Secure GitHub webhooks with HMAC256 signature validation

Name: Secure GitHub webhooks with HMAC256 signature validation
Availability: InStock
Rating: 4.5 (10 reviews)
Author: Yves Tkaczyk

$20/month : Unlimited workflows

2500 executions/month

Try free

THE #1 IN WEB SCRAPING

Scrape any website without limits

Try free

HOSTINGER 🎉 Early Black Friday Deal
DISCOUNT 20%

Self-hosted n8n

Unlimited workflows - from $4.99/mo

Try free

#1 hub for scraping, AI & automation

6000+ actors - $5 credits/mo

Try free

Use cases

Ensure that the calls to the workflow's webhook are (a) originating from the correct GitHub repository and (b) haven't been tampered with.

How it works

When a secret is provided in a GitHub webhook configuration, a x-hub-signature-256 header is added to the webhook.
Compute HMAC256 computes the HMAC256 signature similarly to how it was computed by GitHub.
Validate HMAC256 tests for the equality of the computed value and the value provided by the header.
- If the values are equal then 200 is returned to GitHub and the workflow continues
- If the values are NOT equal then 401 is returned and the workflow ends.
- Note: The Stop and Error step is optional and can be removed. Removing it means that the workflow completes successfully while still returning 401 to GitHub. This means that you will not be able to easily track malicious or incorrect calls to your webhook from n8n.

How to use

Add the steps (1) and (2) of the workflow to your current workflow receiving webhook calls from GitHub.
Update the Secret field in the Compute HMAC256 node with the same value as the secret stored in the Secret field in the GitHub webhook definition.

Requirements

GitHub account and repository.
GitHub webhook setup with a Secret key. Key can be of any length and should be generated with a key or password generator.

Who’s it for

Developers or DevOps engineers who want to ensure secure webhook communication between GitHub and n8n.

How to customize the workflow

This is a building block for your own workflow. If you use this workflow as a base, replace step (3) with your own business logic.
You can modify the Stop and Error node to log unauthorized requests or trigger alerts.

⚠️ Warning

The secret is stored in plain text in the workflow. You should take this into consideration if the workflow is committed to source control or shared in any other way.

Need Help?

Reach out on LinkedIn or Ask in the Forum!

Yves Tkaczyk

0 workflows

Nodes

set gmail telegram agent google-gemini

Complexity

intermediate

Published 25 Sept 2025

Likes 0

View on n8n.io Download Workflow

✨

Share Your Workflow

Have a great workflow to share? Join the n8n Creator Hub and help the community!

Submit Your Template How to Submit

Related Workflows

Email reports on expiring Microsoft Entra ID app secrets and certificates with Microsoft Graph

## Monitor expiring EntraID application secrets and notify responsible Stay ahead of credential expirations by automatically detecting Entra ID application client secrets and certificates that are about to expire, and sending a neatly formatted email report. ### What this workflow solves Expired client secrets and certificates are a common cause of unexpected outages and failed integrations. Manually checking expiration dates across many Entra ID applications is tedious and easy to miss. This workflow automates the discovery and reporting of credentials that will expire within a configurable time window. ### Key features - Fetches all **Microsoft Entra ID applications** along with: - **Client secrets** (`passwordCredentials`) - **Certificates** (`keyCredentials`) - Splits credentials into individual entries for easier processing - Filters credentials expiring **within the next _N_ days** (configurable) - Normalizes results into a consistent structure including: - Application name - App ID - Credential type (Client Secret / Certificate) - Credential name + ID - Days remaining until expiration - Generates an **HTML table report**, sorted by application name - Sends an email **only when expiring items are found** (otherwise does nothing) ### How it works 1. Fetches all Entra ID applications and their credential metadata via Microsoft Graph 2. Separates client secrets and certificates into individual entries 3. Filters entries that expire within the configured time window 4. Builds a normalized list of expiring items with days remaining 5. Emails an HTML table report (only if results exist) ### Setup requirements - **Microsoft Entra ID app registration** with Microsoft Graph **Application permissions**: - `Application.Read.All` - In n8n: - Create **Microsoft Graph OAuth2** credentials (Client Credentials flow recommended) - Assign those credentials to the **Get EntraID Applications and Secrets** HTTP Request node - Update the **Set Variables** node: - `notificationEmail`: where to send the report - `daysBeforeExpiry`: alert window in days (e.g., 14) ### Notes - The email table highlights soon-to-expire credentials more prominently (based on remaining days). - For automation, replace the manual trigger with a **Schedule Trigger** (e.g., daily/weekly). - The workflow accesses **metadata only** (names/IDs/expiry), not secret values.

View

Get domain expiry reminders with Google Sheets, WHOIS, Telegram, and Ollama AI

This workflow helps you monitor domain expiration dates and send automated reminders via Telegram when a domain is about to expire or has already expired, using WHOIS data and AI-powered information extracting. It helps prevent service downtime, lost traffic, and missed renewals for individuals and teams managing multiple domains. Common use cases: - Track and remind on agency-managed client domains - Monitor personal or business domain portfolios - Send automated expiry alerts for IT and DevOps teams ## How it works - Runs daily at 08:00 AM - Reads domain data from Google Sheets - Fetches WHOIS information from whois.com for each domain - Extracts the data (expired date, domain owner, status domain) using AI - Sends a Telegram reminder if the domain expires within 90 days - Records the notification date to avoid duplicate alerts ## Setup steps 1. Add your Google Sheets ID and ensure the required columns exist 2. Connect your [Google Sheets credentials](https://docs.n8n.io/integrations/builtin/app-nodes/n8n-nodes-base.googlesheets) 3. Connect your [Telegram credentials](https://docs.n8n.io/integrations/builtin/app-nodes/n8n-nodes-base.telegram/chat-operations) 4. Configure your LLM provider (Ollama or other) 5. Activate the workflow ### Need Help? Contact me on [LinkedIn](https://www.linkedin.com/in/dwicahyas/)!

View

Analyze mobile app build-time hotspots with Gradle, CocoaPods, Airtable, GitHub, Gmail and GPT-4.1-mini

# Mobile App Build Time Hotspot Tracker - Gradle/CocoaPods Analyzer Alerting This workflow automates the monitoring and analysis of CI/CD build performance for mobile projects using Gradle and CocoaPods. It triggers upon build completion, compares metrics against historical performance stored in Airtable, and leverages AI to identify regressions. The system provides automated feedback via GitHub PR comments and email alerts for critical performance drops. ### ⚡ Quick Implementation Steps 1. Configure CI Pipeline: Set your CI job to send a POST request with build metrics to the workflow's Webhook URL. 2. Set Configuration: Adjust the regressionThreshold (default: 20%) and excludeModules in the Set Configuration node. 3. Connect Airtable: Link your credentials to the Fetch Historical Builds and Store Build Data nodes. 4. Connect GitHub & Gmail: Authenticate your GitHub and Gmail OAuth2 credentials for reporting. 5. Verify AI Model: Ensure the OpenAI Chat Model is connected to power the performance analysis. ## What It Does The workflow acts as an intelligent performance gatekeeper for development pipelines: 1. **Metric Collection:** Captures detailed task durations, build IDs, and PR context directly from CI/CD webhooks. 2. **Historical Comparison:** Automatically retrieves the last 10 builds for a specific repository to calculate average baselines. 3. **AI-Powered Diagnostics:** Uses a specialized AI agent to analyze slowdowns, identify root causes, and provide optimization recommendations. 4. **Automated Reporting:** Categorizes findings by severity (Critical, Warning, Info) and updates stakeholders through PR comments and high-priority emails. ## Who’s It For - Mobile Engineering Teams looking to prevent "death by a thousand cuts" in build time slowdowns. - DevOps/Platform Engineers who need automated auditing of build infrastructure health. - Release Managers requiring an audit trail of performance regressions across different pull requests. ## Technical Workflow Breakdown ### Entry Points (Triggers) 1. Webhook: Listens for POST requests at /webhook/build-hotspot-tracker containing build metrics and repository metadata. ### Processing & Logic 1. Set Configuration: Defines static variables like regression sensitivity and modules to ignore (e.g., test modules). 2. Historical Analysis: Aggregate nodes calculate min, max, and average build times from historical records. 3. AI Build Analyzer: An AI Agent utilizing GPT-4.1-mini to synthesize current build data with historical trends and PR context. 4. Route by Severity: A switch node that directs the workflow based on whether the AI classifies the regression as Critical, Warning, or Info. ### Output & Integrations 1. GitHub (Comment on PR): Posts a formatted markdown report including a severity badge, regressions list, and root causes. 2. Airtable (Store Build Data): Logs the build ID, total duration, and AI recommendations for long-term tracking. 3. Gmail (Notify Email): Sends immediate alerts to the team for critical regressions, including a direct link to the affected PR. ## Customization ### Adjust Sensitivity Modify the regressionThreshold in the Set Configuration node to change how aggressive the system is in flagging slowdowns (e.g., set to 10 for stricter monitoring). ### Module Filtering Update the excludeModules parameter to ignore specific tasks like linting or unit tests that may have volatile durations but do not represent core build performance. ### Analysis Detail The AI Build Analyzer prompt can be customized to focus on specific platform needs, such as focusing heavily on CocoaPods link times or Gradle configuration phases. ## Troubleshooting Guide | Issue | Possible Cause | Solution | | :-------------------------- | :----------------------------------------- | :----------------------------------------------------------------------------------------- | | **No PR Comments** | GitHub permissions or incorrect PR number. | Verify your GitHub token has write access and the CI payload includes a valid prNumber. | | **Historical Data Missing** | Airtable Filter failure. | Ensure the repository and prNumber fields in Airtable match the incoming Webhook data. | | **AI Analysis Errors** | OpenAI credits or model timeout. | Check your OpenAI API quota and verify the gpt-4.1-mini model is available in your region. | | **Emails Not Sending** | Gmail OAuth2 expired. | Re-authenticate the Gmail node in your n8n credentials settings. | ## Need Help? If you need assistance customizing this workflow, adding new features or integrating more systems (like JIRA, Slack or Google Sheets), feel free to reach out. Our [n8n automation experts](https://www.weblineindia.com/hire-n8n-developers/) at WeblineIndia are here to support you in scaling your automation journey.

View

👨‍💻

Need Custom Automation?

N8N Automation Expert

Specialized in N8N automation, I design custom workflows that connect your tools and automate your processes.