GitHub webhooks

GitHub retried 3 times. Did your deploy actually trigger?

GitHub webhooks time out after 10 seconds and retry silently. Duplicate deliveries, failed signatures, and dropped events are invisible unless you're watching. Relin watches.

Start free How gap detection works

Relin — GitHub webhooks

a1b2c3d4pushdelivered

e5f6g7h8pull_requestdelivered

e5f6g7h8pull_requestduplicate

i9j0k1l2releasesig failed

m3n4o5p6pushdelivered

q7r8s9t0issuesdelivered

Failure modes Relin detects

Retry storm after endpoint timeout

Your endpoint took 12 seconds to respond. GitHub retried 3 times — each one triggered a duplicate deploy. Relin dedupes and flags the retries.

Deduped · 3 attempts logged · e5f6g7h8

Signature verification failed

Release webhook arrived with an invalid HMAC signature. Could be a misconfigured secret or a spoofed request. Logged and flagged, not silently dropped.

Alerted on Slack · Signature rule · i9j0k1l2

Push events silently dropped

GitHub's delivery log shows 4 recent deliveries. Relin only received 3. One push event was lost in transit — no retry came.

Alerted on Slack · Delivery API reconciliation · Pro

Duplicate detection

Relin dedupes by X-GitHub-Delivery header. Retry storms don't trigger duplicate processing — but every attempt is logged.

Signature monitoring

Failed signatures are flagged instantly, not silently rejected. See exactly which events had bad signatures and investigate.

Delivery API reconciliation

Relin polls GitHub's hook delivery API and diffs against the ledger. Finds webhooks that GitHub sent but your endpoint never received.

Your CI pipeline trusts GitHub webhooks. Should it?

Two minutes to set up. Get alerted when deliveries go wrong.

Start free