to pass dbAdapter into filter handlers and await async matching/input/realm resolution.
• Added unit tests for helper extraction functions (extractRealmFromPrBody, extractPrNumberFromPayload).

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File	Description
packages/realm-server/handlers/webhook-filter-handlers.ts	Adds realm/PR resolution helpers, DB lookup, origin-based filtering, and async handler interface.
packages/realm-server/handlers/handle-webhook-receiver.ts	Awaits async filter handler methods and passes dbAdapter through.
packages/realm-server/tests/server-endpoints/webhook-receiver-test.ts	Adds unit tests for PR-body realm extraction and PR-number extraction.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

Host Test Results

    1 files  ±0      1 suites  ±0   2h 0m 22s ⏱️ - 11m 37s
2 062 tests ±0  2 047 ✅ ±0  15 💤 ±0  0 ❌ ±0 
2 077 runs  ±0  2 062 ✅ ±0  15 💤 ±0  0 ❌ ±0 

Results for commit 9bad05d. ± Comparison against base commit bbc3db5.

♻️ This comment has been updated with latest results.

[github-actions]

Realm Server Test Results

  1 files  ± 0    1 suites  ±0   11m 26s ⏱️ -19s
816 tests +14  816 ✅ +14  0 💤 ±0  0 ❌ ±0 
887 runs  +14  887 ✅ +14  0 💤 ±0  0 ❌ ±0 

Results for commit 9bad05d. ± Comparison against base commit bbc3db5.

♻️ This comment has been updated with latest results.

[Copilot]

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d30292ca7f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Limit origin checks to PR-linked events

matches() now calls resolveOriginFromPayload() for every github-event command that has filter.realm, regardless of event type. We still register commit_comment and discussion_comment commands with a realm in packages/matrix/scripts/register-github-webhook-for-submission-realm.ts (lines 235-247), but those payloads do not carry PR body/PR number fields, so origin resolution returns null and this branch rejects them every time. This regresses existing behavior by making those configured webhook commands impossible to execute.

Useful? React with 👍 / 👎.

[richardhjtan]

Tested branch changes in staging, the webhook event from production is not duplicate in staging

Production

Staging, Not found (Excepted)

[backspace]

I haven’t been looking at this work, is there validation that webhook requests are only processed from authorised sources?

[richardhjtan]

I haven’t been looking at this work, is there validation that webhook requests are only processed from authorised sources?

@backspace Yes, each incoming_webhook record has its own unique webhook endpoint and associated secret, which we use to verify that requests come from an authorised source.