|
1 | | -name: PR Webhook Trigger |
2 | | - |
3 | | -on: |
4 | | - pull_request: |
5 | | - types: [opened, synchronize, reopened] |
6 | | - pull_request_review_comment: |
7 | | - types: [created] |
8 | | - |
9 | 1 | jobs: |
10 | | - send_webhook: |
| 2 | + process_pr_events: |
11 | 3 | runs-on: ubuntu-latest |
12 | 4 |
|
13 | 5 | steps: |
14 | | - - name: Encrypt GitHub Token |
15 | | - id: encrypt_token |
16 | | - run: | |
17 | | - ENCRYPTED_TOKEN=$(echo -n "${{ secrets.GITHUB_TOKEN }}" | base64) |
18 | | - echo "encrypted_token=$ENCRYPTED_TOKEN" >> $GITHUB_ENV |
19 | | -
|
20 | | - - name: Generate HMAC Signature |
21 | | - id: generate_signature |
22 | | - run: | |
23 | | - SECRET="${{ secrets.WEBHOOK_SECRET }}" |
24 | | - PAYLOAD='${{ toJson(github.event) }}' |
25 | | - SIGNATURE="sha256=$(echo -n "$PAYLOAD" | openssl dgst -sha256 -hmac "$SECRET" | cut -d ' ' -f2)" |
26 | | - echo "signature=$SIGNATURE" >> $GITHUB_ENV |
| 6 | + - name: Extract event details |
| 7 | + run: echo "EVENT_PAYLOAD=$(jq -c . < $GITHUB_EVENT_PATH)" >> $GITHUB_ENV |
27 | 8 |
|
28 | | - - name: Send Webhook Request |
| 9 | + - name: Call External API (with HMAC signature) |
| 10 | + env: |
| 11 | + WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }} |
29 | 12 | run: | |
30 | | - curl -X POST https://firstly-worthy-chamois.ngrok-free.app/github-webhook \ |
31 | | - -H "Content-Type: application/json" \ |
32 | | - -H "X-Hub-Signature-256: ${{ env.signature }}" \ |
33 | | - -H "Authorization: Bearer ${{ env.encrypted_token }}" \ |
34 | | - -d '${{ toJson(github.event) }}' |
| 13 | + SIGNATURE=$(echo -n "$EVENT_PAYLOAD" | openssl dgst -sha256 -hmac "$WEBHOOK_SECRET" | cut -d " " -f2) |
| 14 | + curl -X POST https://your-webhook-url/github-webhook \ |
| 15 | + -H "Content-Type: application/json" \ |
| 16 | + -H "X-Hub-Signature-256: sha256=$SIGNATURE" \ |
| 17 | + -d "$EVENT_PAYLOAD" |
0 commit comments