Skip to content

Update secret-scanning partner onboarding to add more 'gotcha' information for signature validation#5637

Merged
skedwards88 merged 3 commits intomainfrom
just-joshing-update-secret-scanning-partner-doc
Apr 28, 2021
Merged

Update secret-scanning partner onboarding to add more 'gotcha' information for signature validation#5637
skedwards88 merged 3 commits intomainfrom
just-joshing-update-secret-scanning-partner-doc

Conversation

@just-joshing
Copy link
Copy Markdown
Contributor

@just-joshing just-joshing commented Apr 22, 2021
edited
Loading

Why:

We received partner feedback that they encountered difficulty implementing signature validation because it wasn't clear that the raw payload needed to be used.

They use IBM Cloud Functions Actions which by default parse JSON request payloads.
So when they would stringify the JSON again and find signature validation was failing, it wasn't clear that the issue was stringifying the JSON again rearranged key/value members and changed spacing.

What's being changed:

This change updates:

  • the sample JSON payloads to have no spaces, like production
  • the URL for getting the public key in the samples which was pointing to the old endpoint token_scanning
  • the first token sample to only include a token, not X-Header-Banner as well which wouldn't be included in a payload

Check off the following:

Writer impact (This section is for GitHub staff members only):

  • This pull request impacts the contribution experience
    • I have added the 'writer impact' label
    • I have added a description and/or a video demo of the changes below (eg. a "before and after video")

@welcome
Copy link
Copy Markdown

welcome Bot commented Apr 22, 2021

Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

@github-actions github-actions Bot added the triage Do not begin working on this issue until triaged by the team label Apr 22, 2021
@just-joshing just-joshing changed the title Update secret-scanning.md to add more 'gotcha' information Update secret-scanning partner onboarding to add more 'gotcha' information for signature validation Apr 22, 2021
@just-joshing just-joshing marked this pull request as ready for review April 22, 2021 17:34
greysteil
greysteil previously approved these changes Apr 22, 2021
View reviewed changes
aashah
aashah reviewed Apr 22, 2021
View reviewed changes
Comment thread content/developers/overview/secret-scanning.md
aashah
aashah previously approved these changes Apr 22, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@aashah aashah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

neat

@just-joshing just-joshing dismissed stale reviews from aashah and greysteil via 193a543 April 22, 2021 18:50
aashah
aashah approved these changes Apr 22, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@aashah aashah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤙

@github github deleted a comment from QbZn Apr 23, 2021
@janiceilene
Copy link
Copy Markdown
Contributor

janiceilene commented Apr 23, 2021

@just-joshing Thanks so much for opening a PR! I'll get this triaged for review ⚡

@janiceilene janiceilene added secret scanning Content related to secret scanning waiting for review Issue/PR is waiting for a writer's review and removed triage Do not begin working on this issue until triaged by the team labels Apr 23, 2021
@skedwards88 skedwards88 self-assigned this Apr 28, 2021
skedwards88
skedwards88 approved these changes Apr 28, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@skedwards88 skedwards88 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉 Thank you for opening this PR! I'll get these changes merged down for you.

@skedwards88 skedwards88 removed their assignment Apr 28, 2021
@skedwards88 skedwards88 added the ready to merge This pull request is ready to merge label Apr 28, 2021
@github-actions github-actions Bot removed the waiting for review Issue/PR is waiting for a writer's review label Apr 28, 2021
@skedwards88 skedwards88 enabled auto-merge (squash) April 28, 2021 22:12
@skedwards88 skedwards88 merged commit 19b38a6 into main Apr 28, 2021
@skedwards88 skedwards88 deleted the just-joshing-update-secret-scanning-partner-doc branch April 28, 2021 22:19
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 28, 2021

Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prneelak prneelak Awaiting requested review from prneelak

@prashkan prashkan Awaiting requested review from prashkan

@AshwinMohan86 AshwinMohan86 Awaiting requested review from AshwinMohan86

@mbadgett mbadgett Awaiting requested review from mbadgett

@aaroncathcart aaroncathcart Awaiting requested review from aaroncathcart

3 more reviewers

@greysteil greysteil greysteil approved these changes

@aashah aashah aashah approved these changes

@skedwards88 skedwards88 skedwards88 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

ready to merge This pull request is ready to merge secret scanning Content related to secret scanning

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@just-joshing @janiceilene @greysteil @aashah @skedwards88 @docubot