Put secret_scanning_alert events into queue before processinggaryxuehong/gh4j#4

Sign in

# Repo & Issue Metadata
Repo: gh4j: No description provided.
Issue Title: put secret_scanning_alert events into queue before processing

Issue Description: The event processing in webhook-receive-post is not putting events "secret_scanning_alert" into queue, like "push" queue in queue.ts. This will risk lost of events "secret_scanning_alert". 

Task:
1. Put "secret_scanning_alert" events into a new queue. Please refer to "push" as example.
2. In queue.ts, create new queue for the "secret_scanning_alert" events and copy the handling logic for "secret_scanning_alert" in webhook-receive-post.ts into queue.ts

You have previously changed these files:
<changed_file file_path="src/sqs/secret-scanning-alert.ts">
--- 
+++ 
@@ -0,0 +1,52 @@
+import { WebhookContext } from "../routes/github/webhook/webhook-context";
+import { secretScanningAlertWebhookHandler } from "../github/secret-scanning-alert";
+import { GithubWebhookMiddleware } from "../middleware/github-webhook-middleware";
+import { Logger } from "bunyan";
+import { getLogger } from "../config/logger";
+
+export type SecretScanningAlertMessagePayload = {
+  action: string;
+  alert: {
+    number: number;
+    created_at: string;
+    url: string;
+    html_url: string;
+    state: string;
+    resolution: string | null;
+    resolved_by: string | null;
+    resolved_at: string | null;
+  };
+  repository: {
+    id: number;
+    name: string;
+    full_name: string;
+    private: boolean;
+  };
+  sender: {
+    login: string;
+    id: number;
+  };
+  // Add any additional properties that are specific to the "secret_scanning_alert" event payload
+};
+
+export const secretScanningAlertQueueMessageHandler = async (messagePayload: SecretScanningAlertMessagePayload): Promise<void> => {
+  const logger: Logger = getLogger("secret-scanning-alert");
+  try {
+    const webhookContext = new WebhookContext({
+      id: messagePayload.alert.number.toString(),
+      name: "secret_scanning_alert",
+      payload: messagePayload,
+      log: logger,
+      action: messagePayload.action,
+      gitHubAppConfig: {
+        // Populate with necessary GitHub app configuration
+      }
+    });
+
+    await GithubWebhookMiddleware(secretScanningAlertWebhookHandler)(webhookContext);
+    logger.info("Secret scanning alert was successfully processed");
+  } catch (err: unknown) {
+    logger.error({ err }, "Failed to process secret scanning alert");
+    throw err; // Rethrow the error to be handled by the caller or SQS dead-letter queue
+  }
+};
</changed_file>
<changed_file file_path="src/sqs/secret-scanning-alert.test.ts">
--- 
+++ 
@@ -0,0 +1,77 @@
+import { secretScanningAlertQueueMessageHandler } from './secret-scanning-alert';
+import { WebhookContext } from '../routes/github/webhook/webhook-context';
+import { secretScanningAlertWebhookHandler } from '../github/secret-scanning-alert';
+import { GithubWebhookMiddleware } from '../middleware/github-webhook-middleware';
+import { getLogger } from '../config/logger';
+
+jest.mock('../github/secret-scanning-alert', () => ({
+  secretScanningAlertWebhookHandler: jest.fn(),
+}));
+
+jest.mock('../middleware/github-webhook-middleware', () => ({
+  GithubWebhookMiddleware: jest.fn().mockImplementation((handler) => handler),
+}));
+
+jest.mock('../config/logger', () => ({
+  getLogger: jest.fn().mockReturnValue({
+    info: jest.fn(),
+    error: jest.fn(),
+  }),
+}));
+
+describe('secretScanningAlertQueueMessageHandler', () => {
+  let mockContext;
+  let mockPayload;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    mockPayload = {
+      action: 'created',
+      alert: {
+        number: 42,
+        created_at: '2021-04-01T00:00:00Z',
+        url: 'https://api.github.com/repos/octocat/Hello-World/secret-scanning/42',
+        html_url: 'https://github.com/octocat/Hello-World/security/secret-scanning/42',
+        state: 'open',
+        resolution: null,
+        resolved_by: null,
+        resolved_at: null,
+      },
+      repository: {
+        id: 123456,
+        name: 'Hello-World',
+        full_name: 'octocat/Hello-World',
+        private: false,
+      },
+      sender: {
+        login: 'octocat',
+        id: 1,
+      },
+    };
+    mockContext = new WebhookContext({
+      id: mockPayload.alert.number.toString(),
+      name: 'secret_scanning_alert',
+      payload: mockPayload,
+      log: getLogger('secret-scanning-alert'),
+      action: mockPayload.action,
+      gitHubAppConfig: {},
+    });
+  });
+
+  it('should process a secret scanning alert event successfully', async () => {
+    await secretScanningAlertQueueMessageHandler(mockPayload);
+
+    expect(GithubWebhookMiddleware).toHaveBeenCalledWith(secretScanningAlertWebhookHandler);
+    expect(secretScanningAlertWebhookHandler).toHaveBeenCalledWith(mockContext);
+    expect(mockContext.log.info).toHaveBeenCalledWith('Secret scanning alert was successfully processed');
+  });
+
+  it('should log an error and rethrow when processing of a secret scanning alert event fails', async () => {
+    const error = new Error('Processing failed');
+    (secretScanningAlertWebhookHandler as jest.Mock).mockRejectedValueOnce(error);
+
+    await expect(secretScanningAlertQueueMessageHandler(mockPayload)).rejects.toThrow(error);
+
+    expect(mockContext.log.error).toHaveBeenCalledWith({ err: error }, 'Failed to process secret scanning alert');
+  });
+});
</changed_file>

Relevant files in this PR:

<relevant_file file_path="src/sqs/secret-scanning-alert.ts">
import { WebhookContext } from "../routes/github/webhook/webhook-context";
import { secretScanningAlertWebhookHandler } from "../github/secret-scanning-alert";
import { GithubWebhookMiddleware } from "../middleware/github-webhook-middleware";
import { Logger } from "bunyan";
import { getLogger } from "../config/logger";

export type SecretScanningAlertMessagePayload = {
  action: string;
  alert: {
    number: number;
    created_at: string;
    url: string;
    html_url: string;
    state: string;
    resolution: string | null;
    resolved_by: string | null;
    resolved_at: string | null;
  };
  repository: {
    id: number;
    name: string;
    full_name: string;
    private: boolean;
  };
  sender: {
    login: string;
    id: number;
  };
  // Add any additional properties that are specific to the "secret_scanning_alert" event payload
};

export const secretScanningAlertQueueMessageHandler = async (messagePayload: SecretScanningAlertMessagePayload): Promise<void> => {
  const logger: Logger = getLogger("secret-scanning-alert");
  try {
    const webhookContext = new WebhookContext({
      id: messagePayload.alert.number.toString(),
      name: "secret_scanning_alert",
      payload: messagePayload,
      log: logger,
      action: messagePayload.action,
      gitHubAppConfig: {
        // Populate with necessary GitHub app configuration
      }
    });

    await GithubWebhookMiddleware(secretScanningAlertWebhookHandler)(webhookContext);
    logger.info("Secret scanning alert was successfully processed");
  } catch (err: unknown) {
    logger.error({ err }, "Failed to process secret scanning alert");
    throw err; // Rethrow the error to be handled by the caller or SQS dead-letter queue
  }
};

</relevant_file>

<section id="A">
import Logger from "bunyan";
import { envVars }  from "config/env";
import { SqsQueue } from "./sqs";
import { backfillQueueMessageHandler } from "./backfill";
import { pushQueueMessageHandler } from "./push";
import { jiraAndGitHubErrorsHandler, webhookMetricWrapper } from "./error-handlers";
import { deploymentQueueMessageHandler } from "./deployment";
import { branchQueueMessageHandler } from "./branch";
import { getLogger } from "config/logger";
import type { BackfillMessagePayload, PushQueueMessagePayload, DeploymentMessagePayload, BranchMessagePayload } from "./sqs.types";
import { backfillErrorHandler } from "~/src/sqs/backfill-error-handler";

const LONG_POLLING_INTERVAL_SEC = 3;
</section id="A">
<section id="B">
const logger = getLogger("sqs-queues");

// TODO: Make this a class

let backfillQueue: SqsQueue<BackfillMessagePayload> | undefined = undefined;

const backfillQueueMessageSender = (message: BackfillMessagePayload, delaySec: number, logger: Logger) => {
	// Given the single-threaded nature of Node.js, backfillQueue is always initialised
	// because SqsQueue is not triggering messageHandler from ctor
	if (backfillQueue === undefined) {
		throw new Error("backfillQueue is undefined");
	}
	return backfillQueue.sendMessage(message, delaySec, logger);
};

</section id="B">
<section id="C">
backfillQueue = new SqsQueue<BackfillMessagePayload>(
	{
		queueName: "backfill",
		queueUrl: envVars.SQS_BACKFILL_QUEUE_URL,
		queueRegion: envVars.SQS_BACKFILL_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 10 * 60,
		maxAttempts: 3
	},
	backfillQueueMessageHandler(backfillQueueMessageSender),
	backfillErrorHandler(backfillQueueMessageSender)
);

</section id="C">
<section id="D">
export const sqsQueues = {
	backfill: backfillQueue,

	push: new SqsQueue<PushQueueMessagePayload>({
		queueName: "push",
		queueUrl: envVars.SQS_PUSH_QUEUE_URL,
		queueRegion: envVars.SQS_PUSH_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	}, pushQueueMessageHandler, webhookMetricWrapper(jiraAndGitHubErrorsHandler, "push")),

</section id="D">
<section id="E">
	deployment: new SqsQueue<DeploymentMessagePayload>({
		queueName: "deployment",
		queueUrl: envVars.SQS_DEPLOYMENT_QUEUE_URL,
		queueRegion: envVars.SQS_DEPLOYMENT_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	},
	deploymentQueueMessageHandler,
	webhookMetricWrapper(jiraAndGitHubErrorsHandler, "deployment_status")
	),

</section id="E">
<section id="F">
	branch: new SqsQueue<BranchMessagePayload>({
		queueName: "branch",
		queueUrl: envVars.SQS_BRANCH_QUEUE_URL,
		queueRegion: envVars.SQS_BRANCH_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	},
	branchQueueMessageHandler,
	webhookMetricWrapper(jiraAndGitHubErrorsHandler, "create")
	),

	start: () => {
		logger.info("Starting queues");
		sqsQueues.backfill.start();
		sqsQueues.push.start();
		sqsQueues.deployment.start();
		sqsQueues.branch.start();
		logger.info("All queues started");
	},

	stop: async () => {
		logger.info("Stopping queues");
		await Promise.all([
			sqsQueues.backfill.stop(),
			sqsQueues.push.stop(),
			sqsQueues.deployment.stop(),
			sqsQueues.branch.stop()
		]);
		logger.info("All queues stopped");
	}
};
</section id="F">

# Request
• Import the `SecretScanningAlertMessagePayload` type and the `secretScanningAlertQueueMessageHandler` function from the newly created `secret-scanning-alert.ts` file.
• Add a new `SqsQueue` instance for "secret_scanning_alert" events to the `sqsQueues` object. Configure it with the appropriate queue name, URL, region, and other settings similar to the existing queues.
• Use the `secretScanningAlertQueueMessageHandler` as the message handler for the new queue.

SUCCESS
Here are the lines containing the keywords:

The keyword was found in the following sections:

<section id='A'> (11 matches)
import Logger from "bunyan";
^
import { envVars }  from "config/env";
^
import { SqsQueue } from "./sqs";
^
import { backfillQueueMessageHandler } from "./backfill";
^
import { pushQueueMessageHandler } from "./push";
^
import { jiraAndGitHubErrorsHandler, webhookMetricWrapper } from "./error-handlers";
^
import { deploymentQueueMessageHandler } from "./deployment";
^
import { branchQueueMessageHandler } from "./branch";
^
import { getLogger } from "config/logger";
^
import type { BackfillMessagePayload, PushQueueMessagePayload, DeploymentMessagePayload, BranchMessagePayload } from "./sqs.types";
^
import { backfillErrorHandler } from "~/src/sqs/backfill-error-handler";
^

const LONG_POLLING_INTERVAL_SEC = 3;
</section>

SUCCESS
Here are the lines containing the keywords:

The keyword was found in the following sections:

<section id='C'> (1 matches)
backfillQueue = new SqsQueue<BackfillMessagePayload>(
                ^
	{
		queueName: "backfill",
		queueUrl: envVars.SQS_BACKFILL_QUEUE_URL,
		queueRegion: envVars.SQS_BACKFILL_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 10 * 60,
		maxAttempts: 3
	},
	backfillQueueMessageHandler(backfillQueueMessageSender),
	backfillErrorHandler(backfillQueueMessageSender)
);
</section>
<section id='D'> (1 matches)
export const sqsQueues = {
	backfill: backfillQueue,

	push: new SqsQueue<PushQueueMessagePayload>({
       ^
		queueName: "push",
		queueUrl: envVars.SQS_PUSH_QUEUE_URL,
		queueRegion: envVars.SQS_PUSH_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	}, pushQueueMessageHandler, webhookMetricWrapper(jiraAndGitHubErrorsHandler, "push")),
</section>
<section id='E'> (1 matches)
	deployment: new SqsQueue<DeploymentMessagePayload>({
             ^
		queueName: "deployment",
		queueUrl: envVars.SQS_DEPLOYMENT_QUEUE_URL,
		queueRegion: envVars.SQS_DEPLOYMENT_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	},
	deploymentQueueMessageHandler,
	webhookMetricWrapper(jiraAndGitHubErrorsHandler, "deployment_status")
	),
</section>
<section id='F'> (1 matches)
	branch: new SqsQueue<BranchMessagePayload>({
         ^
		queueName: "branch",
		queueUrl: envVars.SQS_BRANCH_QUEUE_URL,
		queueRegion: envVars.SQS_BRANCH_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	},
	branchQueueMessageHandler,
	webhookMetricWrapper(jiraAndGitHubErrorsHandler, "create")
	),

	start: () => {
		logger.info("Starting queues");
		sqsQueues.backfill.start();
		sqsQueues.push.start();
		sqsQueues.deployment.start();
		sqsQueues.branch.start();
		logger.info("All queues started");
	},

	stop: async () => {
		logger.info("Stopping queues");
		await Promise.all([
			sqsQueues.backfill.stop(),
			sqsQueues.push.stop(),
			sqsQueues.deployment.stop(),
			sqsQueues.branch.stop()
		]);
		logger.info("All queues stopped");
	}
};
</section>

SUCCESS
Here are the new code sections:

The following changes have been applied:
```diff
--- 
+++ 
@@ -8,6 +8,7 @@
 import { branchQueueMessageHandler } from "./branch";
 import { getLogger } from "config/logger";
 import type { BackfillMessagePayload, PushQueueMessagePayload, DeploymentMessagePayload, BranchMessagePayload } from "./sqs.types";
+import { SecretScanningAlertMessagePayload, secretScanningAlertQueueMessageHandler } from "./secret-scanning-alert";
 import { backfillErrorHandler } from "~/src/sqs/backfill-error-handler";
 
 const LONG_POLLING_INTERVAL_SEC = 3;

```
Here are the new code sections:




<section id="A">
import Logger from "bunyan";
import { envVars }  from "config/env";
import { SqsQueue } from "./sqs";
import { backfillQueueMessageHandler } from "./backfill";
import { pushQueueMessageHandler } from "./push";
import { jiraAndGitHubErrorsHandler, webhookMetricWrapper } from "./error-handlers";
import { deploymentQueueMessageHandler } from "./deployment";
import { branchQueueMessageHandler } from "./branch";
import { getLogger } from "config/logger";
import type { BackfillMessagePayload, PushQueueMessagePayload, DeploymentMessagePayload, BranchMessagePayload } from "./sqs.types";
</section id="A">
<section id="B">
import { SecretScanningAlertMessagePayload, secretScanningAlertQueueMessageHandler } from "./secret-scanning-alert";
import { backfillErrorHandler } from "~/src/sqs/backfill-error-handler";

const LONG_POLLING_INTERVAL_SEC = 3;
const logger = getLogger("sqs-queues");

// TODO: Make this a class

let backfillQueue: SqsQueue<BackfillMessagePayload> | undefined = undefined;

</section id="B">
<section id="C">
const backfillQueueMessageSender = (message: BackfillMessagePayload, delaySec: number, logger: Logger) => {
	// Given the single-threaded nature of Node.js, backfillQueue is always initialised
	// because SqsQueue is not triggering messageHandler from ctor
	if (backfillQueue === undefined) {
		throw new Error("backfillQueue is undefined");
	}
	return backfillQueue.sendMessage(message, delaySec, logger);
};

</section id="C">
<section id="D">
backfillQueue = new SqsQueue<BackfillMessagePayload>(
	{
		queueName: "backfill",
		queueUrl: envVars.SQS_BACKFILL_QUEUE_URL,
		queueRegion: envVars.SQS_BACKFILL_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 10 * 60,
		maxAttempts: 3
	},
	backfillQueueMessageHandler(backfillQueueMessageSender),
	backfillErrorHandler(backfillQueueMessageSender)
);

</section id="D">
<section id="E">
export const sqsQueues = {
	backfill: backfillQueue,

	push: new SqsQueue<PushQueueMessagePayload>({
		queueName: "push",
		queueUrl: envVars.SQS_PUSH_QUEUE_URL,
		queueRegion: envVars.SQS_PUSH_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	}, pushQueueMessageHandler, webhookMetricWrapper(jiraAndGitHubErrorsHandler, "push")),

</section id="E">
<section id="F">
	deployment: new SqsQueue<DeploymentMessagePayload>({
		queueName: "deployment",
		queueUrl: envVars.SQS_DEPLOYMENT_QUEUE_URL,
		queueRegion: envVars.SQS_DEPLOYMENT_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	},
	deploymentQueueMessageHandler,
	webhookMetricWrapper(jiraAndGitHubErrorsHandler, "deployment_status")
	),

</section id="F">
<section id="G">
	branch: new SqsQueue<BranchMessagePayload>({
		queueName: "branch",
		queueUrl: envVars.SQS_BRANCH_QUEUE_URL,
		queueRegion: envVars.SQS_BRANCH_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	},
	branchQueueMessageHandler,
	webhookMetricWrapper(jiraAndGitHubErrorsHandler, "create")
	),

	start: () => {
		logger.info("Starting queues");
		sqsQueues.backfill.start();
		sqsQueues.push.start();
		sqsQueues.deployment.start();
		sqsQueues.branch.start();
		logger.info("All queues started");
	},

	stop: async () => {
		logger.info("Stopping queues");
		await Promise.all([
			sqsQueues.backfill.stop(),
			sqsQueues.push.stop(),
			sqsQueues.deployment.stop(),
			sqsQueues.branch.stop()
		]);
		logger.info("All queues stopped");
	}
};
</section id="G">

You can continue to make changes to the code sections and call the `search_and_replace` function again.

ERROR
No changes were made due to the following error:

The old_code in the 0th replace_to_make does not appear to be present in section F. The old_code contains:
```
start: () => {
```
But section F has code:
```
	deployment: new SqsQueue<DeploymentMessagePayload>({
		queueName: "deployment",
		queueUrl: envVars.SQS_DEPLOYMENT_QUEUE_URL,
		queueRegion: envVars.SQS_DEPLOYMENT_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	},
	deploymentQueueMessageHandler,
	webhookMetricWrapper(jiraAndGitHubErrorsHandler, "deployment_status")
	),

```

Did you mean one of the following sections?
<section id="G">
	branch: new SqsQueue<BranchMessagePayload>({
		queueName: "branch",
		queueUrl: envVars.SQS_BRANCH_QUEUE_URL,
		queueRegion: envVars.SQS_BRANCH_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	},
	branchQueueMessageHandler,
	webhookMetricWrapper(jiraAndGitHubErrorsHandler, "create")
	),

	start: () => {
		logger.info("Starting queues");
		sqsQueues.backfill.start();
		sqsQueues.push.start();
		sqsQueues.deployment.start();
		sqsQueues.branch.start();
		logger.info("All queues started");
	},

	stop: async () => {
		logger.info("Stopping queues");
		await Promise.all([
			sqsQueues.backfill.stop(),
			sqsQueues.push.stop(),
			sqsQueues.deployment.stop(),
			sqsQueues.branch.stop()
		]);
		logger.info("All queues stopped");
	}
};
</section>
```

SUCCESS
Here are the new code sections:

The following changes have been applied:
```diff
--- 
+++ 
@@ -76,6 +76,15 @@
 	webhookMetricWrapper(jiraAndGitHubErrorsHandler, "create")
 	),
 
+	secret_scanning_alert: new SqsQueue<SecretScanningAlertMessagePayload>({
+		queueName: "secret_scanning_alert",
+		queueUrl: envVars.SQS_SECRET_SCANNING_ALERT_QUEUE_URL,
+		queueRegion: envVars.SQS_SECRET_SCANNING_ALERT_QUEUE_REGION,
+		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
+		timeoutSec: 60,
+		maxAttempts: 5
+	}, secretScanningAlertQueueMessageHandler, webhookMetricWrapper(jiraAndGitHubErrorsHandler, "secret_scanning_alert")),
+
 	start: () => {
 		logger.info("Starting queues");
 		sqsQueues.backfill.start();

```
Here are the new code sections:




<section id="A">
import Logger from "bunyan";
import { envVars }  from "config/env";
import { SqsQueue } from "./sqs";
import { backfillQueueMessageHandler } from "./backfill";
import { pushQueueMessageHandler } from "./push";
import { jiraAndGitHubErrorsHandler, webhookMetricWrapper } from "./error-handlers";
import { deploymentQueueMessageHandler } from "./deployment";
import { branchQueueMessageHandler } from "./branch";
import { getLogger } from "config/logger";
import type { BackfillMessagePayload, PushQueueMessagePayload, DeploymentMessagePayload, BranchMessagePayload } from "./sqs.types";
</section id="A">
<section id="B">
import { SecretScanningAlertMessagePayload, secretScanningAlertQueueMessageHandler } from "./secret-scanning-alert";
import { backfillErrorHandler } from "~/src/sqs/backfill-error-handler";

const LONG_POLLING_INTERVAL_SEC = 3;
const logger = getLogger("sqs-queues");

// TODO: Make this a class

let backfillQueue: SqsQueue<BackfillMessagePayload> | undefined = undefined;

</section id="B">
<section id="C">
const backfillQueueMessageSender = (message: BackfillMessagePayload, delaySec: number, logger: Logger) => {
	// Given the single-threaded nature of Node.js, backfillQueue is always initialised
	// because SqsQueue is not triggering messageHandler from ctor
	if (backfillQueue === undefined) {
		throw new Error("backfillQueue is undefined");
	}
	return backfillQueue.sendMessage(message, delaySec, logger);
};

</section id="C">
<section id="D">
backfillQueue = new SqsQueue<BackfillMessagePayload>(
	{
		queueName: "backfill",
		queueUrl: envVars.SQS_BACKFILL_QUEUE_URL,
		queueRegion: envVars.SQS_BACKFILL_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 10 * 60,
		maxAttempts: 3
	},
	backfillQueueMessageHandler(backfillQueueMessageSender),
	backfillErrorHandler(backfillQueueMessageSender)
);

</section id="D">
<section id="E">
export const sqsQueues = {
	backfill: backfillQueue,

	push: new SqsQueue<PushQueueMessagePayload>({
		queueName: "push",
		queueUrl: envVars.SQS_PUSH_QUEUE_URL,
		queueRegion: envVars.SQS_PUSH_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	}, pushQueueMessageHandler, webhookMetricWrapper(jiraAndGitHubErrorsHandler, "push")),

</section id="E">
<section id="F">
	deployment: new SqsQueue<DeploymentMessagePayload>({
		queueName: "deployment",
		queueUrl: envVars.SQS_DEPLOYMENT_QUEUE_URL,
		queueRegion: envVars.SQS_DEPLOYMENT_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	},
	deploymentQueueMessageHandler,
	webhookMetricWrapper(jiraAndGitHubErrorsHandler, "deployment_status")
	),

</section id="F">
<section id="G">
	branch: new SqsQueue<BranchMessagePayload>({
		queueName: "branch",
		queueUrl: envVars.SQS_BRANCH_QUEUE_URL,
		queueRegion: envVars.SQS_BRANCH_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	},
	branchQueueMessageHandler,
	webhookMetricWrapper(jiraAndGitHubErrorsHandler, "create")
	),

</section id="G">
<section id="H">
	secret_scanning_alert: new SqsQueue<SecretScanningAlertMessagePayload>({
		queueName: "secret_scanning_alert",
		queueUrl: envVars.SQS_SECRET_SCANNING_ALERT_QUEUE_URL,
		queueRegion: envVars.SQS_SECRET_SCANNING_ALERT_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	}, secretScanningAlertQueueMessageHandler, webhookMetricWrapper(jiraAndGitHubErrorsHandler, "secret_scanning_alert")),

	start: () => {
		logger.info("Starting queues");
		sqsQueues.backfill.start();
		sqsQueues.push.start();
		sqsQueues.deployment.start();
		sqsQueues.branch.start();
		logger.info("All queues started");
	},

	stop: async () => {
		logger.info("Stopping queues");
		await Promise.all([
			sqsQueues.backfill.stop(),
			sqsQueues.push.stop(),
			sqsQueues.deployment.stop(),
			sqsQueues.branch.stop()
		]);
		logger.info("All queues stopped");
	}
};
</section id="H">

You can continue to make changes to the code sections and call the `search_and_replace` function again.

# Repo & Issue Metadata
Repo: gh4j: No description provided.
Issue Title: put secret_scanning_alert events into queue before processing

Issue Description: The event processing in webhook-receive-post is not putting events "secret_scanning_alert" into queue, like "push" queue in queue.ts. This will risk lost of events "secret_scanning_alert". 

Task:
1. Put "secret_scanning_alert" events into a new queue. Please refer to "push" as example.
2. In queue.ts, create new queue for the "secret_scanning_alert" events and copy the handling logic for "secret_scanning_alert" in webhook-receive-post.ts into queue.ts

You have previously changed these files:
<changed_file file_path="src/sqs/secret-scanning-alert.ts">
--- 
+++ 
@@ -0,0 +1,52 @@
+import { WebhookContext } from "../routes/github/webhook/webhook-context";
+import { secretScanningAlertWebhookHandler } from "../github/secret-scanning-alert";
+import { GithubWebhookMiddleware } from "../middleware/github-webhook-middleware";
+import { Logger } from "bunyan";
+import { getLogger } from "../config/logger";
+
+export type SecretScanningAlertMessagePayload = {
+  action: string;
+  alert: {
+    number: number;
+    created_at: string;
+    url: string;
+    html_url: string;
+    state: string;
+    resolution: string | null;
+    resolved_by: string | null;
+    resolved_at: string | null;
+  };
+  repository: {
+    id: number;
+    name: string;
+    full_name: string;
+    private: boolean;
+  };
+  sender: {
+    login: string;
+    id: number;
+  };
+  // Add any additional properties that are specific to the "secret_scanning_alert" event payload
+};
+
+export const secretScanningAlertQueueMessageHandler = async (messagePayload: SecretScanningAlertMessagePayload): Promise<void> => {
+  const logger: Logger = getLogger("secret-scanning-alert");
+  try {
+    const webhookContext = new WebhookContext({
+      id: messagePayload.alert.number.toString(),
+      name: "secret_scanning_alert",
+      payload: messagePayload,
+      log: logger,
+      action: messagePayload.action,
+      gitHubAppConfig: {
+        // Populate with necessary GitHub app configuration
+      }
+    });
+
+    await GithubWebhookMiddleware(secretScanningAlertWebhookHandler)(webhookContext);
+    logger.info("Secret scanning alert was successfully processed");
+  } catch (err: unknown) {
+    logger.error({ err }, "Failed to process secret scanning alert");
+    throw err; // Rethrow the error to be handled by the caller or SQS dead-letter queue
+  }
+};
</changed_file>
<changed_file file_path="src/sqs/secret-scanning-alert.test.ts">
--- 
+++ 
@@ -0,0 +1,77 @@
+import { secretScanningAlertQueueMessageHandler } from './secret-scanning-alert';
+import { WebhookContext } from '../routes/github/webhook/webhook-context';
+import { secretScanningAlertWebhookHandler } from '../github/secret-scanning-alert';
+import { GithubWebhookMiddleware } from '../middleware/github-webhook-middleware';
+import { getLogger } from '../config/logger';
+
+jest.mock('../github/secret-scanning-alert', () => ({
+  secretScanningAlertWebhookHandler: jest.fn(),
+}));
+
+jest.mock('../middleware/github-webhook-middleware', () => ({
+  GithubWebhookMiddleware: jest.fn().mockImplementation((handler) => handler),
+}));
+
+jest.mock('../config/logger', () => ({
+  getLogger: jest.fn().mockReturnValue({
+    info: jest.fn(),
+    error: jest.fn(),
+  }),
+}));
+
+describe('secretScanningAlertQueueMessageHandler', () => {
+  let mockContext;
+  let mockPayload;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    mockPayload = {
+      action: 'created',
+      alert: {
+        number: 42,
+        created_at: '2021-04-01T00:00:00Z',
+        url: 'https://api.github.com/repos/octocat/Hello-World/secret-scanning/42',
+        html_url: 'https://github.com/octocat/Hello-World/security/secret-scanning/42',
+        state: 'open',
+        resolution: null,
+        resolved_by: null,
+        resolved_at: null,
+      },
+      repository: {
+        id: 123456,
+        name: 'Hello-World',
+        full_name: 'octocat/Hello-World',
+        private: false,
+      },
+      sender: {
+        login: 'octocat',
+        id: 1,
+      },
+    };
+    mockContext = new WebhookContext({
+      id: mockPayload.alert.number.toString(),
+      name: 'secret_scanning_alert',
+      payload: mockPayload,
+      log: getLogger('secret-scanning-alert'),
+      action: mockPayload.action,
+      gitHubAppConfig: {},
+    });
+  });
+
+  it('should process a secret scanning alert event successfully', async () => {
+    await secretScanningAlertQueueMessageHandler(mockPayload);
+
+    expect(GithubWebhookMiddleware).toHaveBeenCalledWith(secretScanningAlertWebhookHandler);
+    expect(secretScanningAlertWebhookHandler).toHaveBeenCalledWith(mockContext);
+    expect(mockContext.log.info).toHaveBeenCalledWith('Secret scanning alert was successfully processed');
+  });
+
+  it('should log an error and rethrow when processing of a secret scanning alert event fails', async () => {
+    const error = new Error('Processing failed');
+    (secretScanningAlertWebhookHandler as jest.Mock).mockRejectedValueOnce(error);
+
+    await expect(secretScanningAlertQueueMessageHandler(mockPayload)).rejects.toThrow(error);
+
+    expect(mockContext.log.error).toHaveBeenCalledWith({ err: error }, 'Failed to process secret scanning alert');
+  });
+});
</changed_file>
<changed_file file_path="src/sqs/queues.ts">
--- 
+++ 
@@ -8,6 +8,7 @@
 import { branchQueueMessageHandler } from "./branch";
 import { getLogger } from "config/logger";
 import type { BackfillMessagePayload, PushQueueMessagePayload, DeploymentMessagePayload, BranchMessagePayload } from "./sqs.types";
+import { SecretScanningAlertMessagePayload, secretScanningAlertQueueMessageHandler } from "./secret-scanning-alert";
 import { backfillErrorHandler } from "~/src/sqs/backfill-error-handler";
 
 const LONG_POLLING_INTERVAL_SEC = 3;
@@ -75,6 +76,15 @@
 	webhookMetricWrapper(jiraAndGitHubErrorsHandler, "create")
 	),
 
+	secret_scanning_alert: new SqsQueue<SecretScanningAlertMessagePayload>({
+		queueName: "secret_scanning_alert",
+		queueUrl: envVars.SQS_SECRET_SCANNING_ALERT_QUEUE_URL,
+		queueRegion: envVars.SQS_SECRET_SCANNING_ALERT_QUEUE_REGION,
+		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
+		timeoutSec: 60,
+		maxAttempts: 5
+	}, secretScanningAlertQueueMessageHandler, webhookMetricWrapper(jiraAndGitHubErrorsHandler, "secret_scanning_alert")),
+
 	start: () => {
 		logger.info("Starting queues");
 		sqsQueues.backfill.start();

</changed_file>

Relevant files in this PR:

<relevant_file file_path="src/sqs/queues.ts">
import Logger from "bunyan";
import { envVars }  from "config/env";
import { SqsQueue } from "./sqs";
import { backfillQueueMessageHandler } from "./backfill";
import { pushQueueMessageHandler } from "./push";
import { jiraAndGitHubErrorsHandler, webhookMetricWrapper } from "./error-handlers";
import { deploymentQueueMessageHandler } from "./deployment";
import { branchQueueMessageHandler } from "./branch";
import { getLogger } from "config/logger";
import type { BackfillMessagePayload, PushQueueMessagePayload, DeploymentMessagePayload, BranchMessagePayload } from "./sqs.types";
import { backfillErrorHandler } from "~/src/sqs/backfill-error-handler";

const LONG_POLLING_INTERVAL_SEC = 3;
const logger = getLogger("sqs-queues");

// TODO: Make this a class

let backfillQueue: SqsQueue<BackfillMessagePayload> | undefined = undefined;

const backfillQueueMessageSender = (message: BackfillMessagePayload, delaySec: number, logger: Logger) => {
	// Given the single-threaded nature of Node.js, backfillQueue is always initialised
	// because SqsQueue is not triggering messageHandler from ctor
	if (backfillQueue === undefined) {
		throw new Error("backfillQueue is undefined");
	}
	return backfillQueue.sendMessage(message, delaySec, logger);
};

backfillQueue = new SqsQueue<BackfillMessagePayload>(
	{
		queueName: "backfill",
		queueUrl: envVars.SQS_BACKFILL_QUEUE_URL,
		queueRegion: envVars.SQS_BACKFILL_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 10 * 60,
		maxAttempts: 3
	},
	backfillQueueMessageHandler(backfillQueueMessageSender),
	backfillErrorHandler(backfillQueueMessageSender)
);

export const sqsQueues = {
	backfill: backfillQueue,

	push: new SqsQueue<PushQueueMessagePayload>({
		queueName: "push",
		queueUrl: envVars.SQS_PUSH_QUEUE_URL,
		queueRegion: envVars.SQS_PUSH_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	}, pushQueueMessageHandler, webhookMetricWrapper(jiraAndGitHubErrorsHandler, "push")),

	deployment: new SqsQueue<DeploymentMessagePayload>({
		queueName: "deployment",
		queueUrl: envVars.SQS_DEPLOYMENT_QUEUE_URL,
		queueRegion: envVars.SQS_DEPLOYMENT_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	},
	deploymentQueueMessageHandler,
	webhookMetricWrapper(jiraAndGitHubErrorsHandler, "deployment_status")
	),

	branch: new SqsQueue<BranchMessagePayload>({
		queueName: "branch",
		queueUrl: envVars.SQS_BRANCH_QUEUE_URL,
		queueRegion: envVars.SQS_BRANCH_QUEUE_REGION,
		longPollingIntervalSec: LONG_POLLING_INTERVAL_SEC,
		timeoutSec: 60,
		maxAttempts: 5
	},
	branchQueueMessageHandler,
	webhookMetricWrapper(jiraAndGitHubErrorsHandler, "create")
	),

	start: () => {
		logger.info("Starting queues");
		sqsQueues.backfill.start();
		sqsQueues.push.start();
		sqsQueues.deployment.start();
		sqsQueues.branch.start();
		logger.info("All queues started");
	},

	stop: async () => {
		logger.info("Stopping queues");
		await Promise.all([
			sqsQueues.backfill.stop(),
			sqsQueues.push.stop(),
			sqsQueues.deployment.stop(),
			sqsQueues.branch.stop()
		]);
		logger.info("All queues stopped");
	}
};

</relevant_file>

<section id="A">
import { BinaryLike, createHmac } from "crypto";
import { Request, Response } from "express";
import { pushWebhookHandler } from "~/src/github/push";
import { GithubWebhookMiddleware, LOGGER_NAME } from "~/src/middleware/github-webhook-middleware";
import { GitHubServerApp } from "models/github-server-app";
import { Installation } from "models/installation";
import { WebhookContext } from "./webhook-context";
import { webhookTimeout } from "~/src/util/webhook-timeout";
import { issueCommentWebhookHandler } from "~/src/github/issue-comment";
import { issueWebhookHandler } from "~/src/github/issue";
import { envVars } from "~/src/config/env";
</section id="A">
<section id="B">
import { pullRequestWebhookHandler } from "~/src/github/pull-request";
import { createBranchWebhookHandler, deleteBranchWebhookHandler } from "~/src/github/branch";
import { repositoryWebhookHandler } from "~/src/github/repository";
import { workflowWebhookHandler } from "~/src/github/workflow";
import { deploymentWebhookHandler } from "~/src/github/deployment";
import {
	codeScanningAlertWebhookHandler
} from "~/src/github/code-scanning-alert";
import { getLogger } from "config/logger";
import { GITHUB_CLOUD_API_BASEURL, GITHUB_CLOUD_BASEURL } from "~/src/github/client/github-client-constants";
import { dependabotAlertWebhookHandler } from "~/src/github/dependabot-alert";
</section id="B">
<section id="C">
import { extraLoggerInfo } from "./webhook-logging-extra";
import { secretScanningAlertWebhookHandler } from "~/src/github/secret-scanning-alert";
import { installationWebhookHandler } from "~/src/github/installation";
import { errorStringFromUnknown } from "~/src/util/error-string-from-unknown";

</section id="C">
<section id="D">
export const WebhookReceiverPost = async (request: Request, response: Response): Promise<void> => {
	const eventName = request.headers["x-github-event"] as string;
	const signatureSHA256 = request.headers["x-hub-signature-256"] as string;
	const id = request.headers["x-github-delivery"] as string;
	const uuid = request.params.uuid;
	const payload = request.body;
	const parentLogger = (request.log || getLogger(LOGGER_NAME));
	const logger = parentLogger.child({
		paramUuid: uuid,
		xGitHubDelivery: id,
		xGitHubEvent: eventName,
		...extraLoggerInfo(payload, parentLogger)
	});
	logger.info("Webhook received");
	let webhookContext;
</section id="D">
<section id="E">
	try {
		const { webhookSecrets, gitHubServerApp } = await getWebhookSecrets(uuid);
		const isVerified = webhookSecrets.some((secret, index) => {
			const matchesSignature = createHash(request.rawBody, secret) === signatureSHA256;
			/**
			 * The latest updated webhook secret will be at index 0,
			 * Once we stop receiving logs with index other than 0,
			 * can then completely remove the old webhook secrets.
			 */
			if (matchesSignature) {
				logger.info({ index }, "Matched webhook index");
			}
			return matchesSignature;
		});

</section id="E">
<section id="F">
		if (!isVerified) {
			logger.warn("Signature validation failed, returning 400");
			response.status(400).send("signature does not match event payload and secret");
			return;
		}
		webhookContext = new WebhookContext({
			id: id,
			name: eventName,
			payload: payload,
			log: logger,
			action: payload.action,
			gitHubAppConfig: {
				...(!gitHubServerApp ? {
					gitHubAppId: undefined,
					appId: parseInt(envVars.APP_ID),
					clientId: envVars.GITHUB_CLIENT_ID,
					gitHubBaseUrl: GITHUB_CLOUD_BASEURL,
					gitHubApiUrl: GITHUB_CLOUD_API_BASEURL,
					uuid: undefined
				} : {
					gitHubAppId: gitHubServerApp.id,
					appId: gitHubServerApp.appId,
					clientId: gitHubServerApp.gitHubClientId,
					gitHubBaseUrl: gitHubServerApp.gitHubBaseUrl,
					gitHubApiUrl: gitHubServerApp.gitHubBaseUrl,
					uuid
				})
			}
		});
		await webhookRouter(webhookContext);
</section id="F">
<section id="G">
		webhookContext.log.info("Webhook was successfully processed");
		response.sendStatus(204);

	} catch (err: unknown) {
		(webhookContext?.log || logger).error({ err }, `Something went wrong, returning 400: ${errorStringFromUnknown(err)}`);
		response.sendStatus(400);
</section id="G">
<section id="H">
	}
};

const webhookRouter = async (context: WebhookContext) => {
	const VALID_PULL_REQUEST_ACTIONS = ["opened", "reopened", "closed", "edited", "converted_to_draft", "ready_for_review"];
	switch (context.name) {
		case "push":
			await GithubWebhookMiddleware(pushWebhookHandler)(context);
			break;
		case "issue_comment":
			if (context.action === "created" || context.action === "edited") {
				await webhookTimeout(GithubWebhookMiddleware(issueCommentWebhookHandler))(context);
			}
			break;
		case "issues":
			if (context.action === "opened" || context.action === "edited") {
				await GithubWebhookMiddleware(issueWebhookHandler)(context);
			}
			break;
		case "pull_request":
			if (context.action && VALID_PULL_REQUEST_ACTIONS.includes(context.action)) {
				await GithubWebhookMiddleware(pullRequestWebhookHandler)(context);
			}
			break;
</section id="H">
<section id="I">
		case "pull_request_review":
			await GithubWebhookMiddleware(pullRequestWebhookHandler)(context);
			break;
		case "create":
			await GithubWebhookMiddleware(createBranchWebhookHandler)(context);
			break;
		case "delete":
			await GithubWebhookMiddleware(deleteBranchWebhookHandler)(context);
			break;
		case "repository":
			await GithubWebhookMiddleware(repositoryWebhookHandler)(context);
			break;
		case "workflow_run":
			await GithubWebhookMiddleware(workflowWebhookHandler)(context);
			break;
		case "deployment_status":
			await GithubWebhookMiddleware(deploymentWebhookHandler)(context);
			break;
</section id="I">
<section id="J">
		case "code_scanning_alert":
			await GithubWebhookMiddleware(codeScanningAlertWebhookHandler)(context);
			break;
		case "dependabot_alert":
			await GithubWebhookMiddleware(dependabotAlertWebhookHandler)(context);
			break;
		case "secret_scanning_alert":
			await GithubWebhookMiddleware(secretScanningAlertWebhookHandler)(context);
			break;
		case "installation":
			if (context.action === "new_permissions_accepted") {
				await GithubWebhookMiddleware(installationWebhookHandler)(context);
			}
			break;
</section id="J">
<section id="K">
	}
};

export const createHash = (data: BinaryLike | undefined, secret: string): string => {
	if (!data) {
		throw new Error("No data to hash");
	}
	return `sha256=${createHmac("sha256", secret)
		.update(data)
		.digest("hex")}`;
};

</section id="K">
<section id="L">
const getWebhookSecrets = async (uuid?: string): Promise<{ webhookSecrets: Array<string>, gitHubServerApp?: GitHubServerApp }> => {
	if (uuid) {
		const gitHubServerApp = await GitHubServerApp.findForUuid(uuid);
		if (!gitHubServerApp) {
			throw new Error(`GitHub app not found for uuid ${uuid}`);
		}
		const installation: Installation | null = (await Installation.findByPk(gitHubServerApp.installationId));
		if (!installation) {
			throw new Error(`Installation not found for gitHubApp with uuid ${uuid}`);
		}
		const webhookSecret = await gitHubServerApp.getDecryptedWebhookSecret(installation.jiraHost);
		/**
		 * If we ever need to rotate the webhook secrets for Enterprise Customers,
		 * we can add it in the array: ` [ webhookSecret ]`
		 */
		return { webhookSecrets: [webhookSecret], gitHubServerApp };
	}

	return {
		/**
		 * The environment WEBHOOK_SECRETS is a JSON array string in the format: ["key1", "key1"]
		 * Basically an array of the new as well as any old webhook secrets
		 */
		webhookSecrets: envVars.WEBHOOK_SECRETS
	};
};
</section id="L">

# Request
• Locate the switch case for "secret_scanning_alert" events.
• Instead of processing the "secret_scanning_alert" event directly, enqueue the event to the new "secret_scanning_alert" queue created in `queues.ts`.
• Ensure that the payload passed to the queue matches the `SecretScanningAlertMessagePayload` type.

SUCCESS
Here are the lines containing the keywords:

The keyword was found in the following sections:

<section id='J'> (1 matches)
		case "code_scanning_alert":
			await GithubWebhookMiddleware(codeScanningAlertWebhookHandler)(context);
			break;
		case "dependabot_alert":
			await GithubWebhookMiddleware(dependabotAlertWebhookHandler)(context);
			break;
		case "secret_scanning_alert":
        ^
			await GithubWebhookMiddleware(secretScanningAlertWebhookHandler)(context);
			break;
		case "installation":
			if (context.action === "new_permissions_accepted") {
				await GithubWebhookMiddleware(installationWebhookHandler)(context);
			}
			break;
</section>

ERROR
The search failed due to the following error:

The keyword sqsQueues does not appear to be present in the code. Consider missing or misplaced whitespace, comments or delimiters.

SUCCESS
Here are the new code sections:

The following changes have been applied:
```diff
--- 
+++ 
@@ -140,7 +140,7 @@
 			await GithubWebhookMiddleware(dependabotAlertWebhookHandler)(context);
 			break;
 		case "secret_scanning_alert":
-			await GithubWebhookMiddleware(secretScanningAlertWebhookHandler)(context);
+			await sqsQueues.secret_scanning_alert.sendMessage(payload);
 			break;
 		case "installation":
 			if (context.action === "new_permissions_accepted") {

```
Here are the new code sections:




<section id="A">
import { BinaryLike, createHmac } from "crypto";
import { Request, Response } from "express";
import { pushWebhookHandler } from "~/src/github/push";
import { GithubWebhookMiddleware, LOGGER_NAME } from "~/src/middleware/github-webhook-middleware";
import { GitHubServerApp } from "models/github-server-app";
import { Installation } from "models/installation";
import { WebhookContext } from "./webhook-context";
import { webhookTimeout } from "~/src/util/webhook-timeout";
import { issueCommentWebhookHandler } from "~/src/github/issue-comment";
import { issueWebhookHandler } from "~/src/github/issue";
import { envVars } from "~/src/config/env";
</section id="A">
<section id="B">
import { pullRequestWebhookHandler } from "~/src/github/pull-request";
import { createBranchWebhookHandler, deleteBranchWebhookHandler } from "~/src/github/branch";
import { repositoryWebhookHandler } from "~/src/github/repository";
import { workflowWebhookHandler } from "~/src/github/workflow";
import { deploymentWebhookHandler } from "~/src/github/deployment";
import {
	codeScanningAlertWebhookHandler
} from "~/src/github/code-scanning-alert";
import { getLogger } from "config/logger";
import { GITHUB_CLOUD_API_BASEURL, GITHUB_CLOUD_BASEURL } from "~/src/github/client/github-client-constants";
import { dependabotAlertWebhookHandler } from "~/src/github/dependabot-alert";
</section id="B">
<section id="C">
import { extraLoggerInfo } from "./webhook-logging-extra";
import { secretScanningAlertWebhookHandler } from "~/src/github/secret-scanning-alert";
import { installationWebhookHandler } from "~/src/github/installation";
import { errorStringFromUnknown } from "~/src/util/error-string-from-unknown";

</section id="C">
<section id="D">
export const WebhookReceiverPost = async (request: Request, response: Response): Promise<void> => {
	const eventName = request.headers["x-github-event"] as string;
	const signatureSHA256 = request.headers["x-hub-signature-256"] as string;
	const id = request.headers["x-github-delivery"] as string;
	const uuid = request.params.uuid;
	const payload = request.body;
	const parentLogger = (request.log || getLogger(LOGGER_NAME));
	const logger = parentLogger.child({
		paramUuid: uuid,
		xGitHubDelivery: id,
		xGitHubEvent: eventName,
		...extraLoggerInfo(payload, parentLogger)
	});
	logger.info("Webhook received");
	let webhookContext;
</section id="D">
<section id="E">
	try {
		const { webhookSecrets, gitHubServerApp } = await getWebhookSecrets(uuid);
		const isVerified = webhookSecrets.some((secret, index) => {
			const matchesSignature = createHash(request.rawBody, secret) === signatureSHA256;
			/**
			 * The latest updated webhook secret will be at index 0,
			 * Once we stop receiving logs with index other than 0,
			 * can then completely remove the old webhook secrets.
			 */
			if (matchesSignature) {
				logger.info({ index }, "Matched webhook index");
			}
			return matchesSignature;
		});

</section id="E">
<section id="F">
		if (!isVerified) {
			logger.warn("Signature validation failed, returning 400");
			response.status(400).send("signature does not match event payload and secret");
			return;
		}
		webhookContext = new WebhookContext({
			id: id,
			name: eventName,
			payload: payload,
			log: logger,
			action: payload.action,
			gitHubAppConfig: {
				...(!gitHubServerApp ? {
					gitHubAppId: undefined,
					appId: parseInt(envVars.APP_ID),
					clientId: envVars.GITHUB_CLIENT_ID,
					gitHubBaseUrl: GITHUB_CLOUD_BASEURL,
					gitHubApiUrl: GITHUB_CLOUD_API_BASEURL,
					uuid: undefined
				} : {
					gitHubAppId: gitHubServerApp.id,
					appId: gitHubServerApp.appId,
					clientId: gitHubServerApp.gitHubClientId,
					gitHubBaseUrl: gitHubServerApp.gitHubBaseUrl,
					gitHubApiUrl: gitHubServerApp.gitHubBaseUrl,
					uuid
				})
			}
		});
		await webhookRouter(webhookContext);
</section id="F">
<section id="G">
		webhookContext.log.info("Webhook was successfully processed");
		response.sendStatus(204);

	} catch (err: unknown) {
		(webhookContext?.log || logger).error({ err }, `Something went wrong, returning 400: ${errorStringFromUnknown(err)}`);
		response.sendStatus(400);
</section id="G">
<section id="H">
	}
};

const webhookRouter = async (context: WebhookContext) => {
	const VALID_PULL_REQUEST_ACTIONS = ["opened", "reopened", "closed", "edited", "converted_to_draft", "ready_for_review"];
	switch (context.name) {
		case "push":
			await GithubWebhookMiddleware(pushWebhookHandler)(context);
			break;
		case "issue_comment":
			if (context.action === "created" || context.action === "edited") {
				await webhookTimeout(GithubWebhookMiddleware(issueCommentWebhookHandler))(context);
			}
			break;
		case "issues":
			if (context.action === "opened" || context.action === "edited") {
				await GithubWebhookMiddleware(issueWebhookHandler)(context);
			}
			break;
		case "pull_request":
			if (context.action && VALID_PULL_REQUEST_ACTIONS.includes(context.action)) {
				await GithubWebhookMiddleware(pullRequestWebhookHandler)(context);
			}
			break;
</section id="H">
<section id="I">
		case "pull_request_review":
			await GithubWebhookMiddleware(pullRequestWebhookHandler)(context);
			break;
		case "create":
			await GithubWebhookMiddleware(createBranchWebhookHandler)(context);
			break;
		case "delete":
			await GithubWebhookMiddleware(deleteBranchWebhookHandler)(context);
			break;
		case "repository":
			await GithubWebhookMiddleware(repositoryWebhookHandler)(context);
			break;
		case "workflow_run":
			await GithubWebhookMiddleware(workflowWebhookHandler)(context);
			break;
		case "deployment_status":
			await GithubWebhookMiddleware(deploymentWebhookHandler)(context);
			break;
</section id="I">
<section id="J">
		case "code_scanning_alert":
			await GithubWebhookMiddleware(codeScanningAlertWebhookHandler)(context);
			break;
		case "dependabot_alert":
			await GithubWebhookMiddleware(dependabotAlertWebhookHandler)(context);
			break;
		case "secret_scanning_alert":
			await sqsQueues.secret_scanning_alert.sendMessage(payload);
			break;
		case "installation":
			if (context.action === "new_permissions_accepted") {
				await GithubWebhookMiddleware(installationWebhookHandler)(context);
			}
			break;
</section id="J">
<section id="K">
	}
};

export const createHash = (data: BinaryLike | undefined, secret: string): string => {
	if (!data) {
		throw new Error("No data to hash");
	}
	return `sha256=${createHmac("sha256", secret)
		.update(data)
		.digest("hex")}`;
};

</section id="K">
<section id="L">
const getWebhookSecrets = async (uuid?: string): Promise<{ webhookSecrets: Array<string>, gitHubServerApp?: GitHubServerApp }> => {
	if (uuid) {
		const gitHubServerApp = await GitHubServerApp.findForUuid(uuid);
		if (!gitHubServerApp) {
			throw new Error(`GitHub app not found for uuid ${uuid}`);
		}
		const installation: Installation | null = (await Installation.findByPk(gitHubServerApp.installationId));
		if (!installation) {
			throw new Error(`Installation not found for gitHubApp with uuid ${uuid}`);
		}
		const webhookSecret = await gitHubServerApp.getDecryptedWebhookSecret(installation.jiraHost);
		/**
		 * If we ever need to rotate the webhook secrets for Enterprise Customers,
		 * we can add it in the array: ` [ webhookSecret ]`
		 */
		return { webhookSecrets: [webhookSecret], gitHubServerApp };
	}

	return {
		/**
		 * The environment WEBHOOK_SECRETS is a JSON array string in the format: ["key1", "key1"]
		 * Basically an array of the new as well as any old webhook secrets
		 */
		webhookSecrets: envVars.WEBHOOK_SECRETS
	};
};
</section id="L">

You can continue to make changes to the code sections and call the `search_and_replace` function again.