Skip to content

Commit e98824e

Browse files
mguptahubmguptahub
committed
Enhanced GitHub Actions workflow by adding payload preparation and HMAC signature generation for webhook calls, improving security and data integrity for both master and non-master branch deployments.
1 parent 3099ef0 commit e98824e

File tree

1 file changed

+20
-2
lines changed

1 file changed

+20
-2
lines changed

.github/workflows/docs-to-vector.yml

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,17 +5,30 @@ on:
55
push:
66
branches:
77
- master
8+
- docs-to-vector
89

910
jobs:
1011
build:
1112
runs-on: ubuntu-latest
1213
steps:
14+
- name: Prepare Payload
15+
id: payload
16+
run: |
17+
payload='{"current_commit_id": "${{ github.sha }}", "branch": "${{ github.ref_name }}", "repo_name": "${{ github.event.repository.name }}"}'
18+
echo "PAYLOAD=$payload" >> $GITHUB_OUTPUT
19+
20+
1321
- name: Call Webhook (Master)
1422
if: ${{ github.ref_name == 'master' }}
1523
run: |
24+
payload=${{ steps.payload.outputs.PAYLOAD }}
25+
sig=$(printf '%s' "$payload" | \
26+
openssl dgst -sha256 -hmac "${{ secrets.VECTOR_WEBHOOK_SECRET }}" -binary | xxd -p -c 256)
27+
1628
curl -X POST \
1729
-H "Content-Type: application/json" \
18-
-d '{"commit_id": "${{ github.sha }}", "branch": "${{ github.ref_name }}"}' \
30+
-H "X-Hub-Signature-256: sha256=$sig" \
31+
-d "$payload" \
1932
${{ secrets.VECTOR_WEBHOOK_URL }}
2033
2134
- name: Connect to company network
@@ -29,8 +42,13 @@ jobs:
2942
- name: Call Webhook (Preview)
3043
if: ${{ github.ref_name != 'master' }}
3144
run: |
45+
payload=${{ steps.payload.outputs.PAYLOAD }}
46+
sig=$(printf '%s' "$payload" | \
47+
openssl dgst -sha256 -hmac "${{ secrets.VECTOR_WEBHOOK_SECRET_PREVIEW }}" -binary | xxd -p -c 256)
48+
3249
curl -X POST \
3350
-H "Content-Type: application/json" \
34-
-d '{"commit_id": "${{ github.sha }}", "branch": "${{ github.ref_name }}"}' \
51+
-H "X-Hub-Signature-256: sha256=$sig" \
52+
-d "$payload" \
3553
${{ secrets.VECTOR_WEBHOOK_URL_PREVIEW }}
3654

0 commit comments

Comments
 (0)