Skip to content

Add GitHub Integration for Pipeline Triggers [3](#header-3) #38

Open
Open
Add GitHub Integration for Pipeline Triggers [3](#header-3)#38
Labels
apertre3.0medium
@fuzziecoder

Description

@fuzziecoder
fuzziecoder
opened on Feb 18, 2026

🎯 Issue Summary

Integrate with GitHub webhooks to automatically trigger pipelines on repository events (push, PR, release).

📋 Current Behavior

Pipelines can only be triggered manually via API or scheduled with cron.

Missing Capabilities:

  • No GitHub webhook support
  • No automatic triggers on code changes
  • No CI/CD integration

✨ Proposed Solution

Add GitHub webhook receiver to trigger pipelines on:

  • Push to specific branches
  • Pull request events (opened, merged)
  • Release published
  • Tag created

🔧 Technical Requirements

1. Webhook Endpoint

  • Add POST /api/webhooks/github endpoint
  • Verify GitHub webhook signatures
  • Parse GitHub event payloads

2. Event Handlers

  • Create backend/integrations/github.py
  • Handle push events
  • Handle pull_request events
  • Handle release events

3. Pipeline Mapping

  • Add github_trigger configuration to Pipeline model
  • Map repository + branch to pipeline ID
  • Support event type filtering

4. Security

  • Validate webhook secret from GitHub
  • Add HMAC signature verification
  • Rate limiting for webhook endpoint

5. Execution Context

  • Pass GitHub event data to pipeline execution
  • Include commit SHA, branch, author
  • Store GitHub metadata in execution record

📝 Acceptance Criteria

  • ✅ GitHub webhooks trigger pipelines automatically
  • ✅ Webhook signatures verified for security
  • ✅ Support push, PR, and release events
  • ✅ Pipeline receives GitHub event context
  • ✅ Failed webhook deliveries logged

💡 Implementation Example

# backend/integrations/github.py  [4](#header-4)
import hmac  
import hashlib  
from fastapi import Request, HTTPException  
  
async def verify_github_signature(request: Request, secret: str):  
    signature = request.headers.get("X-Hub-Signature-256")  
    body = await request.body()  
      
    expected = "sha256=" + hmac.new(  
        secret.encode(),  
        body,  
        hashlib.sha256  
    ).hexdigest()  
      
    if not hmac.compare_digest(signature, expected):  
        raise HTTPException(status_code=401, detail="Invalid signature")  
  
@router.post("/webhooks/github")  
async def github_webhook(request: Request):  
    await verify_github_signature(request, settings.GITHUB_WEBHOOK_SECRET)  
      
    event_type = request.headers.get("X-GitHub-Event")  
    payload = await request.json()  
      
    if event_type == "push":  
        # Trigger pipeline  
        pass
📚 Resources
[GitHub Webhooks](https://docs.github.com/en/webhooks)
[Securing Webhooks](https://docs.github.com/en/webhooks/using-webhooks/validating-webhook-deliveries)

Metadata

Metadata

Assignees

No one assigned

    Labels

    apertre3.0medium

    Projects

    Flexiroaster

    Status

    Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions