ADR-0003: GitHub App Webhook Ingestion with Argo Events
Status
Accepted
Context
This ADR documents how GitHub App webhooks are securely ingested and dispatched
to per-repository Argo WorkflowTemplates using Argo Events and Argo CD.
Decision
- Use a single global webhook EventSource for all GitHub App installations.
- Validate GitHub webhook signatures (HMAC SHA-256) outside Argo Events.
- Dispatch events to per-repo WorkflowTemplates via one Sensor per repo.
- Enforce multi-tenancy via Argo CD AppProject boundaries.
Architecture
GitHub App -> Webhook Verifier -> Argo Events EventSource -> Sensor -> WorkflowTemplate
Rationale
Argo Events generic webhook EventSource does not natively validate GitHub HMAC
signatures. Validation is required per GitHub security guidance.
Consequences
Pros:
- Secure webhook ingestion
- Scales with number of repos
- Clean tenant isolation
Cons:
- Requires a small verification component or hardened ingress
References
ADR-0003: GitHub App Webhook Ingestion with Argo Events
Status
Accepted
Context
This ADR documents how GitHub App webhooks are securely ingested and dispatched
to per-repository Argo WorkflowTemplates using Argo Events and Argo CD.
Decision
Architecture
GitHub App -> Webhook Verifier -> Argo Events EventSource -> Sensor -> WorkflowTemplate
Rationale
Argo Events generic webhook EventSource does not natively validate GitHub HMAC
signatures. Validation is required per GitHub security guidance.
Consequences
Pros:
Cons:
References
https://docs.github.com/en/webhooks/using-webhooks/validating-webhook-deliveries
https://github.com/argoproj/argo-events/tree/master/examples/event-sources/webhook
https://argoproj.github.io/argo-events/tutorials/03-github-webhook/