Webhook push action does not always contain head_commit.id

I’m working on automating the scanning of commits for secrets using a package called gitleaks.  Currently I’ve got a webhook listening for github push events.  Once received I extract the head_commit.id from the payload and run a scan against that specific commit.

In some cases I receive a push event from github where the payload contains ‘null’ for the value of the head_commit.id field.  

I believe this has something to do with pull requests but I cannot find any documentation that confirms my suspicion.  Any insight I can get from the community on why I would get a ‘null’ value for the head_commit.id would be much appreciated.  Thanks.

Github push events always have head_commit.id. But when a workflow is triggered by pull request event, there is no head_commit.id in github context . Please check whether your webhook listens to pull request event either.

You could add next step to your workflow, to check the github context.

- run: echo $GITHUB_CONTEXT
   env:
        GITHUB_CONTEXT: ${{ toJson(github) }}
1 Like

Thank you for this information.  I’ve just confirmed that some push events i’m seeing with no head_commit.id are unrelated to workflows/actions.  Could a pull request or a merge of pull request get pushed without a head_commit.id ?

Sorry to tell your that whatever the commit is a normal one or a pull request merged one, the push event always includes head_commit.id. This could not be changed. 

Thanks again for following up.  I’m working with git enterprise and I am in fact seeing push events without the head_commit.id.  Also I was doing some research and found a reference in the git api documentation that shows a push event without the head_commit, but I’m not quite sure in which scenario this would apply.  See below.  Any thoughts on what scenario this example is relevant to?

In the payload example under PushEvent, it shows a head_commit of null.

https://developer.github.com/v3/activity/events/types/#pushevent

Sorry for my previous assertion: The push event always includes head_commit.id.  I forgot the push operation for deleting a tag. 

The Webhook payload example on document is for a delete tag push event. 

I tried to add a webhook in my github repo, when I run next command: 

git push --delete origin {tag_name}

I could see a new delivery in Webhook page: 

Check its Payload, the head_commit is null.

You could add some code to exclude the scenario when push to delete tags.