-
Notifications
You must be signed in to change notification settings - Fork 64
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs | update test-file content and add webhook secrets documentation
- Loading branch information
Showing
2 changed files
with
17 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| This is a sample paragraph. It contains a few sentences to demonstrate the structure of a paragraph. A paragraph is a collection of related sentences that develop a central idea. It usually starts with a topic sentence, followed by supporting sentences, and ends with a concluding sentence. | ||
| GitHub webhooks allow you to build or set up integrations that subscribe to certain events on GitHub.com. When one of those events is triggered, GitHub sends an HTTP POST payload to the webhook's configured URL. Webhooks can be used to update an external issue tracker, trigger CI builds, update a backup mirror, or even deploy to your production server. They are a powerful way to automate workflows and integrate with other services, making it easier to manage and streamline your development process. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # Secrets in GitHub Webhooks | ||
|
|
||
| When working with GitHub webhooks, it's important to secure your webhooks using secrets. A secret is a key that is shared between GitHub and your server to ensure that the payloads received by your server are from GitHub and not from a malicious third party. | ||
|
|
||
| ## Setting Up a Secret | ||
|
|
||
| 1. **Generate a Secret**: Create a random string that will be used as your secret. You can use a tool like `openssl` to generate a secret: | ||
| ``` | ||
| openssl rand -base64 32 | ||
| ``` | ||
|
|
||
| 2. **Configure the Webhook**: When you create or update a webhook in your GitHub repository settings, you can add the secret in the "Secret" field. | ||
|
|
||
| 3. **Verify the Payload**: On your server, you need to verify the payload using the secret. GitHub sends a `X-Hub-Signature-256` header with each webhook payload. This header contains the HMAC hex digest of the payload, using the secret as the key. | ||
|
|
||
| Here is an example of how you can verify the payload in Python: |