Authorization & Authentication
- Install the OAuth2 gem in your Ruby project. You can do this by adding
oauth2 to your Gemfile and running bundle install.
- To authenticate with the GitHub API, you need a personal access token. You can generate one via GitHub's settings. Use this token to configure your OAuth2 client in your Ruby script.
require 'oauth2'
client = OAuth2::Client.new('CLIENT_ID', 'CLIENT_SECRET', site: 'https://github.com', authorize_url: '/login/oauth/authorize', token_url: '/login/oauth/access_token')
token = client.client_credentials.get_token
Managing Webhooks
- To list webhooks in a repository, make an HTTP GET request to the relevant endpoint using an authenticated client. The repository name and owner will be part of the URL path.
- To create a new webhook, construct a POST request with the webhook details in the body. The details include the
config attributes, such as URL and content type.
require 'faraday'
require 'json'
conn = Faraday.new(url: 'https://api.github.com') do |faraday|
faraday.request :url_encoded
faraday.adapter Faraday.default_adapter
end
response = conn.get do |req|
req.url '/repos/:owner/:repo/hooks'
req.headers['Authorization'] = "token YOUR_PERSONAL_TOKEN"
req.headers['Accept'] = 'application/vnd.github.v3+json'
end
webhooks = JSON.parse(response.body)
puts webhooks
Creating a Webhook
- Define the
config attribute within a hash, specifying keys like url, content\_type, etc. Don't forget to handle SSL with proper security if needed.
- Send this configuration using a POST request to the webhooks endpoint of the repository you’re targeting.
new_hook = {
config: {
url: 'http://example.com/payload',
content_type: 'json',
},
events: ['push'],
active: true
}
response = conn.post do |req|
req.url '/repos/:owner/:repo/hooks'
req.headers['Authorization'] = "token YOUR_PERSONAL_TOKEN"
req.headers['Accept'] = 'application/vnd.github.v3+json'
req.body = new_hook.to_json
end
puts response.status
puts response.body
Handling Webhook Payloads
- Write a server-side script using Sinatra or another Ruby framework to handle HTTP POST requests that GitHub will send to your webhook URL. Verify these requests using GitHub's secret or the payload content.
- Within your handler, parse the JSON payload to extract necessary details and perform actions based on the event type contained in the payload.
require 'sinatra'
require 'json'
post '/payload' do
request.body.rewind
payload_body = request.body.read
verify_signature(payload_body)
push_event = JSON.parse(payload_body)
if push_event['ref'] == 'refs/heads/main'
# Do something on main branch push
end
end
def verify_signature(payload_body)
signature = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), 'your_github_secret', payload_body)
return halt 500, "Signatures didn't match!" unless Rack::Utils.secure_compare(signature, request.env['HTTP_X_HUB_SIGNATURE'])
end
Rate Limiting & Best Practices
- Monitor API requests to avoid exceeding GitHub's rate limits. Utilize headers in API responses to gauge your current rate limit status.
- Handle temporary outages by catching exceptions and implementing retries with exponential backoff in your API calls.
- Stay updated with GitHub's API changes and best practices to ensure continued compliance and efficient interaction with their services.
response.headers['X-RateLimit-Remaining']
response.headers['X-RateLimit-Reset']
