Skip to content

Commit 9dda91a

Browse files
committed
Add webhook validation and dynamic payload for deployment in GitHub Actions
1 parent 46c5c78 commit 9dda91a

1 file changed

Lines changed: 27 additions & 4 deletions

File tree

.github/workflows/deploy.yml

Lines changed: 27 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,11 +9,34 @@ on:
99
jobs:
1010
deploy:
1111
runs-on: ubuntu-latest
12+
env:
13+
DEPLOY_WEBHOOK_URL: ${{ secrets.DEPLOY_WEBHOOK_URL }}
14+
DEPLOY_WEBHOOK_SECRET: ${{ secrets.DEPLOY_WEBHOOK_SECRET }}
1215
steps:
16+
- name: Validate deploy webhook configuration
17+
run: |
18+
test -n "$DEPLOY_WEBHOOK_URL" || { echo "Missing DEPLOY_WEBHOOK_URL secret"; exit 1; }
19+
test -n "$DEPLOY_WEBHOOK_SECRET" || { echo "Missing DEPLOY_WEBHOOK_SECRET secret"; exit 1; }
20+
1321
- name: Trigger deployment webhook
1422
run: |
15-
curl -X POST \
23+
payload=$(cat <<EOF
24+
{
25+
"ref": "${GITHUB_REF}",
26+
"sha": "${GITHUB_SHA}",
27+
"repository": "${GITHUB_REPOSITORY}",
28+
"workflow": "${GITHUB_WORKFLOW}",
29+
"run_id": "${GITHUB_RUN_ID}"
30+
}
31+
EOF
32+
)
33+
34+
curl --fail --show-error --silent \
35+
--retry 3 \
36+
--retry-all-errors \
37+
--max-time 30 \
38+
-X POST \
1639
-H "Content-Type: application/json" \
17-
-H "X-Webhook-Secret: nexus-workflow-webhook-secret-2026" \
18-
-d '{"ref": "refs/heads/main"}' \
19-
https://webhook.foothilltech.net/hooks/nexus-workflow-deploy
40+
-H "X-Webhook-Secret: ${DEPLOY_WEBHOOK_SECRET}" \
41+
-d "$payload" \
42+
"$DEPLOY_WEBHOOK_URL"

0 commit comments

Comments
 (0)