Explore the essential concepts of setting up and managing GitHub webhooks. This quiz helps assess your knowledge of webhook events, payloads, security practices, and common usage in collaborative development workflows.
Which event would you select to trigger a webhook when a new issue is created in a repository, but not when an issue is closed or commented on?
Explanation: The 'issues' event is specifically designed to trigger webhooks when issues are created, edited, or deleted, but not when comments are added. The 'issue_comment' event only triggers when a comment is made on an issue, not when the issue itself is created. The 'push' event relates to code pushes and is unrelated to issues, while 'fork' triggers only when the repository is forked, not when issues are created.
What is the default content type format used for webhook payloads sent to your endpoint unless otherwise specified?
Explanation: By default, webhook payloads are sent as 'application/json', which is a widely supported format for data interchange over HTTP. 'application/xml' is not the default and would require explicit configuration. 'text/plain' is for unstructured text which is not suitable for structured event data, and 'multipart/form-data' is typically used for submitting form data, not for payloads.
Which method helps validate that an incoming webhook payload is legitimately sent and not tampered with during transmission?
Explanation: Attaching a secret token allows the sender to compute an HMAC signature of the payload, which the receiver can verify to ensure authenticity and integrity. Allowing requests from all IPs increases risk and does not provide verification. Using HTTP instead of HTTPS exposes data in transit to interception. Disabling event filtering does not relate to authenticity or security.
If a webhook delivery fails due to a temporary server outage at the receiving endpoint, what typically happens according to best practices?
Explanation: Webhook systems usually implement automatic retry logic for failed deliveries, attempting to resend the payload after a delay. Immediate deletion of the webhook or locking the repository is not standard behavior and would disrupt normal operations. Sending an email to collaborators is not a direct response to a failed delivery.
A development team wants to automate deployment whenever changes are pushed to the main branch. Which webhook event should they subscribe to?
Explanation: The 'push' event is triggered whenever code is pushed to a repository, making it suitable for automating deployment. 'watch' relates to notifications when users subscribe to updates, 'pull_request_review' is for events related to reviews of pull requests, and 'star' is triggered when a user bookmarks the repository. These alternatives do not relate directly to code deployment triggers.