Claude-skill-registry github-webhook-setup

install

source · Clone the upstream repo

git clone https://github.com/majiayu000/claude-skill-registry

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/github-webhook-setup" ~/.claude/skills/majiayu000-claude-skill-registry-github-webhook-setup && rm -rf "$T"

manifest: skills/data/github-webhook-setup/SKILL.md

GitHub Webhook Setup Skill

Configure GitHub webhooks for automatic deployment on push events.

Quick Start

To add a new repo for auto-deployment:

Provide the repository name (e.g., "my-project")
Confirm the local project path exists on the server
Follow the GitHub webhook configuration steps

Example: "Set up webhook for my-project repo"

When to Use This Skill
What This Skill Does
Instructions
- 3.1 Verify WEBHOOK_SECRET
- 3.2 Check Endpoint Accessibility
- 3.3 Add Hook Configuration
- 3.4 Guide GitHub Setup
- 3.5 Test the Webhook
- 3.6 Verify Deployment
Supporting Files
Expected Outcomes
Requirements
Red Flags to Avoid

When to Use This Skill

Explicit Triggers:

"Set up webhook for [repo]"
"Add GitHub auto-deploy for [repo]"
"Configure webhook for [repository]"
"New repo needs auto-deployment"

Implicit Triggers:

Creating a new project that needs CI/CD
Setting up a new service in the infrastructure
Migrating a project to this server

Debugging Triggers:

"Webhook not triggering"
"Push event not deploying"
"GitHub webhook returning 403/401"
"Deployment not working"

What This Skill Does

Verifies Environment - Checks WEBHOOK_SECRET exists (generates if needed)
Tests Accessibility - Confirms webhook.temet.ai endpoint responds
Configures Hook - Adds entry to hooks.json for the new repo
Guides GitHub Setup - Provides exact steps for GitHub webhook configuration
Tests Integration - Validates webhook receives events correctly
Verifies Deployment - Confirms push triggers deployment script

Instructions

3.1 Verify WEBHOOK_SECRET

Check if WEBHOOK_SECRET exists in .env:

grep -E "^WEBHOOK_SECRET=" /home/dawiddutoit/projects/network/.env

If missing or placeholder value, generate a new secret:

openssl rand -hex 32

Add to .env:

WEBHOOK_SECRET=<generated-hex-string>

Important: After updating .env, restart the webhook container:

cd /home/dawiddutoit/projects/network && docker compose restart webhook

3.2 Check Endpoint Accessibility

Test the webhook health endpoint:

curl -I https://webhook.temet.ai/hooks/health

Expected response:

HTTP/2 200
content-type: text/plain; charset=utf-8

If not accessible:

Check Cloudflare tunnel is running:
```
docker ps | grep cloudflared
```
Verify bypass policy exists for webhook.temet.ai
Check webhook container:
```
docker ps | grep webhook
```
View webhook logs:
```
docker logs webhook --tail 50
```

3.3 Add Hook Configuration

Location:

/home/dawiddutoit/projects/network/config/hooks.json

Template for new hook:

{
  "id": "<repo-name>",
  "execute-command": "/scripts/deploy.sh",
  "command-working-directory": "/projects/<repo-name>",
  "pass-arguments-to-command": [
    {
      "source": "payload",
      "name": "repository.full_name"
    }
  ],
  "trigger-rule": {
    "and": [
      {
        "match": {
          "type": "payload-hmac-sha256",
          "secret": "WEBHOOK_SECRET",
          "parameter": {
            "source": "header",
            "name": "X-Hub-Signature-256"
          }
        }
      },
      {
        "match": {
          "type": "value",
          "value": "refs/heads/main",
          "parameter": {
            "source": "payload",
            "name": "ref"
          }
        }
      }
    ]
  },
  "response-message": "Deployment triggered for <repo-name>"
}

Key Fields:

Field	Description
`id`	Hook identifier (used in webhook URL)
`command-working-directory`	Path where repo is cloned on server
`trigger-rule.match[1].value`	Branch to trigger on (usually `refs/heads/main` )

Steps to add:

Read current hooks.json
Add new entry to the array (before closing
```
]
```
)
Restart webhook container:
```
docker compose restart webhook
```

3.4 Guide GitHub Setup

Provide these exact instructions to the user:

GITHUB WEBHOOK CONFIGURATION

1. Go to your repository on GitHub
2. Click: Settings -> Webhooks -> Add webhook

3. Configure the webhook:
   - Payload URL: https://webhook.temet.ai/hooks/<repo-name>
   - Content type: application/json
   - Secret: <value-from-WEBHOOK_SECRET-in-.env>
   - SSL verification: Enable SSL verification (checked)

4. Events:
   - Select: "Just the push event"

5. Active: Checked

6. Click "Add webhook"

Important: The secret in GitHub MUST match WEBHOOK_SECRET in .env exactly.

3.5 Test the Webhook

Option A: Push to trigger

# Make a small change and push to main branch
git commit --allow-empty -m "Test webhook"
git push origin main

Option B: GitHub UI test

Go to repo Settings -> Webhooks
Click on the webhook
Go to "Recent Deliveries" tab
Click "Redeliver" on any delivery (or wait for a push)

Check webhook received the event:

docker logs webhook --tail 20

Expected log output:

[webhook] incoming HTTP request from X.X.X.X POST /hooks/<repo-name>
[webhook] <repo-name> got matched
[webhook] executing /scripts/deploy.sh

3.6 Verify Deployment

Check deployment script executed:

# View deploy logs
ls -la /tmp/deploy-*.log | tail -5

# Read latest deploy log
cat $(ls -t /tmp/deploy-*.log | head -1)

Expected log content:

[timestamp] === Deployment triggered for: owner/repo-name ===
[timestamp] Working directory: /projects/<repo-name>
[timestamp] Pulling latest changes...
[timestamp] Services updated successfully
[timestamp] === Deployment complete ===

Verify git pulled latest:

cd /projects/<repo-name> && git log -1 --oneline

Supporting Files

File	Purpose
`references/reference.md`	Complete hooks.json schema, troubleshooting guide
`examples/examples.md`	Example configurations for different repo types

Expected Outcomes

Success:

WEBHOOK_SECRET configured in .env
hooks.json updated with new entry
webhook.temet.ai/hooks/<repo-name> accessible
GitHub webhook created and delivering
Push events trigger deployment script
Latest code pulled to server

Partial Success:

Hook configured but GitHub not yet set up (user action needed)
Webhook receiving but deployment script failing (check logs)

Failure Indicators:

401/403 from webhook endpoint -> Secret mismatch
404 from webhook endpoint -> Hook ID not in hooks.json
"signature does not match" in logs -> Secret mismatch
Deployment not running -> Check container logs

Requirements

Environment:

Docker running with webhook container
Cloudflare tunnel connected
webhook.temet.ai with bypass authentication
WEBHOOK_SECRET in .env

Server Setup:

Repository cloned to /projects/<repo-name>
Git configured for pull operations
Docker compose available (if repo has docker-compose.yml)

GitHub:

Repository admin access (to create webhooks)
Main branch exists

Red Flags to Avoid

Do not commit WEBHOOK_SECRET to git
Do not use different secrets for different repos (one secret for all)
Do not forget to restart webhook container after hooks.json changes
Do not skip the health endpoint check
Do not use HTTP (always HTTPS via tunnel)
Do not add hooks for branches other than main without updating trigger-rule
Do not skip testing with an actual push event
Do not forget to clone the repo to /projects/ on the server first

Notes

The webhook container reads WEBHOOK_SECRET as environment variable, referenced in hooks.json as "WEBHOOK_SECRET" (not the actual value)
All repos share the same WEBHOOK_SECRET for simplicity
The deploy.sh script is generic and works for any repo with docker-compose.yml
Webhook endpoint has Cloudflare Access bypass (public access for GitHub)
Deploy logs are written to /tmp/ with timestamps
The health endpoint (/hooks/health) is useful for monitoring