Add hook for GitHub

apps/github-server/api/hook.ts

@@ -0,0 +1,43 @@
+import { VercelRequest, VercelResponse } from '@vercel/node';
+import { createHmac, timingSafeEqual } from 'crypto';
+
+const GITHUB_SECRET = process.env.GITHUB_SECRET || '';
+
+function verifySignature(req: VercelRequest): boolean {
+  const signature = req.headers['x-hub-signature-256'] as string;
+  if (!signature || !GITHUB_SECRET) {
+    return false;
+  }
+
+  const hmac = createHmac('sha256', GITHUB_SECRET);
+  const digest = 'sha256=' + hmac.update(JSON.stringify(req.body)).digest('hex');
+  return timingSafeEqual(Buffer.from(signature), Buffer.from(digest));
+}
+
+export default async function handler(req: VercelRequest, res: VercelResponse) {
+  if (req.method !== 'POST') {
+    return res.status(405).json({ error: 'Method Not Allowed' });
+  }
+
+  if (!verifySignature(req)) {
+    return res.status(401).json({ error: 'Invalid signature' });
+  }
+
+  const event = req.headers['x-github-event'];
+  console.log(`Received GitHub event: ${event}`);
+  console.log('Payload:', req.body);
+
+  // Handle specific GitHub events if needed
+  switch (event) {
+    case 'push':
+      console.log('Push event detected');
+      break;
+    case 'pull_request':
+      console.log('Pull request event detected');
+      break;
+    default:
+      console.log('Unhandled event type');
+  }
+
+  return res.status(200).json({ message: 'Webhook received' });
+}

docs/diagrams/architecture-overview.puml

@@ -35,28 +35,30 @@ HIDE_STEREOTYPE()
 
 AddElementTag("service_account", $bgColor="#1E9EA6", $fontColor="#FFFFFF", $borderColor="#000000")
 
-Person(composable_users, "User", "Vertesia users and staff")
-System_Ext(service_account, "Service Account", "Integration for GitHub", $sprite="robot2", $tags="service_account")
+Person(vertesia_users, "User", "Vertesia users and staff")
+System_Ext(sys_github, "GitHub", "Organizations and repositories subscribed to the Vertesia GitHub AI Agent.", $tags="service_account")
 
 System_Boundary(sys_composable, "Vertesia") {
     System_Boundary(sys_composable_nginx, "https://github.vertesia.dev") {
-        Container(composable_github_server, "GitHub Server", "", "Webhook for GitHub.")
+        Container(vertesia_github_server, "GitHub Server", "", "Webhook for GitHub.")
     }
-    Container(composable_github_worker, "GitHub Agent", "", "Temporal worker for GitHub.")
+    Container(vertesia_github_agent, "GitHub Agent", "", "Temporal worker for GitHub.")
 }
 
 System_Boundary(sys_temporal, "https://cloud.temploral.io") {
     ContainerDb_Ext(temporal_server, "Temporal", "", "Workflow engine.")
 }
 
 ' Clients
-composable_users <---> composable_github_server
-service_account <---> composable_github_server
+vertesia_users ---> vertesia_github_server: send\nevents
+vertesia_users -r-> sys_github: uses
+sys_github ---> vertesia_github_server: send\nevents
 
-service_account -[hidden]r-> composable_users
+sys_github -[hidden]l-> vertesia_users
 
 ' Backend
-composable_github_server -r-> composable_github_worker
-composable_github_server <-d-> temporal_server
-composable_github_worker <-d-> temporal_server
+vertesia_github_server -[hidden]r-> vertesia_github_agent
+vertesia_github_server <-d-> temporal_server
+vertesia_github_agent <-d-> temporal_server
+vertesia_github_agent -u-> sys_github: provides\ninformation
 @enduml