entries_controller.rb

class EntriesController < ApplicationController

  skip_before_action :verify_authenticity_token, only: :create
  before_action :verify_signature, only: :create

  def create
    Entry.create(label: params[:pull_request][:title]) if pr_base_is?("master") && pr_merged?
  end

  private
  
    def pr_base_is?(branch)
      params[:pull_request][:base][:ref] == branch
    end
  
    def pr_merged?
      params[:pull_request][:merged] && params[:pull_request][:state] == "closed"
    end

    def verify_signature
      payload_body = request.body.read
      signature = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), ENV['SECRET_TOKEN'], payload_body)
      render status: 500 unless Rack::Utils.secure_compare(signature, request.env['HTTP_X_HUB_SIGNATURE'])
    end

end