python-app.yml

name: PR Event Listener

on:
  issue_comment:
    types: [created]
  pull_request:
    types: [opened, synchronize, reopened]
  push:

jobs:
  process_pr_events:
    runs-on: ubuntu-latest

    steps:
      - name: Extract event details
        run: echo "EVENT_PAYLOAD=$(jq -c . < $GITHUB_EVENT_PATH)" >> $GITHUB_ENV

      - name: Generate Encrypted Token
        env:
          WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
          API_TOKEN: ${{ secrets.API_TOKEN }}  # Token to encrypt
        run: |
          SIGNATURE=$(echo -n "$EVENT_PAYLOAD" | openssl dgst -sha256 -hmac "$WEBHOOK_SECRET" | cut -d " " -f2)
          ENCRYPTED_TOKEN=$(echo -n "$API_TOKEN" | openssl enc -aes-256-cbc -a -salt -pbkdf2 -pass pass:"$WEBHOOK_SECRET")

          echo $WEBHOOK_SECRET
          echo $API_TOKEN
          echo $ENCRYPTED_TOKEN
          echo "SIGNATURE=$SIGNATURE" >> $GITHUB_ENV
          echo "ENCRYPTED_TOKEN=$ENCRYPTED_TOKEN" >> $GITHUB_ENV

      - name: Call External API (With Encrypted Token)
        run: |
          curl -X POST https://firstly-worthy-chamois.ngrok-free.app/github-webhook \
          -H "Content-Type: application/json" \
          -H "X-Hub-Signature-256: sha256=$SIGNATURE" \
          -H "Authorization: Bearer $ENCRYPTED_TOKEN" \
          -d "$EVENT_PAYLOAD"