|
1 | | -name: PR Event Listener |
| 1 | +name: PR Webhook Trigger |
2 | 2 |
|
3 | 3 | on: |
4 | | - issue_comment: |
5 | | - types: [created] |
6 | 4 | pull_request: |
7 | 5 | types: [opened, synchronize, reopened] |
8 | | - push: |
| 6 | + pull_request_review_comment: |
| 7 | + types: [created] |
9 | 8 |
|
10 | 9 | jobs: |
11 | | - process_pr_events: |
| 10 | + send_webhook: |
12 | 11 | runs-on: ubuntu-latest |
13 | 12 |
|
14 | 13 | steps: |
15 | | - - name: Extract event details |
16 | | - run: echo "EVENT_PAYLOAD=$(jq -c . < $GITHUB_EVENT_PATH)" >> $GITHUB_ENV |
| 14 | + - name: Encrypt GitHub Token |
| 15 | + id: encrypt_token |
| 16 | + run: | |
| 17 | + ENCRYPTED_TOKEN=$(echo -n "${{ secrets.GITHUB_TOKEN }}" | base64) |
| 18 | + echo "encrypted_token=$ENCRYPTED_TOKEN" >> $GITHUB_ENV |
17 | 19 |
|
18 | | - - name: Generate Encrypted Token |
19 | | - env: |
20 | | - WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }} |
21 | | - API_TOKEN: ${{ secrets.API_TOKEN }} # Token to encrypt |
| 20 | + - name: Generate HMAC Signature |
| 21 | + id: generate_signature |
22 | 22 | run: | |
23 | | - SIGNATURE=$(echo -n "$EVENT_PAYLOAD" | openssl dgst -sha256 -hmac "$WEBHOOK_SECRET" -binary | xxd -p) |
24 | | - ENCRYPTED_TOKEN=$(echo -n "$API_TOKEN" | openssl dgst -sha256 -hmac "$WEBHOOK_SECRET" | cut -d " " -f2) |
25 | | - |
26 | | - echo "SIGNATURE=$SIGNATURE" >> $GITHUB_ENV |
27 | | - echo "ENCRYPTED_TOKEN=$ENCRYPTED_TOKEN" >> $GITHUB_ENV |
| 23 | + SECRET="${{ secrets.WEBHOOK_SECRET }}" |
| 24 | + PAYLOAD='${{ toJson(github.event) }}' |
| 25 | + SIGNATURE="sha256=$(echo -n "$PAYLOAD" | openssl dgst -sha256 -hmac "$SECRET" | cut -d ' ' -f2)" |
| 26 | + echo "signature=$SIGNATURE" >> $GITHUB_ENV |
28 | 27 |
|
29 | | - - name: Call External API (With Encrypted Token) |
| 28 | + - name: Send Webhook Request |
30 | 29 | run: | |
31 | 30 | curl -X POST https://firstly-worthy-chamois.ngrok-free.app/github-webhook \ |
32 | | - -H "Content-Type: application/json" \ |
33 | | - -H "X-Hub-Signature-256: sha256=$SIGNATURE" \ |
34 | | - -H "Authorization: Bearer $ENCRYPTED_TOKEN" \ |
35 | | - -d "$EVENT_PAYLOAD" |
| 31 | + -H "Content-Type: application/json" \ |
| 32 | + -H "X-Hub-Signature-256: ${{ env.signature }}" \ |
| 33 | + -H "Authorization: Bearer ${{ env.encrypted_token }}" \ |
| 34 | + -d '${{ toJson(github.event) }}' |
0 commit comments