Securely call Webhook endpoint after your Action finishes
Sending a json string, url
, and hmacSecret
are required fields, and data
is optional.
- name: Webhook
uses: navied/[email protected]
with:
url: https://example.com
data: '{ "example": "data" }'
hmacSecret: ${{ secrets.HMAC_SECRET }}
The request will include the header X-Hub-Signature
, which is the hmac signature of the raw body just like in Github webhooks, and also the header X-Hub-SHA
which is the SHA of the commit running the github action.
Verify it on your endpoint for integrity.
Thanks to https://github.com/koraykoska/secure-actions-webhook for providing the base signature generation code.