bug: Azure webhook validation fails on test environment, user lookup fails on prod #330
Description
Context
Custom domains for the Azure webhook receiver were set up (2026-02-09):
- prod:
azure-webhooks.codeheroes.app→azurereceiver(codeheroes-prod) - test:
azure-webhooks-test.codeheroes.app→azurereceiver(codeheroes-test)
Azure DevOps service hooks on arkid/arkid/codeheroes-support-azure are configured to send git.push events to both endpoints.
Issues Found
1. Test environment: Webhook validation fails (all requests)
All incoming webhooks on the test environment fail with:
Error: Webhook validation failed
at processWebhook (main.js:1313:14)
at processAzureWebhook (main.js:1405:10)
Likely cause: WEBHOOK_SECRET environment variable on the test Cloud Run service doesn't match the secret configured in the Azure DevOps service hook.
Fix: Verify/update the WEBHOOK_SECRET in Firebase Functions config for codeheroes-test.
2. Prod environment: User lookup fails after successful processing
The git.push event is received and validated successfully, but user mapping fails:
Successfully processed git.push event
No matching user found for sender
No matching user found for webhook
Likely cause: No connected account exists in Firestore for the Azure DevOps user pushing to this repo. The lookupUserId query on users/{uid}/connectedAccounts finds no document matching the Azure DevOps sender ID.
Fix: Create a connected account document for the Azure DevOps user:
- Collection:
users/{userId}/connectedAccounts/azure_{externalUserId} - Fields:
provider: "azure",externalUserId,externalUserName
Reproduction
- Push a commit to
arkid/arkid/codeheroes-support-azure(main branch) - Check Cloud Run logs for
azurereceiverin both projects
Related
- Azure adapter:
libs/server/integrations/src/lib/providers/azure-devops/adapter.ts - Webhook pipeline:
libs/server/integrations/src/lib/webhook/webhook-pipeline.ts - User lookup:
DatabaseService.lookupUserId()in common lib