Logo

Automating Deployments with My Custom GitHub Webhook Server

April 30, 2025
DevOpsGolangGitHubAutomationCI/CD

🚀 Automating Deployments with My Custom GitHub Webhook Server

Over the past few weeks, I've been working on an exciting backend tool that now powers seamless deployment for my personal projects. In this post, I'll walk you through how I built and deployed my GitHub Webhook Web Server — a lightweight Go service that automatically updates my live site every time I push changes to GitHub.

🔧 The Problem I Wanted to Solve

Before this setup, every deployment involved SSHing into my server, navigating to the project directory, running git pull, rebuilding the project, restarting services — rinse and repeat.

That wasn't fun.

So I asked myself: Why not automate it?

💡 The Solution: GitHub Webhook + Go

I built a simple Go web server that listens for push events from GitHub. Here's what it does:

  1. Listens for POST requests from GitHub on a specific endpoint (/webhook).
  2. Parses the payload to confirm it's a push to the main branch.
  3. Executes a series of shell commands:
    • git pull to update the repo
    • go build (if it's a Go project)
    • any other project-specific build or restart logic

It's secure, lightweight, and runs as a systemd service on my server. I even added support for logging and branch filtering.

🔐 Security First

To avoid unauthorized access, I implemented:

  • Webhook secret validation: GitHub signs each payload using a shared secret. My server verifies this signature before acting.
  • Read-only SSH key: The server only has pull access to my GitHub repos — no push access.
  • Systemd sandboxing: Limited permissions and auto-restarts keep things stable and secure.

🖥️ Deployment Setup

  • Hosted on my Proxmox server, behind a Cloudflare Tunnel
  • Domain: gh-webhook.shanahjr.com
  • Written entirely in Go
  • Built with the amazing simplicity of net/http and os/exec
  • Autostarts with systemd and logs everything to journalctl

🌐 Real-World Impact

Now, whenever I push changes to main, GitHub fires off a webhook → my server picks it up → and my project is live in seconds.

I've used this setup for:

  • My personal site (shanahjr.com)
  • Internal dashboards
  • Static site rebuilds
  • Go backend projects

And honestly? It just feels good to see it work in real time.

📦 Future Improvements

There's always room to grow:

  • Add retry logic for failed builds
  • Expand to support multiple branches/projects
  • Add a web dashboard to view logs and deployment history

🙌 Final Thoughts

This has been one of the most satisfying bits of DevOps automation I've worked on. Writing your own tools — even if basic — gives you complete control, and I've learned a lot about webhooks, systemd, and secure deployment workflows along the way.

If you're thinking about setting up something similar, I highly recommend it. Happy deploying! 👨‍💻