A Cloudflare Worker + GitHub App Example
ISC License
A Cloudflare Worker + GitHub App Example
The worker.js file is a Cloudflare Worker which is continuously deployed using GitHub Actions (see .github/workflows/deploy.yml).
The worker does 2 things
GET
requests: respond with an HTML website with links and a live counter of installations.POST
requests: handle webhook request from GitHub⚠️ The requests from GitHub are currently not verified using the signature, because the code is currently using Node's crypto package. This will be resolved once I create a universal webhook verification package, similar to universal-github-app-jwt
. For the time being, you could define a secret path that that webhook requests by GitHub are sent to, in order to prevent anyone who knows your workers URL from sending fake webhook requests. See #1
Note that you require access to the new GitHub Actions for the automated deployment to work.
Fork this repository
Create a Cloudflare account (it's free!) if you don't have one yet.
Install the wrangler
CLI and login with your account
npm install --global wrangler
wrangler login
Edit the wrangler.toml
file, change the value for account_id
to your own (select your account, then find your Account ID at the bottom of the side bar)
Add the following secrets to your Cloudflare worker:
APP_ID
: In your GitHub App registration's settings page, find App ID
wrangler secret put APP_ID
WEBHOOK_SECRET
: In your GitHub App registration's settings page, find Webhook secret
wrangler secret put WEBHOOK_SECRET
PRIVATE_KEY
: Generate a private key (see the button at the bottom of your GitHub App registration's settings page).
You will be prompted to download a *.pem
file. After download, rename it to private-key.pem
.
Convert the key from the PKCS#1
format to PKCS#8
(The WebCrypto API only supports PKCS#8
):
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in private-key.pem -out private-key-pkcs8.pem
Write the contents of the new file into the secret PRIVATE_KEY
:
cat private-key-pkcs8.pem | wrangler secret put PRIVATE_KEY
Add the following secret in your fork's repository settings:
CF_API_TOKEN
: Create a new token, use the "Edit Cloudflare Workers" templateThat should be it. The worker.js
file will now be continously deployed to Cloudflare each time there is a commit to master.
The OAuth App Avatar and this repository's social preview are using @cameronmcefee's cloud Octodex graphic :octocat:💖