Sylvain Mauduit @swop Senior Software Engineer, Etsy GitHub bot with Symfony 

GitHub bot | Definition A GitHub bot is a web app which is going to react to events happening on GitHub by performing some action on its side and/or will trigger other behaviours on GitHub 

GitHub bot | Workflow Event Something happens on GitHub GITHUB Triggers a Web Hook call GitHub will call your server GITHUB Web hook request handling Process the event CUSTOM APP (BOT) Use GitHub API as an output CUSTOM APP (BOT) 

GitHub bot | Today’s menu 1. Connect GitHub to our app via GitHub web hooks 2. Communicate with GitHub via the GitHub API 

Use web hooks to connect our app to GitHub Image source: pexels.com 

Each GitHub activity will trigger an event. Comment on commit on deployment on fork comment on issue/PR labelling an issue when open a PR on push … You can request a web hook call on all/some events GitHub | Events 

No content

No content

No content

No content

X-GitHub-Event
 Event type
 commit_comment
 deployment
 fork
 issue_comment
 pull_request, push … Web hook payload | Headers 

X-Hub-Signature
 Signed web hook payload (using a shared secret)
 sha1=5b97ee25c90585f5b809e87d5be7bd942e3c7a28 Web hook payload | Headers 

X-GitHub-Delivery
 Unique ID for the web hook call
 72d3162e-cc78-11e3-81ab-4c9367dc0958 Web hook payload | Headers 

User-Agent
 Prefixed User Agent
 GitHub-Hookshot/{hash} Web hook payload | Headers 

JSON
 (or form-urlencoded) representation of the event and its context Web hook payload | Body (POST) 

Web hook payload | Example POST /webhook HTTP/1.1 Host: my_awesome_bot.com User-Agent: GitHub-Hookshot/044aadd Content-Type: application/json X-GitHub-Event: issues X-Github-Delivery: 72d3162e-cc78-11e3-81ab-4c9367dc0958 X-Hub-Signature: sha1=5b97ee25c90585f5b809e87d5be7bd942e3c7a28 

Web hook payload | Example { "action": "opened", "issue": { "url": "https://api.github.com/repos/octocat/Hello-World/issues/1347", "number": 1347, ... }, "repository" : { "id": 1296269, "full_name": "octocat/Hello-World", ... }, "sender": { "login": "octocat", "id": 1, ... } } 

Web hook | Security Whitelist GitHub IPs Check web hook request signature 

Web hook | Security Recreate the signature and compare it Using the same secret CUSTOM APP Sign the web hook call Using the secret GITHUB REQUEST X-Hub-Signature sha1=5b97ee25c9… Secret
 my_secret https://developer.github.com/webhooks/securing/ 

Web hook | Security headers->get('X-Hub-Signature'); $explodeResult = explode('=', $signature, 2); if (2 !== count($explodeResult)) { return false; // Invalid signature header } list($algorithm, $hash) = $explodeResult; $payload = $request->getContent(); $payloadHash = hash_hmac($algorithm, $payload, 'my_secret'); if ($hash !== $payloadHash) { return false; // Invalid signature (wrong secret or altered payload) } 

Communicate with GitHub via the GitHub API Image source: pexels.com 

https://developer.github.com/v3/ GitHub API | Docs 

KnpLabs/php-github-api GitHub API | PHP client 

Several choice to auth to GitHub API Personal tokens JWT OAuth2 app … Easy way to start (and test the bot): Personal access token https://github.com/settings/tokens/new GitHub API | Authentication 

No content

GitHub API | Authentication container->getParameter('kernel.cache_dir') ); $client = new Client( new CachedHttpClient( ['cache_dir' => $cacheDir] ) ); $client->authenticate($token, null, Client::AUTH_HTTP_TOKEN); 

GitHub API | Call the API issue() ->comments() ->create( 'Octocat', 'Hello-World', 1337, ['body' => 'Hello!'] ); 

Demo Open-Source enthusiast bot Image source: pexels.com github.com/Swop/open-source-enthusiast-bot 

Tips | Development Ngrok
 https://ngrok.com/
 Expose you dev env to the world KnpLabs/php-github-api
 https://github.com/KnpLabs/php-github-api
 GitHub API client for PHP 

Tips | Development Swop/github-webhook
 https://github.com/Swop/github-webhook
 GitHub web hook signature validator & payload deserializer Swop/github-webhook-bundle
 https://github.com/Swop/github-webhook-bundle
 Symfony bundle around the above lib + web hook declaration on controllers with annotations 

Tips | Want to try middleware approach? Swop/github-webhook-middleware
 https://github.com/Swop/github-webhook-middleware
 PSR-15 & PSR-7 middleware Swop/github-webhook-stackphp
 https://github.com/Swop/github-webhook-stackphp
 StackPHP middleware 

Middleware | With Zend Stratigility use Psr\Http\Message\RequestInterface; use Psr\Http\Message\ResponseInterface; use Swop\GitHubWebHook\Security\SignatureValidator; use Swop\GitHubWebHookMiddleware\GithubWebHook; $app = (new \Zend\Stratigility\MiddlewarePipe()) ->pipe(new GithubWebHook(new SignatureValidator(), 'my_secret')) ->pipe('/webhook', function (RequestInterface $request, ResponseInterface $response) { // The security has been check. // Do some stuff with the web hook... return new \Zend\Diactoros\Response\JsonResponse(['message' => 'OK']); }); $request = \Zend\Diactoros\ServerRequestFactory::fromGlobals(); \Zend\Diactoros\Server::createServerFromRequest($app, $request) ->listen(new \Zend\Stratigility\NoopFinalHandler()); 

How we’re using this 

Bot | Notificator Main controller Wildcard GitHub event types GitHub Web hook REQUEST github. {event_type} DISPATCH (Eventually) Performs actions or get more info on GitHub (using the API) Check review label Internal hook Check review status on merge Internal hook … Internal hook github. {event_type} Notification Notification Notification Attach resulting notifications to the initial event 

Bot | Notificator Main controller Wildcard GitHub event types GitHub Web hook REQUEST github. {event_type} DISPATCH Notification Notification Notification SlackOutput Post Slack message MailOutput Send a mail MonologOutput Log the notification GitHubOutput Comment on PR/commit StatsDOutput Increment a metric
 on Graphite Output chain LOOP OVER NOTIFICATIONS 

Bot | Notificator 

Going further | Here’s some ideas… Create a GitHub “Integration”
 https://developer.github.com/early-access/integrations/
 • Uses JWT instead of personal tokens • Act on its own instead of behalf a user • Web hooks / permissions are built-in 

Going further | Here’s some ideas… Register your web hooks from… your bot web page
 Travis CI-like
 • Create a web interface on your app • Use GitHub API to auto-register itself as web hook on the user-selected repos. 

Going further | Here’s some ideas… 

You like these toys? Join us! Senior full-stack eng. Senior backend eng. iOS eng. Contact me: [email protected] Image source: pexels.com