Automating GitHub Deployments with a Webhook and Secure Node.js Script

Automating GitHub Deployments with a Webhook and Secure Node.js Script

Today, I wanted to share a quick look behind the scenes at a script I recently implemented to streamline deployments for our project using GitHub webhooks, Node.js, and PM2.

What's happening?

1. GitHub Webhook Listener: This script sets up an Express server listening on port 4000 for GitHub webhook events. When new changes are pushed to the master branch, it triggers our deployment process automatically!

2. Secure Signature Verification: Using crypto, we verify that the request came from GitHub by checking the HMAC signature (x-hub-signature-256 header). If the signature doesn't match, we reject the request with a 403 error for added security.

3. Automated Deployment with a Bash Script: Once the request is verified, we run a deployment script in the background: - Pulls the latest changes from GitHub (git pull). - Installs dependencies (npm install) and builds the project (npm run build). - Reloads the apps using PM2 for a seamless update.

4. Comprehensive Logging: The entire process is logged in a central log file (deploy.log) for easy debugging and monitoring.