Skip to content

wip #266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mpressen wants to merge 1 commit into
base: main
Choose a base branch
from
Open

wip #266

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 34 additions & 0 deletions app/controllers/webhooks/github_events_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
class Webhooks::GithubEventsController < ApplicationController
skip_before_action :verify_authenticity_token

Check failure

Code scanning / CodeQL

CSRF protection weakened or disabled High

Potential CSRF vulnerability due to forgery protection being disabled or weakened.

Copilot Autofix

AI 7 months ago

Copilot could not generate an autofix suggestion

Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.

skip_before_action :authenticate
skip_before_action :require_authentication

before_action :validate_signature

def create
github_event = GithubEvent.create!(
event: request.headers["X-GitHub-Event"],
payload: request.request_parameters.except("repository", "organization")
# contribution: Contribution.find_by!(github_resource_url: payload["pull_request"]["url"])
)

GithubEvents::CreateService.new(github_event:).call

head :ok
end

private

def validate_signature
signature = request.headers["X-Hub-Signature-256"]
head :unauthorized and return unless signature&.start_with?("sha256=")

secret = Rails.application.credentials.github.webhook_secret
expected = "sha256=" + OpenSSL::HMAC.hexdigest("sha256", secret, request.raw_post)

unless ActiveSupport::SecurityUtils.secure_compare(expected, signature)
Rails.logger.warn "Invalid GitHub webhook signature"
head :unauthorized

@cursor cursor Bot Nov 16, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Authentication Bypass: Malicious Webhooks Processed

After detecting an invalid webhook signature, validate_signature calls head :unauthorized but doesn't return, allowing execution to continue. This causes the webhook to be processed despite failing authentication, creating a GithubEvent record and executing the service logic with potentially malicious data.

Fix in Cursor Fix in Web

end
end
end
11 changes: 11 additions & 0 deletions app/models/github_event.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
class GithubEvent < ApplicationRecord
belongs_to :contribution, optional: true
# validates :event, presence: true
# validates :payload, presence: true

enum :status, {
pending: "pending",
processed: "processed",
ignored: "ignored"
}
end
66 changes: 66 additions & 0 deletions app/services/github_events/create_service.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
module GithubEvents
class CreateService
attr_reader :github_event

def initialize(github_event:)
@github_event = github_event
end

def call
case github_event.event
when "pull_request" # I should probably not use this one
handle_pull_request_event
when "pull_request_review"
handle_pull_request_review_event
else
ignore_event!
end
end

private

def handle_pull_request_event
ignore_event! unless github_action == "closed"

return if contribution.status == "validée"

contribution.update!(status: "rejetée")
end

@cursor cursor Bot Nov 16, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Event Ignored, Yet Processing Continues

The handle_pull_request_event method calls ignore_event! when github_action is not "closed" but doesn't return afterward. This causes execution to continue, attempting to access contribution and potentially updating it even after the event was marked as ignored. The method needs to return after calling ignore_event! to prevent further processing.

Fix in Cursor Fix in Web

Comment on lines +22 to +28

@coderabbitai coderabbitai Bot Nov 16, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Control‑flow bug in handle_pull_request_event and missing status update

As written, non‑"closed" pull request actions will still execute the rest of the method after ignore_event!, meaning:

  • Contributions can be set to "rejetée" even when the event should be ignored.
  • For "closed" actions, the github_event status remains "pending" and is never marked "processed" or linked to the contribution.

This is both a correctness and observability issue.

A safer implementation that truly ignores non‑closed actions and marks processed closed events could be:

def handle_pull_request_event
-  ignore_event! unless github_action == "closed"
-
-  return if contribution.status == "validée"
-
-  contribution.update!(status: "rejetée")
+  unless github_action == "closed"
+    ignore_event!
+    return
+  end
+
+  return if contribution.status == "validée"
+
+  ActiveRecord::Base.transaction do
+    contribution.update!(status: "rejetée")
+    github_event.update!(contribution: contribution, status: "processed")
+  end
end

You can decide whether a "closed" event for an already "validée" contribution should also mark the event as "processed" or remain "pending".

🤖 Prompt for AI Agents 
In app/services/github_events/create_service.rb around lines 22-28, the method
must stop executing after ignore_event! for non-"closed" actions and must mark
the github_event as processed and link it to the contribution for all handled
"closed" cases; change control flow so that if github_action != "closed" you
call ignore_event! then return immediately, and for "closed" events always
update the github_event (e.g. status: "processed" and associate the
contribution_id) — if contribution.status == "validée" still mark the
github_event as processed (but don't change the contribution), otherwise update
the contribution to "rejetée" and then mark the github_event processed; use bang
updates (update!) so failures raise and persist changes.


def handle_pull_request_review_event
case github_action
when "submitted"
case github_event.payload["review"]["state"]
when "changes_requested"
ActiveRecord::Base.transaction do
contribution.update!(status: "modifications demandées")
github_event.update!(contribution:, status: "processed")
end
when "approved" # actually it might be better to do so at the merge event
ActiveRecord::Base.transaction do
contribution.update!(status: "validée")
Osbl.create!(contribution.osbl_data)
github_event.update!(contribution:, status: "processed")
end
else
ignore_event!
end
else
ignore_event!
end
end

def contribution
@contribution ||= Contribution.find_by!(github_resource_url: github_event.payload["pull_request"]["html_url"])
end

def ignore_event!
github_event.update!(status: "ignored")
Rails.logger.info "GitHub event ignored: #{github_event.id}"
end

def github_action
github_event.payload["action"]
end
end
end
2 changes: 1 addition & 1 deletion config/credentials.yml.enc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1ac0XCWb7MwmmrVOD+aw7yjIuxj5bMXRFrukNTHK7ds21vyaANghbmjcIwUrL2nz81lNGVR6uUVLw9E/ahRneKepCVxW0psXLqQlIzsQEcuoRuiCLNkVE/prxN2VQ0JPk9rMy9vRrf+f+4y/TapKpFeSN6sPINl91Me7vPJEoHdDrsG6M74Y3wVDZN/JyImgel7NH/ntSNHeaNDQSip0BUPRtYEVLtGzMFhgwLhFJpMkHFIbjJ7UDXoh4i1sCDaZ9us37ourZ8odxifvbowLuAHVAgM0vKTCnf5LlTYjkQS6GPJSh9DQJe165jFFNhUpvOL8D4mQpEXtEwlE0UCKbk3PwdP8zRmo88ueLu7YTGqCoeXQDK8z3W/E6FfsyS0rxfX91Ag11IXjRVrYIAj6597x/R5adj8n1dSJ8PACAfRrPmvAxKOwDxi6dLviVl5VcaVcDqcLDV+q1pBU0FAFyi+lj0z8sxVVo2TLp67P+y+BnZna4tPu7qfHkRnw2rvWV8enmP3zKrx8uOsRXdLQo3IrLQXzBoDna/Ulq699389IvjH5VfFhQtYiSbH53PJ6Q2gDij2ICnviZkCiH/99GEMK3JrhICml9ikiSck1c9RceDaLF8Cl5f9gor8yQy6Pzw99lWKYGbUsXtKzB+VspEXSRt1cifgu/Fq7r2N4L1AHwHyfuJ5f1v8A1vohoOFF4dMcQiblrsNL6uLzf7QeMwyrB8vRXIGq0zgdKtE2aiI/CuIjyQtysL81QgFVG8yV2kmgpw6EyC/K2YREpfBbf2doBcBSYfPCP3LA/DEhLFVRMXwT8NLow6FHX3hqIhfYQcZVB3wwvBqLcj+VgRLTpwZO8icv9R84/6Pad9bBFwVvFcLEbTMQV1SBsG16AutyleuVanEss+KbpMzU9ifTRhvJGRZMScCVJrPpxSEKzkW8Sy1zhkAo5acujPQl5OksSzgGUXIE3fnc5SF7k77AWvc4HgyitTXJlpn8aUiep1RGZ0fbas/ZT9aH0wO5MyEUD9LQqNb8pEV7/NX46Cc++oxmNbg7jBqQQJa/fRagMgNoYUw6R1q7Ibj/2VY3NorIQP1QVvWlqbQE1eOKVYho8VYQxMUf79o0ddPDIq5kHc707KFUp/t3Gjxv59R6cV52yt41nn5hHedMDHiGF0LbyHRJePkwR9ZEdwzPvFxN531jZuYKOFK9fCJACjuiiGWPhTIoKSd1f4UzOm3Czv4ENRrHtRJ1VMRkVLAQr8hmL1dtTrTbA0c8z90KAAkVMZduoK/inssNN/Ywv5R1Si0tFSlXazSOAWlBOebGhSdL+ufQKQELD2QSxVXQFBRGXxQ2dLO71jliOw9G2XJa9TLBJMhQ2+t0w35D6PvWu3XeN+BjcLkK5fdRXLtujiUJnOCAvCc1WDNSsJXdGZvQDCV75FDlYr68MWfvJ2EJ1ctjnn5R1Bt6NIemRHLuC2+B2b/1SLvl5g5s7iLstxp2ZTuEGuQxANy2LrNoO2m7SNzO9YT7Hv0l7YS/PtwMJ7SAMsIzlWIjAUDnsBl1fezuhjYLq7EFE3hHesJNzt5mk+aj3qdTC/CbGNS8tmwvovf8ZDTgFOxQf8fF5LXRm4oMbVvrER+G1RabkaSp77B5NLAZUIHu85OTJRwbaYltS+JtWtg6yieSOWZNqsPkRbFI/Os7Mad7lapMpPtMyR6IURgU9FKbFFmxCXf8TpraAKuWp0aJPy5W8JMXxTmOGatn7UTcwVJd61X0Li6WbCMZySocTnJV7WBpS9ECu4kdEMZOJ21xa+hFsZyFbXan8nRKTgL0E6Ka6vB7SSxWuTnca24dAEIRMMsRGYYKN10cF61SIa36f5XDs2oZixPZU7XQMjX2LCL4Ha4J2s1kuYEUV/wyGmbqDt5ML4hBcbVrcc1WBln0dwjvkmSjHzSDiN7TTGWpohiMwOEZtxo+UrAPblofyUOaGs3os7yJNVE1/HGbBAzHd0IPtOTLGA+ppIVlAT/GKszDLmoV2q1XBFljh9BZFCSBctUqfPiBKdTPJM8SIaOQVj9YqZTH1KtnWiKfAkb8QUdnhJx/a4+hep66RuQaoavAc6MEWFvuAaoLN5T+8+/JyQ5Cw1HP9X0/f7NIdfeD0tfEoKQKWmYihpE8tUwfWedAZfhnjBOAftv9WEnj5uC/HCjVh5V6yRM6efLO0RcKG6LtHn3O0evGsPn5bRP2s+Nio3x5wo9EMJCKYFxJjqeE6LEeDNS6pKxT1CGXDldudKogHcoBzsrtq/G/hlw2dxgiw4oswDGHbCxceHHZjQVbmrxZXLrYJcx/EIqCMP5a41Rcheo588mWCebdVVP9yFFFL2zZMpGpkE/3XYW7H5qGJm8e913esmPv8GDpRosDJ4gRzKDITPkdyISwsGU0kuNAI+onPVDNmTXu1V9eMA191adUJv2aBk0bGGMmSY8dLRHb0fsESEQa4HgYXEXIawztyteKihgHqJ3sJfEZWeR/GCTpnqGywXKx2Eua/s/iM1qNiGFdIUx33xhROFK0GiVdeUGTEVqcD23Xi7081hf+92Z5Udw1KmEXNN09FRklLbrZr2BY+bGJM/BGzZbv+1Gm+Z9pdAJCAsVeM9/a8hlXb00Vt3/UbZS9Mase9gRN85pf8IhuJJNwvDqOZlntasQCXTU6KxlfEEnYMgzVSsgH7gmhIWjgVs8sM8Qlu5j5GpXHlAoBnoCIv0cLZT4AwrKVsq6ZXMR32A/1BDAEu5pxowrcKJEJLDp2iAnKNfm7ffE0/UAK3+EagGcoAf58CR4pq4NtHCJq24OBDhx/H6az9E7zE3ljgH3U3AEZIE5U68VwvHo0tYuBbIlnATkU1ZMtzJXdJAPlKNpuc5pe19zGUIhHTw5w3SWpUqCER/JxtDf65QelexvJEQ20a+t339GhN8qvRdTXoF+uGGPZXW7YncnCUr3NzJAV0wQjO0ugMx/umMrQTIrczu5Os5puoUQE/aW6HmWgPnLXloxOFizBc8efgmjN2B6eXe/BGSauUDJhVQYkJQaBcjFhpYlwPhPVTE6ndYj8Idf6OpM6OXxHdRLMc1fS0uQZUf5kcCcZMRVFT0ivsXSV11zemXaOUDIgV18kJPGxOmo7G4Daj4dbzftd9SnMQpc6SOyvwkn3/ohkuTbFfZSdr4xj/ba6Ql5l6t4XtxNdacFGPU4iNVCqKivcNsxC7uQCs1sgVT7ZX4VMhZE2X2p/oY52SGKRKcuqrkn7YvFuAa1NMGJfQHWroEzZHtXrTb2d2YEuvqUin4IbEI/6Hvh6S9Om+1rdpi0YM+FIcHxkmcneY2O21DtOaq1x+5IihBIhubXnzCNpns9Hw1/ebY0hwkPL8gzsOHqhAQLpQtriwHd0ZnS0qWyvRVOkk3B9D5gNoXcfzf9Xe1aD1mb1P7cajqPOwoE65PjfIaVK090EsSFkHor8J3O6041qKj6fvbowoAiqcGBSpqRjAcqXxVeqzs88Jw12998v23YlXCjEIAdVOXrS9q4SElt3SOTt2rI3bratPkWFgXO6ZBnqHMzkInggNXxymqSQVWWGEr+5e2097A9U8tXBI68MDQmDKJhKESht/mcJFUK4gxxvuICTiEKSEHsGrG1y8NNAa3Weabv/EbF6k8yUnZvLpW0bPCIkttzZWrKwcqElLk2GFYjImTn8mtrUROWQRtAgHam8t0E5PebrJLbTMpQ0P2Yljr6Eju0zgcXiyXJRvrZUjQFQyctr/BndCnCA6EX6I7aZXq42jlh8/vWmDqFkoAXm3EV7N5g9KTUUgcOXxrPaBX95TQM/Bx64ZmY2J5STfPBOY0qxLPyWzME2VdZ8y1/c9w==--8eSxdaS9G0pZHUlP--lirDaoKkcRPANHhutO8kLQ==
AULE+uDZk9HYg85AvU2QGxhcPNBOj+IGrv1xjIkoT8ZEdeR3mhHSlij0ecI+jTXYcI9imoCKZBPuamQ7lORijrYe7M8R3Uo9SlkyAF1rLXxmXGCqJ1HG1zTIEVqPcStgvBACeKHo3hc7hE7lrrMBI4Put7DRg2Ze/aLwqPShxoIGYOG/1Q9FhP5kOvvTH5iJweyBIvnbZ91Fd+l9U7/q+iQH8IZXLdwhcGiU0Lq4Zbq/aS1BhyxcmQTzjOI7g2aKHktGxQ3h2PcGMXXFVbcXZP80Y+QYjjSlyjzEiUCfa3mef/JNuWhg9E+i0sWrOOaMuq6Xtv4+93d5vE/29yznYB/quk+Tq6OPGeMPjgENH+Ugq15Blgk/uXaUBuNXXNzUg9WQqmLoanTovkL3CCjAFp9TztJJrf/pDkquP/nlhK6MSSRZUiop629sWpHYqzhH/rrhdZmzl3NWw9vmXn/RMWgQMRCukEy/EbwoLz6vU71JlORKgBt8vhPvl5pWXsaUQl33Ql+dsnxiKn6EsPtku2grOyhlrFDIEmYAxdawKtZePYLEOGIr78V2GJufsFUkQeAHLhyD2VAu7NbLh/ShNxj8fgfAq7XgHkLpX48p2YfN0Sj2uGdITH5MDNUYuVzQvbwm3Miam4ZYqXltonpse8Gv0rBQ3nWL7tXHKbr+v6cIP4wX5Po8umAZzdGTMnsmS9yVjZbhqjVBtkb75LSwXsla5hfCS2BM2gDNnvtLkoDbU14vMAqZ3XWvhN19QTfRjCp0zg8w/VcxcuJiz2lMDG/n/tsC2Do9MP/d+v7TIsENdrSU5qm9uH+yK0QeTngF7vWd1IVBRgyxNzpVPszQbd5DNNW8qgrMem5pXtJkFI6EjEcA2FIR12UHCY/64Cous4GiD1+PaU53EHmd9TKQ1G2Jl5NiyqzYkFVwbL00CcDImrWaQoaIS1WxYym8zx/CVcK7f2dGbuIaSjOYBBG0ZUhIEHf+I5xC/XQ7wEileJwJNBfdSJiRYYDt6oxP5CwP+or1zN2tKeJabaZekItBV/Rr+rlLvErQo0TSykdHLBE2U613/chxbfTdryp327KuYmFY+I3dMiqnES63yMkKa4q9iKV/6TSyMcJ7Qu7qvlewczymLleHUGaNzq7xyuPyI6YJdRwy+5EG+WTvK1vrnmuxOjsTjOovAYqVUbn1jvC3zapjn47bgdtl9I1KJsiGU2CTfXQGhrxN+2HZSFClSmsFk5JlyJDvFJFIEojfcBqyfOD0dYWP7DJETZfPwAu252lQN33vrBuy3ohxH+rPrACVv8yAXw/3iKIAsfPfkAPE6dcvhYmR4xuTsx8veOMzz7avYlWzFKzaBDFXT2bosa4Mm7+sVc68czdl0r3Zf2B2BCHlQnRbPZNFUcUM4VShVDDSnpJ2VFc0HGWneK59y4AIiPZQGtKARWlfURer5FCqzGsQ4Fuy3/vTzBaYz0zsWjK0x9/Rx/55cTNBdrfQOZAIFBl6cb+NztqDq+KL5MWfUghPT+cbh20X5v+4naOfIEQEGlb4jVi1ikC2AfF4RCaAM4p0PLYj9O3jqdnhX+kgwKujb3/y0GlPSPc1Vt6MfFkjKDW1FUndZaS63g7nr3krevOKtWFEEq20adxCj3ihfMKkogx0KGaxkJkLrDRPh2kSC6Mqhcd36eLNboGBVlb89VKbkTeISHYgC38DOA4Qqe6oM+vL/FveiNpbSlbpz8EQJ5v+KP+nv7wnNkGGyBwAARNxViLBeu0HL/OS2lRU9i5YyJeF3H3AqXSwiDtMENGUNjijL7oQ+N4YuRR40fQxXLExUtXdNIH2MvRsXU0euCrGHIfLy7Efqlg+n3KYC88oDgdUjZe40hAGSIGRahajlouWk9ECDcZYMCxfoMANKYoSCXHi3I+PUsgOb/pAX6jJYYfh1gH150K/+OCPDXKFwMH6R0bH4JgpLUTKE8LlRU504sfHo2LsykxEnCwUdoagT538hGXUaU+5VltGfi2f3lyqkI8fNshxn9MK9l7bDOuifVcZx10aU2RDfNujbW5ZzEy+6IhW860VzGtEnhnvGiumawKmJOsSAulf3tltNQWUCecSIgQi6yZJVsMq6NUi+5oIKw5GK4setfTKvPlK3XikZf/s6AkId0Fo/qm6U4VUSlYDeIwBXb8Y9uaDtn33dOmMRYP0Ht2/L289m532vb6oX7E0YuNkIf0tXoXsk2t+1DLs0rM041yqoh/7LVLoFepSNImxGnt6dPy180U/KKvU9s4xrYyr4FFPnUqlkbWfDE5Z+z9JH6IIA/yXvuI8v/QVveJRgGnVb7i6fNzz+xInRgGS+l18ZdHnr9c+loZyx9t5Zn7V4mw74pVi+iN22B/qvw0djxfuVBnVi/smNr1YPMV3dp/L+s2ht8Tn4MSbIlj2uiDKpUuHERaCw8Tio8kIkmA94miZRRISAQj8XrsidLBCgnzjGO007JQY/ZkcaTnvcTd1qb6fvXDzSdeTTv/ncsm2ad/mixB/X/DREYpQh9hKhQMYQDl3UjRHa+PmXU0M/elQftowOh+QK2RDcjcqMumAzpmrQJrQopfOppsdGP0YD6xoZUXKCfWpF7x5yxRvKzqhfsUCCx7oIDWYvPb6R+6AL5ezVoejwYJQ75XsaiP7yqNNaGY/ShlQkwYdcDwNrMdRXYFn+gxqnoFuDQVhtx51aNfVhT9cav2lVoZwPKRcOXZNWpA4HtXfPm9eD/xHFomgUWTVelUMO9MBBb5eH+if/G5wR8gR/sJHxYyZQltSRG+Por8Z9JuB4CK5pWMYLBr5DHZ5oWhUuboydLSfB67XIZc349PxoGJCO4uiRV/UqhO3m0GKCSYMTBD4cn8Es6uEu/Gp3otu1h65FeF00i8O3eO8y5KH3kCGKYSg2NoDfhI34RCD3Xx5iHsCs82WKZuIVKaIBQ0LfvYCwK8jKa6EZ7BMPUqkvNbE+tHA7p5R314749YLmRIL0RndALj8Pei8GK9ifLHzN4L760BPvPZooUb+wlJaBlCmzJoN6e53tn9w++cNEiQzWGWzIirSOURYCdyQi+tjg5gvdfJXArg6C+hKcWwGLrv0hi1OvP6TiTr6Crx3cZKxIsAcAXY3qyvh7I7mMnBdA4bygZm/6CjuL0Vv+X+qPTj5UebpIc9xGYU9CGFEjiPsoae9vRTkf8gXXsxGpxVlHNyeAxf+X9fTgFzbNvt+kQO9yT0nF3vqPSPcJjfNc7tnhHJXDW4daGyjCRgnu0XVIufcxnwjCbUzG038wrMd7U/MXLt0yAhZ8gug5ivhQgrqzbiv4U0TEPypkdAvUZd9yUwhksvSA3bkYpPQpW02WTQwHSIQ2iLlSlsZ84Cta4xuG882WNd5UIA0KJam8a7IcSeqpbrhXYBR7QZIXJ+ymMjDT7WOB7FCjKABGnLZP4R7h3lHD2rJi9Q9/ltRxQK95iiT1ZDKVqf5o8wTrjgwwizgpTUNMlCPi3uthdRAmrPirR/O26DrNIPDgmdLpC2YIgEo2uISewHtZuy3gkXGRR5flQKG3lzhcOxkE9AvVLqYsSP6RNlmOjbnZGqvtJoaum/baLOxmERo+iEvRB2rm+JV9fPH0+ZPpdjYDma8bujRdj1Kky0n4Fgg3xzw/UQnxhtghud2Y9wj71FSTcMEDWfQhz5asahtbu7Trit7jAXVeAWBuCEmibd2JT1HCeFGsF4ZYYPThfF5rENr--FXzmVzKeSOHPa3D5--08W/g+J4EtERL68rHU6cqg==
2 changes: 2 additions & 0 deletions config/routes.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@
get "mes-contributions/:id", to: "users/contributions#show", as: :my_contribution
get "mes-contributions/:id/modifier", to: "users/contributions#edit", as: :edit_my_contribution

resources :github_events, only: [:create], module: :webhooks

resources :contributions, only: [:show, :edit, :update]

resources :osbl_imports, only: [:create, :show]
Expand Down
13 changes: 13 additions & 0 deletions db/migrate/20250403123232_create_github_event.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
class CreateGithubEvent < ActiveRecord::Migration[8.0]

@coderabbitai coderabbitai Bot Nov 16, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Migration timestamp predates PR creation.

The migration timestamp 20250403123232 (April 3, 2025) is approximately 7.5 months before the PR creation date (November 16, 2025). This backwards-in-time timestamp could cause migration ordering issues, especially in teams where migrations are generated concurrently.

Regenerate the migration with the correct timestamp:

#!/bin/bash
# Verify if there are any migrations between April 2025 and November 2025
# that could conflict with this ordering
fd -e rb . db/migrate/ --exec basename | sort
🤖 Prompt for AI Agents 
db/migrate/20250403123232_create_github_event.rb lines 1-1: The migration file
timestamp is older than the PR date which can break migration ordering;
regenerate this migration with a current timestamp: create a new migration using
Rails generator (rails generate migration CreateGithubEvent), copy the migration
body from the old file into the newly generated file, delete the old
20250403123232_* file, verify the new filename/timestamp is correct and the
class name matches, run git add/commit the new file and removal of the old one,
and run your migration status check to ensure ordering is correct before
pushing.

def change
create_table :github_events do |t|
t.string :event, null: false
t.json :payload, null: false
t.string :status, null: false, default: "pending"

t.references :contribution, foreign_key: true

t.timestamps
end
end
end
13 changes: 12 additions & 1 deletion db/schema.rb
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading