Webhooks
POST /{o}/{p}/webhooks/github
Receive a GitHub pull_request webhook
HMAC-authenticated (X-Hub-Signature-256, keyed on the per-action webhook secret). Transitions the matching pull-request ActionRun on PR close (merged → succeeded, closed → failed). Unmatched/unsigned events are silently acknowledged. No Bearer token.
Auth: HMAC-SHA256 signature (
X-Hub-Signature-256header) · Webhook self-auth — no Bearer token.
Path parameters
| Name | Type | Description |
|---|---|---|
o | string | |
p | string |
Request body (application/json)
| Field | Type | Description |
|---|---|---|
action | string | (required) |
repository | object | (required) |
pull_request | object |
Responses
| Status | Description | Schema |
|---|---|---|
200 | Acknowledged | WebhookAck |
400 | Invalid or malformed payload | Error |
401 | Invalid HMAC signature | Error |
POST /webhooks/github
Receive GitHub App webhook events
HMAC-authenticated (X-Hub-Signature-256, keyed on the GitHub App webhook secret). Dispatches installation/repo lifecycle events. No Bearer token.
Auth: HMAC-SHA256 signature (
X-Hub-Signature-256header) · Webhook self-auth — no Bearer token.
Responses
| Status | Description | Schema |
|---|---|---|
200 | Dispatched | GitHubWebhookOutcome |
400 | Invalid JSON | Error |
401 | Invalid HMAC signature | Error |
503 | GitHub App not configured | Error |
Schemas
Error
| Field | Type | Description |
|---|---|---|
error | string | (required) |
code | string |
GitHubWebhookOutcome
| Field | Type | Description |
|---|---|---|
ok | true | (required) |
outcome | object |
WebhookAck
| Field | Type | Description |
|---|---|---|
ok | true | (required) |
ON THIS PAGE