Refactor GitHub Actions workflow to enhance webhook payload structure and add support for 'docs-to-vector' branch. The payload now includes repository name and uses HMAC for signature verification.

Author: mguptahub

.github/workflows/docs-to-vector.yml

@@ -5,32 +5,55 @@ on:
   push:
     branches:
       - master
+      - docs-to-vector
 
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - name: Call Webhook (Master)
-        if: ${{ github.ref_name == 'master' }}
+      - name: Prepare Payload
+        id: payload
         run: |
-          curl -X POST \
-            -H "Content-Type: application/json" \
-            -d '{"commit_id": "${{ github.sha }}", "branch": "${{ github.ref_name }}"}' \
-            ${{ secrets.VECTOR_WEBHOOK_URL }}
+          payload=$(jq -n \
+            --arg current_commit_id "${{ github.sha }}" \
+            --arg branch_name "${{ github.ref_name }}" \
+            --arg repo_name "${{ github.event.repository.name }}" \
+            '{
+              current_commit_id: $current_commit_id,
+              branch_name: $branch_name,
+              repo_name: $repo_name,
+            }')
 
+          echo "$payload" > /tmp/payload.json
+          
       - name: Connect to company network
-        if: ${{ github.ref_name != 'master' }}
         uses: tailscale/github-action@v3
         with:
           oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
           oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
           tags: tag:ci
 
       - name: Call Webhook (Preview)
-        if: ${{ github.ref_name != 'master' }}
         run: |
+          payload=$(cat /tmp/payload.json)
+          sig=$(printf '%s' "$payload" | \
+              openssl dgst -sha256 -hmac "${{ secrets.VECTOR_WEBHOOK_SECRET_PREVIEW }}" -binary | xxd -p -c 256)
+          
           curl -X POST \
             -H "Content-Type: application/json" \
-            -d '{"commit_id": "${{ github.sha }}", "branch": "${{ github.ref_name }}"}' \
+            -H "X-Hub-Signature-256: sha256=$sig" \
+            -d "$payload" \
             ${{ secrets.VECTOR_WEBHOOK_URL_PREVIEW }}
 
+      - name: Call Webhook (Master)
+        if: ${{ github.ref_name == 'master' }}
+        run: |
+          payload=$(cat /tmp/payload.json)
+          sig=$(printf '%s' "$payload" | \
+              openssl dgst -sha256 -hmac "${{ secrets.VECTOR_WEBHOOK_SECRET }}" -binary | xxd -p -c 256)
+          
+          curl -X POST \
+            -H "Content-Type: application/json" \
+            -H "X-Hub-Signature-256: sha256=$sig" \
+            -d "$payload" \
+            ${{ secrets.VECTOR_WEBHOOK_URL }}