1import{serve}from"https://deno.land/std@0.224.0/http/server.ts";
2import{createHmac}from"node:crypto";
3
4constGITHUB_SECRET=Deno.env.get("GITHUB_WEBHOOK_SECRET")!;
5
6interfacePushEvent{
7ref:string;
8repository:{full_name:string;url:string};
9commits:{id:string;message:string;author:{name:string}}[];
10}
11
12functionverifyPayload(raw:string,sig:string):boolean{
13consthash=
14"sha256="+
15createHmac("sha256",GITHUB_SECRET).update(raw).digest("hex");
16returnhash===sig;
17}
18
19asyncfunctionhandlePush(req:Request):Promise<Response>{
20constraw=awaitreq.text();
21constsig=req.headers.get("x-hub-signature-256")??"";
22
23if(!verifyPayload(raw,sig)){
24returnnewResponse("Forbidden",{status:403});
25}
26
27constevent=req.headers.get("x-github-event");
28constpayload:PushEvent=JSON.parse(raw);
29
30console.log(
31`[${event}] ${payload.repository.full_name}:`+
32` ${payload.commits.length} commit(s) on ${payload.ref}`
33);
34
35returnnewResponse(
36JSON.stringify({ok:true,event,repo:payload.repository.full_name}),
37{headers:{"content-type":"application/json"}}
38);
39}
40
41serve(handlePush,{port:8080});
openpieces