trigger github action

Author: kitemongerer

.github/example-workflow.yaml

@@ -0,0 +1,21 @@
+---
+name: example
+
+on:
+  # Allows you to trigger this workflow via the GitHub API
+  workflow_dispatch:
+
+env:
+  GIT_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
+
+jobs:
+  print-trigger-info:
+    runs-on: ubuntu-latest
+    steps:
+    - name: checkout
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ env.GIT_SHA }}
+    - name: Print Info
+      run: |
+        echo "hello"

.gitignore

@@ -0,0 +1,133 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+.pnpm-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional stylelint cache
+.stylelintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variable files
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# vuepress v2.x temp and cache directory
+.temp
+.cache
+
+# Docusaurus cache and generated files
+.docusaurus
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
+
+#IntelliJ
+.idea

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Render Examples
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,14 @@
+# Example Webhook Receiver
+
+This basic example receives webhooks and logs the payload.
+It will fetch service, Postgres, or Key Value store information from the RENDER API for certain webhook types.
+
+## Deploy to Render
+
+1. Use the button below to deploy to Render </br>
+<a href="https://render.com/deploy?repo=https://github.com/render-examples/twingate-example/tree/main"><img src="https://render.com/images/deploy-to-render-button.svg" alt="Deploy to Render"></a>
+
+2. Follow [instructions](https://render.com/docs/webhooks) to create a webhook with the URL from your service and `/webhook` path
+3. Follow [instructions](https://render.com/docs/api#1-create-an-api-key) to create a Render API Key
+4. Set `RENDER_WEBHOOK_SECRET` environment variable to the secret from the webhook created in step 2. SET `RENDER_API_KEY` to the key created in step 3.
+5. Trigger a service deploy and watch the webhooks roll in.

app.ts

@@ -0,0 +1,163 @@
+import { Octokit } from "@octokit/core";
+import express, {NextFunction, Request, Response} from "express";
+import {Webhook, WebhookUnbrandedRequiredHeaders, WebhookVerificationError} from "standardwebhooks"
+
+const app = express();
+const port = process.env.PORT || 3001;
+const renderWebhookSecret = process.env.RENDER_WEBHOOK_SECRET || '';
+
+const renderAPIURL = process.env.RENDER_API_URL || "https://api.render.com/v1"
+
+// To create a Render API token, follow instructions here: https://render.com/docs/api#1-create-an-api-key
+const renderAPIToken = process.env.RENDER_API_TOKEN || '';
+
+const githubAPIToken = process.env.GITHUB_TOKEN || '';
+const githubOwnerName = process.env.GITHUB_OWNER_NAME || '';
+const githubRepoName = process.env.GITHUB_REPO_NAME || '';
+
+const octokit = new Octokit({
+    auth: githubAPIToken
+})
+
+interface WebhookData {
+    id: string
+    serviceId: string
+}
+
+interface WebhookPayload {
+    type: string
+    timestamp: Date
+    data: WebhookData
+}
+
+interface RenderService {
+    id: string
+    name: string
+    repo: string
+}
+
+app.post("/webhook", express.raw({type: 'application/json'}), (req: Request, res: Response, next: NextFunction) => {
+    try {
+        validateWebhook(req);
+    } catch (error) {
+        return next(error)
+    }
+
+    const payload: WebhookPayload = JSON.parse(req.body)
+
+    res.status(200).send({}).end()
+
+    // handle the webhook async so we don't timeout the request
+    handleWebhook(payload)
+});
+
+app.use((err: any, req: Request, res: Response, next: NextFunction) => {
+    console.error(err);
+    if (err instanceof WebhookVerificationError) {
+        res.status(400).send({}).end()
+    } else {
+        res.status(500).send({}).end()
+    }
+});
+
+const server = app.listen(port, () => console.log(`Example app listening on port ${port}!`));
+
+function validateWebhook(req: Request) {
+    const headers: WebhookUnbrandedRequiredHeaders = {
+        "webhook-id": req.header("webhook-id") || "",
+        "webhook-timestamp": req.header("webhook-timestamp") || "",
+        "webhook-signature": req.header("webhook-signature") || ""
+    }
+
+    const wh = new Webhook(renderWebhookSecret);
+    wh.verify(req.body, headers);
+}
+
+async function handleWebhook(payload: WebhookPayload) {
+    try {
+        switch (payload.type) {
+            case "deploy_ended":
+                const event = await fetchEventInfo(payload)
+
+                // TODO add human readable status
+                if (event.details.status != 2) {
+                    console.log(`deploy ended for service ${payload.data.serviceId} with unsuccessful status`)
+                    return
+                }
+
+                const service: RenderService = await fetchServiceInfo(payload)
+
+                if (! service.repo.includes(`${githubOwnerName}/${githubRepoName}`)) {
+                    console.log(`received deploy success for another service: ${service.name}`)
+                    return
+                }
+
+                // TODO trigger github action
+                console.log(`triggering github workflow for ${githubOwnerName}/${githubRepoName} for ${service.name}`)
+                await triggerWorkflow()
+                return
+            default:
+                console.log(`unhandled webhook type ${payload.type} for service ${payload.data.serviceId}`)
+        }
+    } catch (error) {
+        console.error(error)
+    }
+}
+
+async function triggerWorkflow() {
+    await octokit.request('GET /repos/{owner}/{repo}/actions/workflows', {
+        owner: githubOwnerName,
+        repo: githubRepoName,
+        headers: {
+            'X-GitHub-Api-Version': '2022-11-28'
+        }
+    })
+}
+
+// fetchEventInfo fetches the event that triggered the webhook
+// some events have additional information that isn't in the webhook payload
+// for example, deploy events have the deploy id
+async function fetchEventInfo(payload: WebhookPayload) {
+    const res = await fetch(
+        `${renderAPIURL}/events/${payload.data.id}`,
+        {
+            method: "get",
+            headers: {
+                "Content-Type": "application/json",
+                Accept: "application/json",
+                Authorization: `Bearer ${renderAPIToken}`,
+            },
+        },
+    )
+    if (res.ok) {
+        return res.json()
+    } else {
+        throw new Error(`unable to fetch event info; received code :${res.status.toString()}`)
+    }
+}
+
+async function fetchServiceInfo(payload: WebhookPayload) {
+    const res = await fetch(
+        `${renderAPIURL}/services/${payload.data.serviceId}`,
+        {
+            method: "get",
+            headers: {
+                "Content-Type": "application/json",
+                Accept: "application/json",
+                Authorization: `Bearer ${renderAPIToken}`,
+            },
+        },
+    )
+    if (res.ok) {
+        return res.json()
+    } else {
+        throw new Error(`unable to fetch service info; received code :${res.status.toString()}`)
+    }
+}
+
+process.on('SIGTERM', () => {
+    console.debug('SIGTERM signal received: closing HTTP server')
+    server.close(() => {
+        console.debug('HTTP server closed')
+    })
+})