[GH-ISSUE #10] Protecting webhook #715

New Issue

Closed

opened 2026-04-16 13:52:52 -05:00 by GiteaMirror · 4 comments

GiteaMirror commented 2026-04-16 13:52:52 -05:00

Owner

Copy Link

Originally created by @wakebit on GitHub (May 23, 2020).
Original GitHub issue: https://github.com/joelwmale/webhook-action/issues/10

I use this package (https://github.com/adnanh/webhook) as webhook for server. It allows to protect webhook like this:

...
"match":
          {
            "type": "payload-hash-sha1",
            "secret": "<RANDOM-SECRET-STRING>",
            "parameter":
            {
              "source": "header",
              "name": "X-Hub-Signature"
            }
          }
...

where RANDOM-SECRET-STRING is secret key that can be used in Github Webhooks. Is there feature for adding this header and secret key on this action?

Originally created by @wakebit on GitHub (May 23, 2020). Original GitHub issue: https://github.com/joelwmale/webhook-action/issues/10 I use this package (https://github.com/adnanh/webhook) as webhook for server. It allows to protect webhook like this: ``` ... "match": { "type": "payload-hash-sha1", "secret": "<RANDOM-SECRET-STRING>", "parameter": { "source": "header", "name": "X-Hub-Signature" } } ... ``` where RANDOM-SECRET-STRING is secret key that can be used in Github Webhooks. Is there feature for adding this header and secret key on this action?

GiteaMirror closed this issue 2026-04-16 13:52:52 -05:00

GiteaMirror commented 2026-04-16 13:52:53 -05:00

Author

Owner

Copy Link

@beshur commented on GitHub (May 26, 2020):

You can just hide the secret in the repo secrets and use in the action as ${{ secrets.RANDOM_SECRET_STRING }}

See https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets

<!-- gh-comment-id:634059006 --> @beshur commented on GitHub (May 26, 2020): You can just hide the secret in the repo secrets and use in the action as `${{ secrets.RANDOM_SECRET_STRING }}` See https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets

GiteaMirror commented 2026-04-16 13:52:54 -05:00

Author

Owner

Copy Link

@wakebit commented on GitHub (May 26, 2020):

@beshur, I know about Github Secrets. You dont understand my question.

I ask how to add header to this action like it does Github Webhooks when calling hook:
X-Hub-Signature: RANDOM-SECRET-STRING

As I understand, this action does not support headers. Maybe @joelwmale will add this feature.

<!-- gh-comment-id:634070663 --> @wakebit commented on GitHub (May 26, 2020): @beshur, I know about Github Secrets. You dont understand my question. I ask how to add header to this action like it does Github Webhooks when calling hook: `X-Hub-Signature: RANDOM-SECRET-STRING` As I understand, this action does not support headers. Maybe @joelwmale will add this feature.

GiteaMirror commented 2026-04-16 13:52:55 -05:00

Author

Owner

Copy Link

@beshur commented on GitHub (May 26, 2020):

I see, sorry.

Actually, this action only does curl on your WEBHOOK_URL with {data: $data}, so you can as easily do it yourself, until the custom headers are supported.

<!-- gh-comment-id:634123604 --> @beshur commented on GitHub (May 26, 2020): I see, sorry. Actually, this action only does `curl` on your `WEBHOOK_URL` with `{data: $data}`, so you can as easily do it yourself, until the custom headers are supported.

GiteaMirror commented 2026-04-16 13:52:55 -05:00

Author

Owner

Copy Link

@joelwmale commented on GitHub (Aug 26, 2020):

Custom headers are now supported as of v2.0.0. You could use these to add your signature with a custom string to protect your API.

<!-- gh-comment-id:680393684 --> @joelwmale commented on GitHub (Aug 26, 2020): Custom headers are now supported as of [v2.0.0](https://github.com/joelwmale/webhook-action/releases/tag/2.0.0). You could use these to add your signature with a custom string to protect your API.

GiteaMirror referenced this issue 2026-04-16 14:15:27 -05:00

[PR #715] build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.4.0 to 7.13.1 #711

GiteaMirror referenced this issue 2026-04-20 18:37:17 -05:00

[PR #715] build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.4.0 to 7.13.1 #2071

GiteaMirror referenced this issue 2026-04-30 09:09:50 -05:00

[PR #715] build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.4.0 to 7.13.1 #3393

GiteaMirror referenced this issue 2026-05-16 06:37:11 -05:00

[PR #715] build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.4.0 to 7.13.1 #4715

GiteaMirror referenced this issue 2026-06-11 02:48:49 -05:00

[PR #715] build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.4.0 to 7.13.1 #5999

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

develop

master

dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-7.13.1

dependabot/npm_and_yarn/types/node-20.14.8

dependabot/npm_and_yarn/typescript-eslint/parser-7.13.1

dependabot/npm_and_yarn/braces-3.0.3

dependabot/npm_and_yarn/babel/preset-env-7.24.7

dependabot/npm_and_yarn/undici-5.28.4

v2

v2.4.2

2.4.1

2.4.0

2.3.2

2.3.1

2.3.0

2.2.0

2.1.0

2.0.2

2.0.1

2.0.0

1.0.1

1.0.0

Labels

Clear labels

pull-request

Mirrored from GitHub Pull Request

question

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/webhook-action#715