From 48cc5ef5f3ba082e33ad981054f442eeb173eb47 Mon Sep 17 00:00:00 2001
From: Gabe Villalobos <gabriel.villalobos@sentry.io>
Date: Mon, 10 Nov 2025 08:28:03 -0800
Subject: [PATCH 1/2] fix(eco): Refactors prevent webhook forwarder to check
 the full set of headers, use enums

---
 src/sentry/integrations/github/webhook_types.py   |  4 ++++
 .../middleware/integrations/parsers/github.py     |  9 +--------
 .../overwatch_webhooks/webhook_forwarder.py       | 15 ++++++++-------
 3 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/src/sentry/integrations/github/webhook_types.py b/src/sentry/integrations/github/webhook_types.py
index a8e425b8199cbb..bdf0ae545a75e0 100644
--- a/src/sentry/integrations/github/webhook_types.py
+++ b/src/sentry/integrations/github/webhook_types.py
@@ -5,6 +5,10 @@
 
 class GithubWebhookType(StrEnum):
     INSTALLATION = "installation"
+    INSTALLATION_REPOSITORIES = "installation_repositories"
     ISSUE = "issues"
+    ISSUE_COMMENT = "issue_comment"
     PULL_REQUEST = "pull_request"
+    PULL_REQUEST_REVIEW_COMMENT = "pull_request_review_comment"
+    PULL_REQUEST_REVIEW = "pull_request_review"
     PUSH = "push"
diff --git a/src/sentry/middleware/integrations/parsers/github.py b/src/sentry/middleware/integrations/parsers/github.py
index cef08487c1eb99..a35f3bce1913b1 100644
--- a/src/sentry/middleware/integrations/parsers/github.py
+++ b/src/sentry/middleware/integrations/parsers/github.py
@@ -100,16 +100,9 @@ def get_response(self) -> HttpResponseBase:
             if codecov_regions:
                 self.try_forward_to_codecov(event=event)
 
-        logger.info(
-            "overwatch.debug.forward_if_applicable.begin",
-            extra={
-                "headers_keys": list(self.request.headers.keys()),
-                "integration_id": integration.id,
-            },
-        )
         # The overwatch forwarder implements its own region-based checks
         OverwatchGithubWebhookForwarder(integration=integration).forward_if_applicable(
-            event=event, headers=self.request.headers
+            event=event, headers=self.request.META
         )
 
         return self.get_response_from_webhookpayload(
diff --git a/src/sentry/overwatch_webhooks/webhook_forwarder.py b/src/sentry/overwatch_webhooks/webhook_forwarder.py
index 89eccb17bd6c97..100a18b0562778 100644
--- a/src/sentry/overwatch_webhooks/webhook_forwarder.py
+++ b/src/sentry/overwatch_webhooks/webhook_forwarder.py
@@ -6,6 +6,7 @@
 
 from sentry import options
 from sentry.constants import ObjectStatus
+from sentry.integrations.github.webhook_types import GITHUB_WEBHOOK_TYPE_HEADER, GithubWebhookType
 from sentry.integrations.models.integration import Integration
 from sentry.integrations.models.organization_integration import OrganizationIntegration
 from sentry.models.organizationmapping import OrganizationMapping
@@ -16,12 +17,12 @@
 
 # TODO: Double check that this includes all of the events you care about.
 GITHUB_EVENTS_TO_FORWARD_OVERWATCH = {
-    "installation",
-    "installation_repositories",
-    "issue_comment",
-    "pull_request",
-    "pull_request_review_comment",
-    "pull_request_review",
+    GithubWebhookType.INSTALLATION,
+    GithubWebhookType.INSTALLATION_REPOSITORIES,
+    GithubWebhookType.ISSUE_COMMENT,
+    GithubWebhookType.PULL_REQUEST,
+    GithubWebhookType.PULL_REQUEST_REVIEW_COMMENT,
+    GithubWebhookType.PULL_REQUEST_REVIEW,
 }
 
 
@@ -45,7 +46,7 @@ def __init__(self, integration: Integration):
         self.integration = integration
 
     def should_forward_to_overwatch(self, headers: Mapping[str, str]) -> bool:
-        return headers.get("HTTP_X_GITHUB_EVENT") in GITHUB_EVENTS_TO_FORWARD_OVERWATCH
+        return headers.get(GITHUB_WEBHOOK_TYPE_HEADER) in GITHUB_EVENTS_TO_FORWARD_OVERWATCH
 
     def _get_org_summaries_by_region_for_integration(
         self, integration: Integration

From 22280e6894fe72f209962f95e3611ddcbd7f3eea Mon Sep 17 00:00:00 2001
From: Gabe Villalobos <gabriel.villalobos@sentry.io>
Date: Mon, 10 Nov 2025 08:49:00 -0800
Subject: [PATCH 2/2] Removes more spammy logs

---
 src/sentry/middleware/integrations/parsers/github.py |  8 +++++---
 src/sentry/overwatch_webhooks/webhook_forwarder.py   | 11 -----------
 2 files changed, 5 insertions(+), 14 deletions(-)

diff --git a/src/sentry/middleware/integrations/parsers/github.py b/src/sentry/middleware/integrations/parsers/github.py
index a35f3bce1913b1..79231ebcdf5bfb 100644
--- a/src/sentry/middleware/integrations/parsers/github.py
+++ b/src/sentry/middleware/integrations/parsers/github.py
@@ -100,11 +100,13 @@ def get_response(self) -> HttpResponseBase:
             if codecov_regions:
                 self.try_forward_to_codecov(event=event)
 
+        response = self.get_response_from_webhookpayload(
+            regions=regions, identifier=integration.id, integration_id=integration.id
+        )
+
         # The overwatch forwarder implements its own region-based checks
         OverwatchGithubWebhookForwarder(integration=integration).forward_if_applicable(
             event=event, headers=self.request.META
         )
 
-        return self.get_response_from_webhookpayload(
-            regions=regions, identifier=integration.id, integration_id=integration.id
-        )
+        return response
diff --git a/src/sentry/overwatch_webhooks/webhook_forwarder.py b/src/sentry/overwatch_webhooks/webhook_forwarder.py
index 100a18b0562778..7a6a89e61e613d 100644
--- a/src/sentry/overwatch_webhooks/webhook_forwarder.py
+++ b/src/sentry/overwatch_webhooks/webhook_forwarder.py
@@ -109,12 +109,8 @@ def forward_if_applicable(self, event: Mapping[str, Any], headers: Mapping[str,
         region_name = None
         try:
             enabled_regions = options.get("overwatch.enabled-regions")
-            logger.info(
-                "overwatch.debug.enabled_regions", extra={"enabled_regions": enabled_regions}
-            )
             if not enabled_regions:
                 # feature isn't enabled, no work to do
-                logger.info("overwatch.debug.excluded.feature_not_enabled", extra={})
                 return
 
             orgs_by_region = self._get_org_summaries_by_region_for_integration(
@@ -178,10 +174,6 @@ def forward_if_applicable(self, event: Mapping[str, Any], headers: Mapping[str,
                     region=region_name,
                     app_id=app_id,
                 )
-                logger.info(
-                    "overwatch.debug.webhook_detail.created",
-                    extra={"region_name": region_name, "app_id": app_id},
-                )
 
                 publisher = OverwatchWebhookPublisher(
                     integration_provider=self.integration.provider,
@@ -194,9 +186,6 @@ def forward_if_applicable(self, event: Mapping[str, Any], headers: Mapping[str,
                     sample_rate=1.0,
                     tags={"forward_region": region_name},
                 )
-                logger.info(
-                    "overwatch.debug.metrics_incr.success", extra={"region_name": region_name}
-                )
         except Exception:
             metrics.incr(
                 "overwatch.forward-webhooks.forward-error",