Github apps boil down to two things really:
- Being able to use the github API on repo’s you don’t own if your app is “installed” on those repos.
- Responding to events via web hooks, which means you can use any backend tech you want to sent up and endpoint for Github to send webhooks to.
The second point makes me think “make it serverless” and “put it in my Redwood app”.
I plan on making a Github integration but not quiet yet, but I wanted to get a proof of concept working so that I feel a bit more grounded in what that task will involve. And I took notes along the way so here’s my guide.
Hopefully that’s useful to someone else.
Webhook signature verification is in v0.31 but the docs are just awaiting some approval. they get in today.
See: Docs: Serverless function security considerations & Webhooks by dthyresson · Pull Request #659 · redwoodjs/redwoodjs.com · GitHub
SHA256Verifier example here can be used to verify GitHub webhooks. The example is Discourse, but you just need to use the GitHub signature header
X-Hub-Signature-256 instead which is noted.
@Irev-Dev If you choose to update your app with the v31 RedwoodJS Webhook verifiers, it’d be wonderful to get your post to reflect it’s use so more RW devs can learn about it.
Hope it makes WH’s more adoptable and easier to use in all kinda of integrations.
Oh cool. Didn’t know about that.
I added a note in the post, everything else is pretty generic to serverless functions so might as well keep the post generic.
I’ll probably use the helper in my own code though.