github has a function called webhook that sends a request to the hook for the event that occurred. For example, by combining github webhook + googlo cloud function + slack, you can implement your own github-> slack notification function.
You can set secrets in github secret. You can use this to create a more secure webhook application.
Securing webhooks (https://docs.github.com/ja/developers/webhooks-and-events/securing-your-webhooks)
This time, when implementing the notification app with google cloud function, make a note of how to do this secure implementation.
import hmac
import hashlib
def verify_github_secrets(req) -> bool:
secret_value = "YOUR_SECRET"
sigExpected = request.headers.get("X-Hub-Signature").split('sha1=')[-1].strip()
sigCalculated = hmac.new(secret_value.encode(), request.data, hashlib.sha1).hexdigest()
return hmac.compare_digest(sigCalculated, sigExpected)
def main(req):
if not verify_github_secrets(req):
return "fail github auth"
#TODO implementation
return "ok"
Recommended Posts