Skip to content

gr2m/cloudflare-worker-github-app-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
.github
.github
 
 
assets
assets
 
 
lib
lib
 
 
.gitignore
.gitignore
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
worker.js
worker.js
 
 
wrangler.toml
wrangler.toml
 
 

Repository files navigation

cloudflare-worker-github-app-example

A Cloudflare Worker + GitHub App Example

The worker.js file is a Cloudflare Worker which is continuously deployed using GitHub Actions (see .github/workflows/deploy.yml).

The worker does 2 things

  1. GET requests: respond with an HTML website with links and a live counter of installations.
  2. POST requests: handle webhook request from GitHub

⚠️ The requests from GitHub are currently not verified using the signature, because the code is currently using Node's crypto package. This will be resolved once I create a universal webhook verification package, similar to universal-github-app-jwt. For the time being, you could define a secret path that that webhook requests by GitHub are sent to, in order to prevent anyone who knows your workers URL from sending fake webhook requests. See #1

screen recording of GitHub app creating a comment on a new GitHub issue

Step-by-step instructions to create your own

Note that you require access to the new GitHub Actions for the automated deployment to work.

  1. Fork this repository

  2. Create a GitHub App

  3. Create a Cloudflare account (it's free!) if you don't have one yet.

  4. Install the wrangler CLI and login with your account

    npm install --global wrangler
wrangler login

  5. Edit the wrangler.toml file, change the value for account_id to your own (select your account, then find your Account ID at the bottom of the side bar)

  6. Add the following secrets to your Cloudflare worker:

    • APP_ID: In your GitHub App registration's settings page, find App ID

      wrangler secret put APP_ID

    • WEBHOOK_SECRET: In your GitHub App registration's settings page, find Webhook secret

      wrangler secret put WEBHOOK_SECRET

    • PRIVATE_KEY: Generate a private key (see the button at the bottom of your GitHub App registration's settings page).

      1. You will be prompted to download a *.pem file. After download, rename it to private-key.pem.

      2. Convert the key from the PKCS#1 format to PKCS#8 (The WebCrypto API only supports PKCS#8):

        openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in private-key.pem -out private-key-pkcs8.pem

      3. Write the contents of the new file into the secret PRIVATE_KEY:

        cat private-key-pkcs8.pem | wrangler secret put PRIVATE_KEY

  7. Add the following secret in your fork's repository settings:

That should be it. The worker.js file will now be continously deployed to Cloudflare each time there is a commit to master.

See also

Credits

The OAuth App Avatar and this repository's social preview are using @cameronmcefee's cloud Octodex graphic :octocat:💖

License

ISC

About

A Cloudflare Worker + GitHub App Example

github.com/apps/cloudflare-worker-example

Topics

cloudflare-worker cloudflare-workers

Resources

Readme

License

ISC license

Code of conduct

Code of conduct
Activity

Stars

35 stars

Watchers

3 watching

Forks

10 forks
Report repository

Releases 2

v1.0.1 Latest
Sep 6, 2022
+ 1 release

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages