Guide
GitHub Webhooks Integration Guide
Forward GitHub webhooks through Charon Gate for automatic X-Hub-Signature-256 verification, retries, and dead-letter capture on CI/CD events.
This guide shows you how to use Charon Gate as a reliability layer for GitHub webhooks. Whether you're forwarding push events to a CI pipeline, repository events to an internal tool, or pull request events to a review bot, Charon Gate ensures every event is captured, verified, and delivered.
Prerequisites
- A Charon Gate account (sign up free)
- A GitHub repository or organisation where you can configure webhooks
1. Create a Charon Gate endpoint
- Log in to the Charon Gate dashboard
- Go to Endpoints → New endpoint
- Select the GitHub template
- Set Destination URL to your application's handler (e.g.
https://your-app.com/webhooks/github) - Note the Ingest URL — you'll give this to GitHub
2. Configure a GitHub webhook
For a repository:
- Go to your repository → Settings → Webhooks → Add webhook
- Set Payload URL to your Charon Gate ingest URL
- Set Content type to
application/json - Set Secret — generate a strong random string (e.g.
openssl rand -hex 32) - Choose which events to send (or Send me everything for full capture)
- Click Add webhook
For an organisation:
Same steps, but go to your organisation → Settings → Webhooks.
3. Add the signing secret to Charon Gate
- Open your endpoint in the Charon Gate dashboard → Settings
- Paste the secret you generated into Ingest signing secret
- Save
Charon Gate now verifies every X-Hub-Signature-256 header using HMAC-SHA256. Events that fail verification are rejected and logged — they never reach your application.
4. Test the webhook
GitHub provides a Recent Deliveries panel on each webhook. You can redeliver any event from there, or trigger a real event (e.g. push a commit) and watch it appear in the Charon Gate dashboard.
What Charon Gate handles for you
| Concern | How Charon Gate handles it |
|---|---|
| Signature verification | HMAC-SHA256 on X-Hub-Signature-256 |
| Your server is down during a push | Retries with backoff; event held until delivery succeeds |
| CI pipeline slow to start | Charon Gate acknowledges GitHub immediately; forwards asynchronously |
| All retries exhausted | DLQ entry + Slack/email alert |
| Duplicate delivery (GitHub retries) | Deduplication via X-GitHub-Delivery header |
Recommended events to capture
For CI/CD pipelines:
push
pull_request
check_run
check_suite
workflow_run
For repository management tools:
create
delete
repository
member
team
For review bots and automation:
pull_request
pull_request_review
issue_comment
issues
Troubleshooting
GitHub shows failed to deliver but event appears in Charon Gate
→ Charon Gate acknowledged the event (202). The failure shown in GitHub means the initial delivery to Charon Gate worked, but GitHub is still showing the original delivery status. Check the Charon Gate event detail for the actual forward delivery status.
Events showing signature_verification_failed
→ Confirm the secret you entered in Charon Gate matches what you set in GitHub exactly (no extra spaces or newlines).
Push events not appearing → Verify the GitHub webhook shows Recent Deliveries with green checkmarks. If GitHub can't reach the Charon Gate ingest URL, check for network/firewall issues.