Skip to content

feat: integrate Probot middleware for GitHub webhooks #468

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 17 commits into from
Oct 5, 2025
Merged

feat: integrate Probot middleware for GitHub webhooks #468

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
deaadab
feat: integrate Probot middleware for GitHub webhooks
mafreud Oct 4, 2025
28163b2
feat: integrate Probot into Firebase functions and update dependencies
mafreud Oct 5, 2025
952d40f
feat: add step to install dependencies for GitHub apps in CI workflow
mafreud Oct 5, 2025
d783ae2
ci: add debugging steps to GitHub apps dependency installation
mafreud Oct 5, 2025
5d46bd9
ci: remove unnecessary debug commands from GitHub apps dependency ins…
mafreud Oct 5, 2025
30bc9b2
refactor: remove test file and update GitHub App ID configuration
mafreud Oct 5, 2025
4b923f1
refactor: comment out probotApp export and restructure middleware ini…
mafreud Oct 5, 2025
f4dfaa0
fix: update Firebase service account secret reference in GitHub apps …
mafreud Oct 5, 2025
810fca9
refactor: comment out unused GitHub App secrets and middleware initia…
mafreud Oct 5, 2025
1d254ad
refactor: uncomment githubAppId definition and usage in Firebase func…
mafreud Oct 5, 2025
a9086bf
refactor: restore GitHub App secrets and middleware initialization in…
mafreud Oct 5, 2025
9c8710c
refactor: add debugging commands to GitHub apps dependency installati…
mafreud Oct 5, 2025
78a8eb3
refactor: add debugging step for GitHub apps dependency installation …
mafreud Oct 5, 2025
c73aa4c
refactor: migrate GitHub app code to Firebase functions
mafreud Oct 5, 2025
99d5e48
refactor: reorder Test step in GitHub Actions workflow for clarity
mafreud Oct 5, 2025
b746582
refactor: uncomment and clean up probot middleware initialization in …
mafreud Oct 5, 2025
699b665
refactor: remove unused firebase service account and streamline GitHu…
mafreud Oct 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .github/workflows/github-apps-cd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,12 @@ jobs:
with:
credentials_json: ${{ secrets.FIREBASE_SA_KEY_FOR_PREVIEW_FUNCTIONS }}

- name: Install dependencies for GitHub apps
working-directory: openci-runner/github-apps
run: |
npm ci
npm run build
Copy link
Contributor

@coderabbitai coderabbitai bot Oct 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

本番デプロイにも同じビルド手順を追加してください。

DEV 用ジョブにだけ GitHub Apps の npm ci && npm run build を追加すると、本番デプロイ (deploy-firebase-functions-production) では未ビルドのまま Firebase Functions がデプロイされるリスクがあります。Probot 連携が Functions から openci-runner/github-apps のビルド成果物に依存している場合、push 時の本番デプロイが失敗するか旧成果物のままになります。

以下のように production ジョブにも同じステップを追加することを提案します。

       - uses: google-github-actions/auth@v2
         with:
           credentials_json: ${{ secrets.FIREBASE_SA_KEY }}
 
+      - name: Install dependencies for GitHub apps
+        working-directory: openci-runner/github-apps
+        run: |
+          npm ci
+          npm run build
+
       - name: Install dependencies
         working-directory: openci-runner/firebase/functions
         run: npm ci
🤖 Prompt for AI Agents 
In .github/workflows/github-apps-cd.yml around lines 34-38, the CI currently
runs npm ci && npm run build only in the DEV job which means the production
deploy job may push unbuilt Firebase Functions; add the same two-step block (npm
ci and npm run build with working-directory: openci-runner/github-apps) into the
production job (deploy-firebase-functions-production) before the deploy step so
the GitHub Apps artifacts are built for production as well and ensure it runs in
the same context/order as the DEV job.


- name: Install dependencies
working-directory: openci-runner/firebase/functions
run: npm ci
Expand Down
9 changes: 6 additions & 3 deletions .github/workflows/reusable-firebase-functions-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,14 @@ jobs:
with:
node-version-file: .nvmrc

- name: Install dependencies for GitHub apps
working-directory: openci-runner/github-apps
run: |
npm ci
npm run build

- name: Install dependencies
run: npm ci

- name: Run tests
run: npm test

- name: Check build
run: npm run build
2,388 changes: 1,868 additions & 520 deletions openci-runner/firebase/functions/package-lock.json
View file
Open in desktop

Large diffs are not rendered by default.

6 changes: 4 additions & 2 deletions openci-runner/firebase/functions/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@
"main": "lib/index.js",
"dependencies": {
"firebase-admin": "^12.6.0",
"firebase-functions": "^6.0.1"
"firebase-functions": "^6.0.1",
"probot": "^14.0.2"
},
"devDependencies": {
"@types/supertest": "^6.0.3",
Expand All @@ -25,5 +26,6 @@
"typescript": "^4.9.0",
"vitest": "^1.6.0"
},
"private": true
"private": true,
"type": "module"
}
40 changes: 38 additions & 2 deletions openci-runner/firebase/functions/src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,50 @@
import { logger } from "firebase-functions";
import { onRequest } from "firebase-functions/https";
import { defineSecret } from "firebase-functions/params";
import { createNodeMiddleware, createProbot } from "probot";

import { logger } from "firebase-functions";
import { appFn } from "../../../github-apps/lib/index.js";

const firebaseServiceAccount = defineSecret("FB_SERVICE_ACCOUNT");

const githubAppId = defineSecret("GITHUB_APP_ID");
const githubPrivateKey = defineSecret("GITHUB_PRIVATE_KEY");
const githubWebhookSecret = defineSecret("GITHUB_WEBHOOK_SECRET");

// export const probotApp = createNodeMiddleware(appFn, {
// probot: createProbot({
// overrides: {
// appId: githubAppId.value(),
// privateKey: githubPrivateKey.value(),
// secret: githubWebhookSecret.value(),
// },
// }),
// webhooksPath: "/",
// });

export const githubWebhook = onRequest(
{ secrets: [firebaseServiceAccount] },
{
secrets: [
firebaseServiceAccount,
githubAppId,
githubPrivateKey,
githubWebhookSecret,
],
},
(req, res) => {
const serviceAccountJson = JSON.parse(firebaseServiceAccount.value());
serviceAccountJson;

createNodeMiddleware(appFn, {
probot: createProbot({
overrides: {
appId: githubAppId.value(),
privateKey: githubPrivateKey.value(),
secret: githubWebhookSecret.value(),
},
}),
webhooksPath: "/",
});
logger.info("Hello logs!", { structuredData: true });
res.send("Hello from Firebase!");
},
Expand Down
29 changes: 0 additions & 29 deletions openci-runner/firebase/functions/test/hello-world.test.ts
View file
Open in desktop

This file was deleted.

4 changes: 3 additions & 1 deletion openci-runner/firebase/functions/tsconfig.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,9 @@
"outDir": "lib",
"sourceMap": true,
"strict": true,
"target": "es2017"
"target": "es2017",
// TODO(someone): remove this
"skipLibCheck": true,
},
"compileOnSave": true,
"include": [
Expand Down
Loading
Loading