fix: Update webhook handler to skip Docker commands and map environment names

- Remove Docker pull step (Knative handles image pulling)
- Add environment name mapping (development -> dev, production -> prod)
- Add test files to .gitignore to exclude PII
- Webhook signature validation now working correctly

.gitignore

@@ -33,6 +33,10 @@ Thumbs.db
 .env.production
 webhook_secret.txt
 
+# Test files with PII
+test-signature.py
+test-webhook.sh
+
 # Personal deployment files
 manifests/personal/
 config/personal/

scripts/webhook-handler.py

@@ -53,8 +53,16 @@ def pull_image(image):
 
 def apply_manifests(environment):
     """Apply Kubernetes manifests for environment"""
-    manifest_dir = f"{MANIFESTS_PATH}/{environment}"
+    # Map environment names to manifest directories
-    logger.info(f"Applying manifests from: {manifest_dir}")
+    env_mapping = {
+        'development': 'dev',
+        'staging': 'staging', 
+        'production': 'prod'
+    }
+    
+    manifest_env = env_mapping.get(environment, environment)
+    manifest_dir = f"{MANIFESTS_PATH}/{manifest_env}"
+    logger.info(f"Applying manifests from: {manifest_dir} (environment: {environment})")
     
     if not os.path.exists(manifest_dir):
         raise FileNotFoundError(f"Manifest directory not found: {manifest_dir}")
@@ -165,12 +173,35 @@ def implement_blue_green_deployment(service_name, namespace, traffic_split):
 def deploy():
     """Main webhook endpoint for deployments"""
     try:
-        # Verify signature (temporarily disabled for testing)
+        # Verify signature
         signature = request.headers.get('X-Signature-SHA256')
-        # if not verify_signature(request.data, signature):
+        payload = request.data
-        #     logger.warning("Invalid webhook signature")
+        
-        #     return jsonify({"error": "Invalid signature"}), 401
+        logger.info(f"Received webhook request")
-        logger.info(f"Webhook called with signature: {signature}")
+        logger.info(f"Signature header: {signature}")
+        logger.info(f"Payload length: {len(payload)} bytes")
+        logger.info(f"Payload: {payload.decode('utf-8')[:200]}...")
+        
+        # Test signature verification with debug
+        if signature:
+            expected = hmac.new(
+                WEBHOOK_SECRET.encode('utf-8'),
+                payload,
+                hashlib.sha256
+            ).hexdigest()
+            expected_full = f"sha256={expected}"
+            logger.info(f"Expected signature: {expected_full}")
+            logger.info(f"Received signature: {signature}")
+            logger.info(f"Signatures match: {hmac.compare_digest(expected_full, signature)}")
+            
+            if not verify_signature(payload, signature):
+                logger.warning("Invalid webhook signature")
+                return jsonify({"error": "Invalid signature"}), 401
+        else:
+            logger.warning("No signature header found")
+            return jsonify({"error": "No signature provided"}), 401
+        
+        logger.info(f"Signature verification passed")
         
         # Parse payload
         data = request.json
@@ -199,8 +230,8 @@ def deploy():
         logger.info(f"Service: {service_name}")
         logger.info(f"Strategy: {deployment_strategy}")
         
-        # Step 1: Pull the Docker image
+        # Step 1: Skip Docker pull for Knative (Knative handles image pulling)
-        pull_image(image)
+        logger.info("Skipping Docker pull step (Knative handles image pulling)")
         
         # Step 2: Apply manifests
         apply_manifests(environment)