Automating GitHub Deployments with a Webhook and Secure Node.js Script
MOJAHID UL HAQUE
DevOps Engineer
Automating GitHub Deployments with a Webhook and Secure Node.js Script
Today, I wanted to share a quick look behind the scenes at a script I recently implemented to streamline deployments for our project using GitHub webhooks, Node.js, and PM2.
What's happening?
1. GitHub Webhook Listener: This script sets up an Express server listening on port 4000 for GitHub webhook events. When new changes are pushed to the master branch, it triggers our deployment process automatically!
2. Secure Signature Verification: Using crypto, we verify that the request came from GitHub by checking the HMAC signature (x-hub-signature-256 header). If the signature doesn't match, we reject the request with a 403 error for added security.
3. Automated Deployment with a Bash Script: Once the request is verified, we run a deployment script in the background: - Pulls the latest changes from GitHub (git pull). - Installs dependencies (npm install) and builds the project (npm run build). - Reloads the apps using PM2 for a seamless update.
4. Comprehensive Logging: The entire process is logged in a central log file (deploy.log) for easy debugging and monitoring.
Originally posted on LinkedIn
View original postRelated Posts
Advanced CI/CD Pipeline with GitHub Actions and Docker
Build a production-ready CI/CD pipeline with GitHub Actions and Docker, including secure image promotion, caching, rollout gates, and rollback strategy.
Most DevOps problems aren't tech problems - They're organizational chaos wearing a YAML hoodie
Most "DevOps problems" aren't tech problems. They're just organizational chaos wearing a YAML hoodie. We love to buy tools to fix culture. It never works. If you want to actually ship faster, try this Rule of Three: 1. Repeat it 3 times? Automate it. 2. Need a 12-step README to run it? You didn't automate it, you just outsourced the confusion. 3. Takes more time to maintain than it saves? Delete it. You've built a monument, not a tool. The Boring DevOps Checklist: Pipelines: Should be idempotent and predictable. If it's "flaky," it's broken. Infra: Treat it like code. If it's not versioned and reviewed, it's a liability. Alerts: If it doesn't require immediate human action? Don't send a page. The Goal: One command to deploy. One dashboard to verify. Stop looking for more tools. Start looking for less surprise.
DevOps without Shell is like cat without /etc/passwd
DevOps without Shell is like cat without /etc/passwd — technically possible, but you're missing the point. Shell scripting remains one of the most fundamental skills for any DevOps engineer. It's the glue that holds automation together and the first tool you reach for when solving problems on the fly.