webhook returns 200 even when a trigger rule isn't satisfied, which would let the app's res.ok check falsely report success if the secret drifted. Set trigger-rule-mismatch-http-response-code: 403 so unauthorized triggers are clearly rejected. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
17 lines
432 B
JSON
17 lines
432 B
JSON
[
|
|
{
|
|
"id": "moonbase-update",
|
|
"execute-command": "/appdata/updater/update.sh",
|
|
"command-working-directory": "/appdata",
|
|
"response-message": "update started",
|
|
"trigger-rule-mismatch-http-response-code": 403,
|
|
"trigger-rule": {
|
|
"match": {
|
|
"type": "value",
|
|
"value": "{{ getenv `UPDATER_SECRET` }}",
|
|
"parameter": { "source": "header", "name": "X-Update-Token" }
|
|
}
|
|
}
|
|
}
|
|
]
|