{"id":15090922,"url":"https://github.com/nexthink-oss/github-hook-proxy","last_synced_at":"2025-06-27T23:32:11.584Z","repository":{"id":65198870,"uuid":"573501780","full_name":"nexthink-oss/github-hook-proxy","owner":"nexthink-oss","description":"A validating proxy to facilitate secure delivery of GitHub webhook payloads to multiple targets behind a firewall","archived":false,"fork":false,"pushed_at":"2025-04-18T19:47:58.000Z","size":211,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-19T07:52:54.518Z","etag":null,"topics":["github","jenkins","proxy","webhook"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nexthink-oss.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-12-02T16:02:18.000Z","updated_at":"2025-04-18T19:47:54.000Z","dependencies_parsed_at":"2023-11-07T07:27:43.605Z","dependency_job_id":"35f81451-cefa-49a7-8d06-71cb1788a7f6","html_url":"https://github.com/nexthink-oss/github-hook-proxy","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/nexthink-oss/github-hook-proxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nexthink-oss%2Fgithub-hook-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nexthink-oss%2Fgithub-hook-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nexthink-oss%2Fgithub-hook-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nexthink-oss%2Fgithub-hook-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nexthink-oss","download_url":"https://codeload.github.com/nexthink-oss/github-hook-proxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nexthink-oss%2Fgithub-hook-proxy/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262351397,"owners_count":23297609,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github","jenkins","proxy","webhook"],"created_at":"2024-09-25T10:34:41.356Z","updated_at":"2025-06-27T23:32:11.562Z","avatar_url":"https://github.com/nexthink-oss.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![CodeQL](https://github.com/nexthink-oss/github-hook-proxy/actions/workflows/codeql.yml/badge.svg)](https://github.com/nexthink-oss/github-hook-proxy/actions/workflows/codeql.yml)\n[![Go Report Card](https://goreportcard.com/badge/github.com/nexthink-oss/github-hook-proxy)](https://goreportcard.com/report/github.com/nexthink-oss/github-hook-proxy)\n\n# GitHub Hook Proxy\n\nA validating proxy to facilitate secure delivery of GitHub webhook payloads to multiple targets behind a firewall.\n\n## Features\n\n* Support for multiple backend webhook targets\n* GitHub payload validation based on HMAC-SHA256\n* Optional secret storage in HashiCorp Vault K/V store\n\n## Configuration\n\nBy default, the daemon will look for a Viper-style configuration file with the prefix \"config\" (i.e. `config.yaml` for YAML configuration, `config.toml` if you prefer TOML, etc.) in `/etc/github-hook-proxy` followed by the current working directory.\n\n### Supported keys\n\nThe following root configuration keys are supported:\n\n* `listener`: (optional) listener configuration (default: `{address: 127.0.0.1, port: 8080, tls: {}}`)\n* `targets`: (required) list of targets (default: `[]`)\n* `vault`: (optional) vault configuration (default: `{}`)\n* `verbose`: (optional) if set, debug mode will be enabled (default: `false`)\n\n#### `listener`\n\n* `address`: (optional) listener bind address (default: `127.0.0.1`)\n* `port`: (optional) listener bind port (default: `8080`)\n* `tls`: (optional) listener TLS certificate configuration, see below (default: `{}`)\n\nThe `tls` key if specified should contain two keys which, when set, will cause the proxy to listen for HTTPS rather than HTTP requests:\n\n* `private-key`: (required) path to PEM format TLS private key\n* `public-key`: (required) path to PEM format TLS public key\n\n#### `targets`\n\nEach target object takes the form `\"\u003ctargetName\u003e\": {}`, with the following keys supported:\n\n* `url`: (required) full URL to which payloads for this target should be forwarded\n* `secret`: (optional) shared secret for validation of payloads associated with this target (default: load from vault); an explicitly blank secret (`secret: \"\"`) will disable payload validation\n* `events`: (optional) list of events to accept for this target (default: `[ping, push, pull_request]`)\n* `jenkins-validation`: (optional) boolean controlling whether to accept [Jenkins GitHub plugin](https://plugins.jenkins.io/github/) validation requests (default: `false`); *not* required for Jenkins to receive externally configured webhook payloads\n\n#### `vault`\n\nIf any target does not specify a static secret, then Vault must be configured:\n\n* `address`: (optional) full URL of your Vault instance (default: `https://127.0.0.1:8080`); may also be specified via VAULT_ADDR.\n* `token-file`: (optional) path to Vault token file; the VAULT_TOKEN environment variable will take priority.\n* `mount`: (optional) mountpoint of the Vault K/V v2 store holding target webhook secrets (default: `secret`)\n* `secret`: (optional) template string for the path within the Vault K/V v2 store holding a specific target's webhook secret; must contain a single `%s` which will be filled in with each target's name. (default: `github-webhooks/%s`)\n* `field`: (optional) field within the target's K/V v2 secret holding the GitHub webhook secret (default: `secret`)\n\n### Example Configuration\n\nSee [`example-config.yaml`](example-config.yaml) for example configuration.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnexthink-oss%2Fgithub-hook-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnexthink-oss%2Fgithub-hook-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnexthink-oss%2Fgithub-hook-proxy/lists"}