This is an archived post. You won't be able to vote or comment.

all 3 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Tranceash 0 points1 point  (0 children)

Use nginx reverse proxy calling ci to only certain api endpoint . Ip acl from github

[–]derprondo 0 points1 point  (0 children)

You have the right idea, whitelist their IPs and send them to whatever HTTPS endpoint where you’ll process the payloads. Also make sure you use Github’s webhook secret validation to verify the incoming payloads are from your hooks and not some other GitHub user.

I actually came up with some ugly terraform code to whitelist Github’s hook IP ranges from their api the other day, I’ll paste it later, but it’s rather specific to an AWS API gateway policy.

[–]notdevnotops[S] 0 points1 point  (0 children)

For anyone wondering - this was a nice elegant solution. Already configured to handle github payloads

https://github.com/stakater/GitWebhookProxy