Static Comments With Serverless and Staticman - Part 2

Jordan Patterson
Jordan Patterson

Here it is. The blog post so epic, it's taken me more than 2 years to write it. Hang on tight and get ready to be disappointed.

The rest of this is actually pretty simple. We need to authorize the staticman lambda function to connect to our repository and then we just need to post to the serverless function that was created in Part 1. For both of these we will need the endpoint for the lambda function. You can get it from the output in GitHub Actions, or from the API Gateway trigger in AWS Lambda console. In my case, the endpoint is

To connect the function, first invite the bot user (created in Part 1) to collaborate on your repository. Then visit <YOUR_ENDPOINT>/v2/connect/<GITHUB_USERNAME>/<REPO_NAME>. This should will allow you to accept the invite and give the user access to the repository.

Now we just need a form to post new comments. Comments should be posted to <YOUR_ENDPOINT>/v2/entry/<GITHUB_USERNAME>/<REPO_NAME>/<BRANCH_NAME>/comments. And that's really all there is to it.

Enter SPAM

Why can't we have anything nice?

I thought everything was finished and working until I started getting lots of spam comments. Would you like to buy a yacht?

Luckily, staticman has a built in moderation feature. Just add moderation: true to your staticman.yml file under the comments section and staticman will create a pull request for you to approve before publishing comments to the main branch. How nice.

I have only just enabled this feature. So hopefully it goes well.

I would also recommend enabling reCaptcha.

In staticman.yml add the following to the comments section:

  enabled: true
  siteKey: "YOUR-SITE-KEY"

In your form add the following hidden fields:

<input type="hidden" name="options[reCaptcha][siteKey]" value="YOUR-SITE-KEY">
<input type="hidden" name="options[reCaptcha][secret]" value="YOUR-ENCRYPTED-SECRET">

And finally, add the reCaptcha element to the dom:

<div class="g-recaptcha" data-sitekey="YOUR-SITE-KEY"></div>
<script src=''></script>

The end

So leave a comment below.

I said this would be disappointing, didn't I?

Say Something


Be the first to comment...