ExploreTemplatesDocsPricingBlogCommunity
Sign in
Sign up
Template workflow to process Github events
@dylburger
code:
data:privatelast updated:4 years ago
Workflow
today
Build integrations remarkably fast!
You're viewing a public workflow template.
Sign up to customize, add steps, modify code and more.
Join 800,000+ developers using the Pipedream platform
steps.
trigger
HTTP API
Deploy to generate unique URL
This workflow runs on Pipedream's servers and is triggered by HTTP / Webhook requests.
steps.
validate_webhook_secret
auth
to use OAuth tokens and API keys in code via theauths object
params
GITHUB SECRET
 
string ·params.GITHUB_SECRET
code
Write any Node.jscodeand use anynpm package. You can alsoexport datafor use in later steps via return or this.key = 'value', pass input data to your code viaparams, and maintain state across executions with$checkpoint.
async (event, steps, params) => {
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
}
22
// Validate the Github webhook secret
const { GITHUB_SECRET } = params

if (!("x-hub-signature" in event.headers)) {
  $end("No x-hub-signature header present in the request. Exiting.")
}
       
// Once we've confirmed we have a signature, we want to 
// validate it by generating an HMAC SHA-256 hexdigest
// and comparing that to the value of the header
// See https://developer.github.com/webhooks/securing/#validating-payloads-from-github
const crypto = require('crypto')

const payload = Buffer.from(steps.trigger.raw_event.body_b64, 'base64').toString('utf8')
const signature = 'sha1=' + crypto.createHmac('sha1', GITHUB_SECRET).update(payload).digest('hex')

// See https://stackoverflow.com/a/31096242/10795955
if (!crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(event.headers["x-hub-signature"]))) {
  $end("The correct secret key was not passed in the event. Exiting!")
}
steps.
filter_ping_event
auth
to use OAuth tokens and API keys in code via theauths object
code
Write any Node.jscodeand use anynpm package. You can alsoexport datafor use in later steps via return or this.key = 'value', pass input data to your code viaparams, and maintain state across executions with$checkpoint.
async (event, steps) => {
1
2
3
4
5
6
7
}
8
// The "zen" string is a bit of random Github wisdom,
// included only on the Ping Event:
// https://developer.github.com/webhooks/#ping-event
if (event.body.zen) {
  $end("Github ping event, exiting early")
}
steps.
filter_non_merge_pr_events
auth
to use OAuth tokens and API keys in code via theauths object
params
Target branch
 
string ·params.target_branch
code
Write any Node.jscodeand use anynpm package. You can alsoexport datafor use in later steps via return or this.key = 'value', pass input data to your code viaparams, and maintain state across executions with$checkpoint.
async (event, steps, params) => {
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
}
16
if (event.headers["x-github-event"] !== 'pull_request') {
  $end("Event isn't a pull request, exiting early")
}

if (event.body.action !== 'closed' || event.body.pull_request.merged === false) {
  $end("This pull requests isn't closed or merged, exiting early")
}

if (steps.trigger.event.body.pull_request.base.ref !== params.target_branch) {
  $end("This pull request isn't targeting the master")
}

// At this point, we have a closed PR against the target branch. 
// The rest of the code in the workflow should run only on closed PRs
Pipedream, Inc. — San Francisco, CA
AboutTwitterDocsCommunityTermsPrivacy