Skip to content

fix(ci): resolve webhook IP cache invalidation bug#1063

Open
MrButtCode wants to merge 10 commits intoCCExtractor:masterfrom
MrButtCode:fix/webhook-ip-cache
Open

fix(ci): resolve webhook IP cache invalidation bug#1063
MrButtCode wants to merge 10 commits intoCCExtractor:masterfrom
MrButtCode:fix/webhook-ip-cache

Conversation

@MrButtCode
Copy link

@MrButtCode MrButtCode commented Mar 14, 2026
edited
Loading

[FIX] resolve webhook IP cache invalidation bug

In raising this pull request, I confirm the following:

  • I have read and understood the contributors guide.
  • I have checked that another pull request for this purpose does not exist.
  • I have considered, and confirmed that this submission will be valuable to others.
  • I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
  • I give this submission freely, and claim no ownership to its content.

My familiarity with the project is as follows:

  • I have never used the project.
  • I have used the project briefly.
  • I have used the project extensively, but have not contributed previously.
  • I am an active contributor to the project.

Resolves a critical performance bug in the webhook IP validation logic.

In utility.py the cached_load_time variable was declared locally strictly inside cache_has_expired(). This caused the timestamp to reset to the 1970 epoch on every single function call. As a result the expiration check always evaluated to True forcing the application to make a syncronous HTTP request to the GitHub API on every incoming webhook instead of using the cached IP blocks.

The Fix:
Elevated cached_load_time to module level scope and updated get_cached_web_hook_blocks() to reset the timestamp to datetime.now() only after a successful GitHub API fetch. This restores the intended 1 hour caching behavior.

Additionally refactored the caching architecture per maintainer review:

  • Made cache_has_expired a pure function that accepts the load time as an explicit argument.
  • Removed all test bypasses and mocks from the production environment.
  • Achieved full test isolation by directly reseting the module state in the BaseTestCase setUp method.

This ensures the production code remains completely free of test specific logic while keeping the CI pipeline perfectly stable.

canihavesomecoffee
canihavesomecoffee requested changes Mar 15, 2026
View reviewed changes
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 15, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thealphadollar thealphadollar Awaiting requested review from thealphadollar thealphadollar is a code owner

@canihavesomecoffee canihavesomecoffee Awaiting requested review from canihavesomecoffee canihavesomecoffee is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MrButtCode @canihavesomecoffee