Provider Guide

GitHub

Capture push, pull_request, and issue events. Verify signatures and test CI trigger logic without a public server.

1. Start the CLI

bash
npx @anonymilyhq/cli listen 3000

2. Add webhook in GitHub

  1. Go to your repo → Settings → Webhooks → Add webhook.
  2. Set Payload URL to your Anonymily URL.
  3. Set Content type to application/json.
  4. Set a Secret (any strong random string). Copy it.
  5. Choose the events to receive and save.

3. Verify the signature

node.js
const crypto = require('crypto'); function verifyGitHubSignature(rawBody, signature, secret) { const expected = 'sha256=' + crypto .createHmac('sha256', secret) .update(rawBody) .digest('hex'); return crypto.timingSafeEqual( Buffer.from(signature), Buffer.from(expected) ); } app.post('/github-webhook', express.raw({ type: '*/*' }), (req, res) => { const sig = req.headers['x-hub-signature-256']; if (!verifyGitHubSignature(req.body, sig, process.env.GITHUB_WEBHOOK_SECRET)) { return res.status(401).send('Invalid signature'); } const event = req.headers['x-github-event']; console.log('GitHub event:', event); res.status(200).send('OK'); });
← All providers