m3y54m · February 3, 2023 16:29
diff --git a/github-webhook-verification.php b/github-webhook-verification.php
 <?php

 // Content-type in github webhook settings should be x-www-form-urlencoded
 // It's better to be exported as an environment variable or in a .env file.
 define("GITHUB_WEBHOOK_SECRET", "write your github webhook secret here");

 $body = file_get_contents("php://input");

 function verifySignature($body)
 {
  $headers = getallheaders();
  return hash_equals('sha256=' . hash_hmac('sha256', $body, GITHUB_WEBHOOK_SECRET), $headers['X-Hub-Signature-256']);
 }

 if (verifySignature($body) !== false) {
  // Verified
  // Return HTTP status code 200: OK
  http_response_code(200);

  // Run deployment script
  // ...
  // If there was a problem in deployment process
  // Return HTTP status code 500: Internal Server Error
  // http_response_code(500);
 } else {
  // Unverified
  // Return HTTP status code 403: Forbidden
  http_response_code(403);
 }
 ?>
	<?php

	// Content-type in github webhook settings should be x-www-form-urlencoded
	// It's better to be exported as an environment variable or in a .env file.
	define("GITHUB_WEBHOOK_SECRET", "write your github webhook secret here");

	$body = file_get_contents("php://input");

	function verifySignature($body)
	{
	$headers = getallheaders();
	return hash_equals('sha256=' . hash_hmac('sha256', $body, GITHUB_WEBHOOK_SECRET), $headers['X-Hub-Signature-256']);
	}

	if (verifySignature($body) !== false) {
	// Verified
	// Return HTTP status code 200: OK
	http_response_code(200);

	// Run deployment script
	// ...
	// If there was a problem in deployment process
	// Return HTTP status code 500: Internal Server Error
	// http_response_code(500);
	} else {
	// Unverified
	// Return HTTP status code 403: Forbidden
	http_response_code(403);
	}
	?>