Update to the latest template app

Author: rachmari

.env-example

@@ -0,0 +1,3 @@
+GITHUB_PRIVATE_KEY=
+GITHUB_APP_IDENTIFIER=
+GITHUB_WEBHOOK_SECRET=

.gitignore

@@ -0,0 +1,3 @@
+node_modules
+package-lock.json
+.env

advanced_server.rb

@@ -73,8 +73,7 @@ class GHAapp < Sinatra::Application
       end
     end
 
-    'ok'  # we have to return _something_ ;)
-
+    'ok' # You have to return _something_. ;)
   end
 
 

server.rb

@@ -1,26 +1,28 @@
 require 'sinatra'
 require 'octokit'
+require 'dotenv/load' # Manages environment variables
+require 'git'
 require 'json'
-require 'openssl' # Used to verify the webhook signature
-require 'jwt'     # Used to authenticate a GitHub App
-require 'time'    # Used to get ISO 8601 representation of a Time object
-require 'logger'
+require 'openssl'     # Verifies the webhook signature
+require 'jwt'         # Authenticates a GitHub App
+require 'time'        # Gets ISO 8601 representation of a Time object
+require 'logger'      # Logs debug statements
 
 set :port, 3000
+set :bind, '0.0.0.0'
 
 
 # This is template code to create a GitHub App server.
 # You can read more about GitHub Apps here: # https://developer.github.com/apps/
 #
 # On its own, this app does absolutely nothing, except that it can be installed.
-# It's up to you to add fun functionality!
+# It's up to you to add functionality!
 # You can check out one example in advanced_server.rb.
 #
 # This code is a Sinatra app, for two reasons:
 #   1. Because the app will require a landing page for installation.
 #   2. To easily handle webhook events.
 #
-#
 # Of course, not all apps need to receive and process events!
 # Feel free to rip out the event handling code if you don't need it.
 #
@@ -29,16 +31,7 @@
 
 class GHAapp < Sinatra::Application
 
-  # !!! DO NOT EVER USE HARD-CODED VALUES IN A REAL APP !!!
-  # Instead, set and read app tokens or other secrets in your code
-  # in a runtime source, like an environment variable like below
-
-  # Expects that the private key has been set as an environment variable in
-  # PEM format using the following command to replace newlines with the
-  # literal `\n`:
-  #   export GITHUB_PRIVATE_KEY=`awk '{printf "%s\\n", $0}' private-key.pem`
-  #
-  # Converts the newlines
+  # Expects that the private key in PEM format. Converts the newlines
   PRIVATE_KEY = OpenSSL::PKey::RSA.new(ENV['GITHUB_PRIVATE_KEY'].gsub('\n', "\n"))
 
   # Your registered app must have a secret set. The secret is used to verify
@@ -59,26 +52,25 @@ class GHAapp < Sinatra::Application
     get_payload_request(request)
     verify_webhook_signature
     authenticate_app
-    # Authenticate each installation of the app in order to run API operations
+    # Authenticate the app installation in order to run API operations
     authenticate_installation(@payload)
   end
 
 
   post '/event_handler' do
 
-    # # # # # # # # # # # # # # # # # # #
-    #        ADD YOUR CODE HERE         #
-    # # # # # # # # # # # # # # # # # # #
+    # # # # # # # # # # # #
+    # ADD YOUR CODE HERE  #
+    # # # # # # # # # # # #
 
-    'ok' # We've got to return _something_. ;)
   end
 
 
   helpers do
 
-    # # # # # # # # # # # # # # # # # # #
-    #   ADD YOUR HELPERS METHODS HERE   #
-    # # # # # # # # # # # # # # # # # # #
+    # # # # # # # # # # # # # # # # #
+    # ADD YOUR HELPER METHODS HERE  #
+    # # # # # # # # # # # # # # # # #
 
     # Saves the raw payload and converts the payload to JSON format
     def get_payload_request(request)
@@ -95,7 +87,7 @@ def get_payload_request(request)
     end
 
     # Instantiate an Octokit client authenticated as a GitHub App.
-    # GitHub App authentication equires that we construct a
+    # GitHub App authentication requires that you construct a
     # JWT (https://jwt.io/introduction/) signed with the app's private key,
     # so GitHub can be sure that it came from the app an not altererd by
     # a malicious third party.
@@ -111,15 +103,15 @@ def authenticate_app
           iss: APP_IDENTIFIER
       }
 
-      # Cryptographically sign the JWT
+      # Cryptographically sign the JWT.
       jwt = JWT.encode(payload, PRIVATE_KEY, 'RS256')
 
       # Create the Octokit client, using the JWT as the auth token.
       @app_client ||= Octokit::Client.new(bearer_token: jwt)
     end
 
-    # Instantiate an Octokit client authenticated as an installation of a
-    # GitHub App to run API operations.
+    # Instantiate an Octokit client, authenticated as an installation of a
+    # GitHub App, to run API operations.
     def authenticate_installation(payload)
       installation_id = payload['installation']['id']
       installation_token = @app_client.create_app_installation_access_token(installation_id)[:token]
@@ -129,14 +121,14 @@ def authenticate_installation(payload)
     # Check X-Hub-Signature to confirm that this webhook was generated by
     # GitHub, and not a malicious third party.
     #
-    # GitHub will the WEBHOOK_SECRET, registered
-    # to the GitHub App, to create a hash signature sent in each webhook payload
-    # in the `X-HUB-Signature` header. This code computes the expected hash
-    # signature and compares it to the signature sent in the `X-HUB-Signature`
-    # header. If they don't match, this request is an attack, and we should
-    # reject it. GitHub uses the HMAC hexdigest to compute the signature. The
-    # `X-HUB-Signature` looks something like this: "sha1=123456"
-    # See https://developer.github.com/webhooks/securing/ for details
+    # GitHub uses the WEBHOOK_SECRET, registered to the GitHub App, to
+    # create the hash signature sent in the `X-HUB-Signature` header of each
+    # webhook. This code computes the expected hash signature and compares it to
+    # the signature sent in the `X-HUB-Signature` header. If they don't match,
+    # this request is an attack, and you should reject it. GitHub uses the HMAC
+    # hexdigest to compute the signature. The `X-HUB-Signature` looks something
+    # like this: "sha1=123456".
+    # See https://developer.github.com/webhooks/securing/ for details.
     def verify_webhook_signature
       their_signature_header = request.env['HTTP_X_HUB_SIGNATURE'] || 'sha1='
       method, their_digest = their_signature_header.split('=')
@@ -150,12 +142,5 @@ def verify_webhook_signature
     end
 
   end
-
-
-  # Finally some logic to let us run this server directly from the commandline, or with Rack
-  # Don't worry too much about this code ;) But, for the curious:
-  # $0 is the executed file
-  # __FILE__ is the current file
-  # If they are the same—that is, we are running this file directly, call the Sinatra run method
   run! if __FILE__ == $0
 end