webhooks: Support filtering GitHub activity from private repositories.

Currently, the GitHub webhook sends activity from both public and private repositories, which could lead to unintended disclosure of sensitive information from private repositories. This commit introduces a ignore_private_repositories parameter to the webhook URL. When set to true, the webhook ignore processing activity from private repositories, ensuring that such activities are not posted to Zulip streams. By default, if the parameter is omitted or set to false, activities from both public and private repositories are processed normally. This provides users with the flexibility to control the visibility of private repository activities without altering the default behavior. More importantly, this introduces a cleaner mechanism for individual incoming webhooks to declare support for settings not common to all webhook integrations. Fixes #31638.
2025-11-03 13:33:24 +00:00 · 2024-09-20 15:11:30 +05:30
parent fdf90f7ad1
commit d1ff871523
20 changed files with 927 additions and 12 deletions
--- a/api_docs/changelog.md
+++ b/api_docs/changelog.md
@@ -20,6 +20,13 @@ format used by the Zulip server that they are interacting with.

 ## Changes in Zulip 10.0

+**Feature level 318**
+
+* [`POST /register`](/api/register-queue): Updated
+  `realm_incoming_webhook_bots` with a new `config_options` key,
+  defining which options should be offered when creating URLs for this
+  integration.
+
 **Feature level 317**

 * [`POST /user_groups/create`](/api/create-user-group):