Add webhook validation and dynamic payload for deployment in GitHub Actions

Author: Nasrallah-AL

.github/workflows/deploy.yml

@@ -9,11 +9,34 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    env:
+      DEPLOY_WEBHOOK_URL: ${{ secrets.DEPLOY_WEBHOOK_URL }}
+      DEPLOY_WEBHOOK_SECRET: ${{ secrets.DEPLOY_WEBHOOK_SECRET }}
     steps:
+      - name: Validate deploy webhook configuration
+        run: |
+          test -n "$DEPLOY_WEBHOOK_URL" || { echo "Missing DEPLOY_WEBHOOK_URL secret"; exit 1; }
+          test -n "$DEPLOY_WEBHOOK_SECRET" || { echo "Missing DEPLOY_WEBHOOK_SECRET secret"; exit 1; }
+
       - name: Trigger deployment webhook
         run: |
-          curl -X POST \
+          payload=$(cat <<EOF
+          {
+            "ref": "${GITHUB_REF}",
+            "sha": "${GITHUB_SHA}",
+            "repository": "${GITHUB_REPOSITORY}",
+            "workflow": "${GITHUB_WORKFLOW}",
+            "run_id": "${GITHUB_RUN_ID}"
+          }
+          EOF
+          )
+
+          curl --fail --show-error --silent \
+            --retry 3 \
+            --retry-all-errors \
+            --max-time 30 \
+            -X POST \
             -H "Content-Type: application/json" \
-            -H "X-Webhook-Secret: nexus-workflow-webhook-secret-2026" \
-            -d '{"ref": "refs/heads/main"}' \
-            https://webhook.foothilltech.net/hooks/nexus-workflow-deploy
+            -H "X-Webhook-Secret: ${DEPLOY_WEBHOOK_SECRET}" \
+            -d "$payload" \
+            "$DEPLOY_WEBHOOK_URL"