diff --git a/Cargo.lock b/Cargo.lock
index f9f0b15..fb04ecc 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -339,6 +339,7 @@ checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
 dependencies = [
  "block-buffer",
  "crypto-common",
+ "subtle",
 ]
 
 [[package]]
@@ -567,6 +568,15 @@ version = "0.3.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024"
 
+[[package]]
+name = "hmac"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
+dependencies = [
+ "digest",
+]
+
 [[package]]
 name = "home"
 version = "0.5.9"
@@ -1890,10 +1900,14 @@ name = "webhook_bridge"
 version = "0.0.1"
 dependencies = [
  "axum",
+ "base64 0.22.1",
+ "hmac",
+ "http-body-util",
  "k8s-openapi",
  "kube",
  "serde",
  "serde_json",
+ "sha2",
  "tokio",
  "tower-http",
  "tracing",
diff --git a/Cargo.toml b/Cargo.toml
index 3e3e3dc..84aa584 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -20,12 +20,16 @@ include = [
 [dependencies]
 # default form, http1, json, matched-path, original-uri, query, tokio, tower-log, tracing
 axum = { version = "0.7.5", default-features = false, features = ["tokio", "http1", "http2", "json"] }
+base64 = "0.22.1"
+hmac = "0.12.1"
+http-body-util = "0.1.2"
 k8s-openapi = { version = "0.22.0", default-features = false, features = ["v1_30"] }
 # default client, config, rustls-tls
 kube = { version = "0.92.1", default-features = false, features = ["client", "config", "rustls-tls", "derive", "runtime"] }
 serde = { version = "1.0.204", features = ["derive"] }
 # default std
 serde_json = { version = "1.0.120", default-features = false, features = ["std"] }
+sha2 = "0.10.8"
 tokio = { version = "1.38.0", default-features = false, features = ["macros", "process", "rt-multi-thread", "signal"] }
 tower-http = { version = "0.5.2", default-features = false, features = ["trace", "timeout"] }
 # default attributes, std, tracing-attributes
diff --git a/src/main.rs b/src/main.rs
index 7153142..2d6502f 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -2,6 +2,7 @@
 use std::time::Duration;
 
 use axum::http::StatusCode;
+use axum::middleware;
 use axum::routing::get;
 use axum::routing::post;
 use axum::Json;
@@ -15,6 +16,7 @@ use tracing_subscriber::layer::SubscriberExt;
 use tracing_subscriber::util::SubscriberInitExt;
 
 use self::webhook::hook;
+use self::webhook::verify_signature;
 
 mod hook_push;
 mod webhook;
@@ -35,15 +37,16 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         .expect("Set KUBECONFIG to a valid kubernetes config.");
 
     let app = Router::new()
-        .route("/health", get(health))
         .route("/hook", post(hook))
+        .layer(middleware::from_fn(verify_signature))
+        .route("/health", get(health))
         .layer((
             TraceLayer::new_for_http(),
             // Add a timeout layer so graceful shutdown can't wait forever.
             TimeoutLayer::new(Duration::from_secs(600)),
         ));
 
-    let listener = tokio::net::TcpListener::bind("0.0.0.0:8080").await?;
+    let listener = tokio::net::TcpListener::bind("0.0.0.0:9988").await?;
     tracing::info!("listening on {}", listener.local_addr().unwrap());
     axum::serve(listener, app)
         .with_graceful_shutdown(shutdown_signal())
diff --git a/src/webhook.rs b/src/webhook.rs
index f044ca9..86f46ef 100644
--- a/src/webhook.rs
+++ b/src/webhook.rs
@@ -1,17 +1,29 @@
+use std::future::Future;
+
 use axum::async_trait;
+use axum::body::Body;
+use axum::body::Bytes;
 use axum::extract::FromRequest;
 use axum::extract::Request;
 use axum::http::HeaderMap;
 use axum::http::StatusCode;
+use axum::middleware::Next;
 use axum::response::IntoResponse;
 use axum::response::Response;
 use axum::Json;
 use axum::RequestExt;
+use base64::{engine::general_purpose, Engine as _};
+use hmac::Hmac;
+use hmac::Mac;
+use http_body_util::BodyExt;
 use serde::Serialize;
+use sha2::Sha256;
 use tracing::debug;
 
 use crate::hook_push::HookPush;
 
+type HmacSha256 = Hmac<Sha256>;
+
 pub(crate) async fn hook(
     _headers: HeaderMap,
     payload: HookRequest,
@@ -72,3 +84,68 @@ pub(crate) struct HookResponse {
     ok: bool,
     message: Option<String>,
 }
+
+pub(crate) async fn verify_signature(
+    request: Request,
+    next: Next,
+) -> Result<impl IntoResponse, Response> {
+    let signature = request
+        .headers()
+        .get("X-Gitea-Signature")
+        .ok_or(StatusCode::BAD_REQUEST.into_response())?;
+    let signature = signature
+        .to_str()
+        .map_err(|_| StatusCode::BAD_REQUEST.into_response())?;
+    let signature = hex_to_bytes(signature).ok_or(StatusCode::BAD_REQUEST.into_response())?;
+    let secret = std::env::var("WEBHOOK_BRIDGE_HMAC_SECRET")
+        .map_err(|err| (StatusCode::INTERNAL_SERVER_ERROR, err.to_string()).into_response())?;
+
+    let request =
+        inspect_request_body(request, move |body| check_hash(body, secret, signature)).await?;
+
+    Ok(next.run(request).await)
+}
+
+async fn inspect_request_body<F, Fut>(request: Request, inspector: F) -> Result<Request, Response>
+where
+    F: FnOnce(Bytes) -> Fut,
+    Fut: Future<Output = Result<Bytes, Response>>,
+{
+    let (parts, body) = request.into_parts();
+
+    let bytes = body
+        .collect()
+        .await
+        .map_err(|err| (StatusCode::INTERNAL_SERVER_ERROR, err.to_string()).into_response())?
+        .to_bytes();
+
+    let bytes = inspector(bytes).await?;
+
+    Ok(Request::from_parts(parts, Body::from(bytes)))
+}
+
+async fn check_hash(body: Bytes, secret: String, signature: Vec<u8>) -> Result<Bytes, Response> {
+    tracing::info!("Checking signature {:02x?}", signature.as_slice());
+    tracing::info!("Using secret {:?}", secret);
+    tracing::info!("and body {}", general_purpose::STANDARD.encode(&body));
+    let mut mac = HmacSha256::new_from_slice(secret.as_bytes())
+        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()).into_response())?;
+    mac.update(&body);
+    mac.verify_slice(&signature)
+        .map_err(|e| (StatusCode::UNAUTHORIZED, e.to_string()).into_response())?;
+    Ok(body)
+}
+
+fn hex_to_bytes(s: &str) -> Option<Vec<u8>> {
+    if s.len() % 2 == 0 {
+        (0..s.len())
+            .step_by(2)
+            .map(|i| {
+                s.get(i..i + 2)
+                    .and_then(|sub| u8::from_str_radix(sub, 16).ok())
+            })
+            .collect()
+    } else {
+        None
+    }
+}
diff --git a/test_webhook.bash b/test_webhook.bash
index 9c89f06..4ce1167 100755
--- a/test_webhook.bash
+++ b/test_webhook.bash
@@ -5,220 +5,34 @@ IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 function main() {
-    local payload
-    payload=$(cat <<EOF
-{
-  "ref": "refs/heads/main",
-  "before": "25c06cbffd1cd2b372e790732bc8566e575a7f01",
-  "after": "8fb5a83e8672cf9c317087b70cef329cb604eeed",
-  "compare_url": "https://code.fizz.buzz/talexander/webhook_bridge/compare/25c06cbffd1cd2b372e790732bc8566e575a7f01...8fb5a83e8672cf9c317087b70cef329cb604eeed",
-  "commits": [
-    {
-      "id": "8fb5a83e8672cf9c317087b70cef329cb604eeed",
-      "message": "Access log.\n",
-      "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/8fb5a83e8672cf9c317087b70cef329cb604eeed",
-      "author": {
-        "name": "Tom Alexander",
-        "email": "tom@fizz.buzz",
-        "username": ""
-      },
-      "committer": {
-        "name": "Tom Alexander",
-        "email": "tom@fizz.buzz",
-        "username": ""
-      },
-      "verification": null,
-      "timestamp": "2024-07-14T15:50:13-04:00",
-      "added": [],
-      "removed": [],
-      "modified": [
-        "Cargo.lock",
-        "Cargo.toml",
-        "src/main.rs"
-      ]
-    }
-  ],
-  "total_commits": 1,
-  "head_commit": {
-    "id": "8fb5a83e8672cf9c317087b70cef329cb604eeed",
-    "message": "Access log.\n",
-    "url": "https://code.fizz.buzz/talexander/webhook_bridge/commit/8fb5a83e8672cf9c317087b70cef329cb604eeed",
-    "author": {
-      "name": "Tom Alexander",
-      "email": "tom@fizz.buzz",
-      "username": ""
-    },
-    "committer": {
-      "name": "Tom Alexander",
-      "email": "tom@fizz.buzz",
-      "username": ""
-    },
-    "verification": null,
-    "timestamp": "2024-07-14T15:50:13-04:00",
-    "added": [],
-    "removed": [],
-    "modified": [
-      "Cargo.lock",
-      "Cargo.toml",
-      "src/main.rs"
-    ]
-  },
-  "repository": {
-    "id": 21,
-    "owner": {
-      "id": 1,
-      "login": "talexander",
-      "login_name": "",
-      "full_name": "",
-      "email": "gitea@local.domain",
-      "avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
-      "language": "",
-      "is_admin": false,
-      "last_login": "0001-01-01T00:00:00Z",
-      "created": "2023-07-05T22:03:28Z",
-      "restricted": false,
-      "active": false,
-      "prohibit_login": false,
-      "location": "",
-      "website": "",
-      "description": "",
-      "visibility": "public",
-      "followers_count": 0,
-      "following_count": 0,
-      "starred_repos_count": 0,
-      "username": "talexander"
-    },
-    "name": "webhook_bridge",
-    "full_name": "talexander/webhook_bridge",
-    "description": "A server that receives webhooks from gitea and fires off Tekton jobs in response.",
-    "empty": false,
-    "private": false,
-    "fork": false,
-    "template": false,
-    "parent": null,
-    "mirror": false,
-    "size": 45,
-    "language": "",
-    "languages_url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge/languages",
-    "html_url": "https://code.fizz.buzz/talexander/webhook_bridge",
-    "url": "https://code.fizz.buzz/api/v1/repos/talexander/webhook_bridge",
-    "link": "",
-    "ssh_url": "git@code.fizz.buzz:talexander/webhook_bridge.git",
-    "clone_url": "https://code.fizz.buzz/talexander/webhook_bridge.git",
-    "original_url": "",
-    "website": "",
-    "stars_count": 0,
-    "forks_count": 0,
-    "watchers_count": 1,
-    "open_issues_count": 0,
-    "open_pr_counter": 0,
-    "release_counter": 0,
-    "default_branch": "main",
-    "archived": false,
-    "created_at": "2024-07-14T18:48:52Z",
-    "updated_at": "2024-07-14T19:43:45Z",
-    "archived_at": "1970-01-01T00:00:00Z",
-    "permissions": {
-      "admin": true,
-      "push": true,
-      "pull": true
-    },
-    "has_issues": true,
-    "internal_tracker": {
-      "enable_time_tracker": true,
-      "allow_only_contributors_to_track_time": true,
-      "enable_issue_dependencies": true
-    },
-    "has_wiki": true,
-    "has_pull_requests": true,
-    "has_projects": true,
-    "has_releases": true,
-    "has_packages": true,
-    "has_actions": false,
-    "ignore_whitespace_conflicts": false,
-    "allow_merge_commits": true,
-    "allow_rebase": true,
-    "allow_rebase_explicit": true,
-    "allow_squash_merge": true,
-    "allow_rebase_update": true,
-    "default_delete_branch_after_merge": false,
-    "default_merge_style": "merge",
-    "default_allow_maintainer_edit": false,
-    "avatar_url": "",
-    "internal": false,
-    "mirror_interval": "",
-    "mirror_updated": "0001-01-01T00:00:00Z",
-    "repo_transfer": null
-  },
-  "pusher": {
-    "id": 1,
-    "login": "talexander",
-    "login_name": "",
-    "full_name": "",
-    "email": "talexander@noreply.code.fizz.buzz",
-    "avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
-    "language": "",
-    "is_admin": false,
-    "last_login": "0001-01-01T00:00:00Z",
-    "created": "2023-07-05T22:03:28Z",
-    "restricted": false,
-    "active": false,
-    "prohibit_login": false,
-    "location": "",
-    "website": "",
-    "description": "",
-    "visibility": "public",
-    "followers_count": 0,
-    "following_count": 0,
-    "starred_repos_count": 0,
-    "username": "talexander"
-  },
-  "sender": {
-    "id": 1,
-    "login": "talexander",
-    "login_name": "",
-    "full_name": "",
-    "email": "talexander@noreply.code.fizz.buzz",
-    "avatar_url": "https://code.fizz.buzz/avatars/9d402a89b5a0786f83c1b8c5486fc7ff3d083a54fe20e55c0a776a1932c30289",
-    "language": "",
-    "is_admin": false,
-    "last_login": "0001-01-01T00:00:00Z",
-    "created": "2023-07-05T22:03:28Z",
-    "restricted": false,
-    "active": false,
-    "prohibit_login": false,
-    "location": "",
-    "website": "",
-    "description": "",
-    "visibility": "public",
-    "followers_count": 0,
-    "following_count": 0,
-    "starred_repos_count": 0,
-    "username": "talexander"
-  }
-}
+    local payload sha256signature sha1signature
+    payload=$(base64 -d <<EOF
+ewogICJyZWYiOiAicmVmcy9oZWFkcy9tYWluIiwKICAiYmVmb3JlIjogIjQ1NTViYjY4OTRhNTlkOGZiYTg4OTk3YjUxNzYxZjBmZWIzNDQyY2EiLAogICJhZnRlciI6ICJiOTFmNjM4ODRhZmQ2Y2EwMGMwNzZhMGY5MGNlNWIzNzEzYWZjYzkyIiwKICAiY29tcGFyZV91cmwiOiAiaHR0cHM6Ly9jb2RlLmZpenouYnV6ei90YWxleGFuZGVyL3dlYmhvb2tfYnJpZGdlL2NvbXBhcmUvNDU1NWJiNjg5NGE1OWQ4ZmJhODg5OTdiNTE3NjFmMGZlYjM0NDJjYS4uLmI5MWY2Mzg4NGFmZDZjYTAwYzA3NmEwZjkwY2U1YjM3MTNhZmNjOTIiLAogICJjb21taXRzIjogWwogICAgewogICAgICAiaWQiOiAiYjkxZjYzODg0YWZkNmNhMDBjMDc2YTBmOTBjZTViMzcxM2FmY2M5MiIsCiAgICAgICJtZXNzYWdlIjogIndpcFxuIiwKICAgICAgInVybCI6ICJodHRwczovL2NvZGUuZml6ei5idXp6L3RhbGV4YW5kZXIvd2ViaG9va19icmlkZ2UvY29tbWl0L2I5MWY2Mzg4NGFmZDZjYTAwYzA3NmEwZjkwY2U1YjM3MTNhZmNjOTIiLAogICAgICAiYXV0aG9yIjogewogICAgICAgICJuYW1lIjogIlRvbSBBbGV4YW5kZXIiLAogICAgICAgICJlbWFpbCI6ICJ0b21AZml6ei5idXp6IiwKICAgICAgICAidXNlcm5hbWUiOiAiIgogICAgICB9LAogICAgICAiY29tbWl0dGVyIjogewogICAgICAgICJuYW1lIjogIlRvbSBBbGV4YW5kZXIiLAogICAgICAgICJlbWFpbCI6ICJ0b21AZml6ei5idXp6IiwKICAgICAgICAidXNlcm5hbWUiOiAiIgogICAgICB9LAogICAgICAidmVyaWZpY2F0aW9uIjogbnVsbCwKICAgICAgInRpbWVzdGFtcCI6ICIyMDI0LTA3LTIwVDEyOjIyOjEwLTA0OjAwIiwKICAgICAgImFkZGVkIjogW10sCiAgICAgICJyZW1vdmVkIjogW10sCiAgICAgICJtb2RpZmllZCI6IFsKICAgICAgICAiQ2FyZ28ubG9jayIsCiAgICAgICAgIkNhcmdvLnRvbWwiLAogICAgICAgICJzcmMvd2ViaG9vay5ycyIKICAgICAgXQogICAgfQogIF0sCiAgInRvdGFsX2NvbW1pdHMiOiAxLAogICJoZWFkX2NvbW1pdCI6IHsKICAgICJpZCI6ICJiOTFmNjM4ODRhZmQ2Y2EwMGMwNzZhMGY5MGNlNWIzNzEzYWZjYzkyIiwKICAgICJtZXNzYWdlIjogIndpcFxuIiwKICAgICJ1cmwiOiAiaHR0cHM6Ly9jb2RlLmZpenouYnV6ei90YWxleGFuZGVyL3dlYmhvb2tfYnJpZGdlL2NvbW1pdC9iOTFmNjM4ODRhZmQ2Y2EwMGMwNzZhMGY5MGNlNWIzNzEzYWZjYzkyIiwKICAgICJhdXRob3IiOiB7CiAgICAgICJuYW1lIjogIlRvbSBBbGV4YW5kZXIiLAogICAgICAiZW1haWwiOiAidG9tQGZpenouYnV6eiIsCiAgICAgICJ1c2VybmFtZSI6ICIiCiAgICB9LAogICAgImNvbW1pdHRlciI6IHsKICAgICAgIm5hbWUiOiAiVG9tIEFsZXhhbmRlciIsCiAgICAgICJlbWFpbCI6ICJ0b21AZml6ei5idXp6IiwKICAgICAgInVzZXJuYW1lIjogIiIKICAgIH0sCiAgICAidmVyaWZpY2F0aW9uIjogbnVsbCwKICAgICJ0aW1lc3RhbXAiOiAiMjAyNC0wNy0yMFQxMjoyMjoxMC0wNDowMCIsCiAgICAiYWRkZWQiOiBbXSwKICAgICJyZW1vdmVkIjogW10sCiAgICAibW9kaWZpZWQiOiBbCiAgICAgICJDYXJnby5sb2NrIiwKICAgICAgIkNhcmdvLnRvbWwiLAogICAgICAic3JjL3dlYmhvb2sucnMiCiAgICBdCiAgfSwKICAicmVwb3NpdG9yeSI6IHsKICAgICJpZCI6IDIxLAogICAgIm93bmVyIjogewogICAgICAiaWQiOiAxLAogICAgICAibG9naW4iOiAidGFsZXhhbmRlciIsCiAgICAgICJsb2dpbl9uYW1lIjogIiIsCiAgICAgICJmdWxsX25hbWUiOiAiIiwKICAgICAgImVtYWlsIjogImdpdGVhQGxvY2FsLmRvbWFpbiIsCiAgICAgICJhdmF0YXJfdXJsIjogImh0dHBzOi8vY29kZS5maXp6LmJ1enovYXZhdGFycy85ZDQwMmE4OWI1YTA3ODZmODNjMWI4YzU0ODZmYzdmZjNkMDgzYTU0ZmUyMGU1NWMwYTc3NmExOTMyYzMwMjg5IiwKICAgICAgImxhbmd1YWdlIjogIiIsCiAgICAgICJpc19hZG1pbiI6IGZhbHNlLAogICAgICAibGFzdF9sb2dpbiI6ICIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsCiAgICAgICJjcmVhdGVkIjogIjIwMjMtMDctMDVUMjI6MDM6MjhaIiwKICAgICAgInJlc3RyaWN0ZWQiOiBmYWxzZSwKICAgICAgImFjdGl2ZSI6IGZhbHNlLAogICAgICAicHJvaGliaXRfbG9naW4iOiBmYWxzZSwKICAgICAgImxvY2F0aW9uIjogIiIsCiAgICAgICJ3ZWJzaXRlIjogIiIsCiAgICAgICJkZXNjcmlwdGlvbiI6ICIiLAogICAgICAidmlzaWJpbGl0eSI6ICJwdWJsaWMiLAogICAgICAiZm9sbG93ZXJzX2NvdW50IjogMCwKICAgICAgImZvbGxvd2luZ19jb3VudCI6IDAsCiAgICAgICJzdGFycmVkX3JlcG9zX2NvdW50IjogMCwKICAgICAgInVzZXJuYW1lIjogInRhbGV4YW5kZXIiCiAgICB9LAogICAgIm5hbWUiOiAid2ViaG9va19icmlkZ2UiLAogICAgImZ1bGxfbmFtZSI6ICJ0YWxleGFuZGVyL3dlYmhvb2tfYnJpZGdlIiwKICAgICJkZXNjcmlwdGlvbiI6ICJBIHNlcnZlciB0aGF0IHJlY2VpdmVzIHdlYmhvb2tzIGZyb20gZ2l0ZWEgYW5kIGZpcmVzIG9mZiBUZWt0b24gam9icyBpbiByZXNwb25zZS4iLAogICAgImVtcHR5IjogZmFsc2UsCiAgICAicHJpdmF0ZSI6IGZhbHNlLAogICAgImZvcmsiOiBmYWxzZSwKICAgICJ0ZW1wbGF0ZSI6IGZhbHNlLAogICAgInBhcmVudCI6IG51bGwsCiAgICAibWlycm9yIjogZmFsc2UsCiAgICAic2l6ZSI6IDEyNywKICAgICJsYW5ndWFnZSI6ICIiLAogICAgImxhbmd1YWdlc191cmwiOiAiaHR0cHM6Ly9jb2RlLmZpenouYnV6ei9hcGkvdjEvcmVwb3MvdGFsZXhhbmRlci93ZWJob29rX2JyaWRnZS9sYW5ndWFnZXMiLAogICAgImh0bWxfdXJsIjogImh0dHBzOi8vY29kZS5maXp6LmJ1enovdGFsZXhhbmRlci93ZWJob29rX2JyaWRnZSIsCiAgICAidXJsIjogImh0dHBzOi8vY29kZS5maXp6LmJ1enovYXBpL3YxL3JlcG9zL3RhbGV4YW5kZXIvd2ViaG9va19icmlkZ2UiLAogICAgImxpbmsiOiAiIiwKICAgICJzc2hfdXJsIjogImdpdEBjb2RlLmZpenouYnV6ejp0YWxleGFuZGVyL3dlYmhvb2tfYnJpZGdlLmdpdCIsCiAgICAiY2xvbmVfdXJsIjogImh0dHBzOi8vY29kZS5maXp6LmJ1enovdGFsZXhhbmRlci93ZWJob29rX2JyaWRnZS5naXQiLAogICAgIm9yaWdpbmFsX3VybCI6ICIiLAogICAgIndlYnNpdGUiOiAiIiwKICAgICJzdGFyc19jb3VudCI6IDAsCiAgICAiZm9ya3NfY291bnQiOiAwLAogICAgIndhdGNoZXJzX2NvdW50IjogMSwKICAgICJvcGVuX2lzc3Vlc19jb3VudCI6IDAsCiAgICAib3Blbl9wcl9jb3VudGVyIjogMCwKICAgICJyZWxlYXNlX2NvdW50ZXIiOiAwLAogICAgImRlZmF1bHRfYnJhbmNoIjogIm1haW4iLAogICAgImFyY2hpdmVkIjogZmFsc2UsCiAgICAiY3JlYXRlZF9hdCI6ICIyMDI0LTA3LTE0VDE4OjQ4OjUyWiIsCiAgICAidXBkYXRlZF9hdCI6ICIyMDI0LTA3LTIwVDE2OjE0OjAzWiIsCiAgICAiYXJjaGl2ZWRfYXQiOiAiMTk3MC0wMS0wMVQwMDowMDowMFoiLAogICAgInBlcm1pc3Npb25zIjogewogICAgICAiYWRtaW4iOiB0cnVlLAogICAgICAicHVzaCI6IHRydWUsCiAgICAgICJwdWxsIjogdHJ1ZQogICAgfSwKICAgICJoYXNfaXNzdWVzIjogdHJ1ZSwKICAgICJpbnRlcm5hbF90cmFja2VyIjogewogICAgICAiZW5hYmxlX3RpbWVfdHJhY2tlciI6IHRydWUsCiAgICAgICJhbGxvd19vbmx5X2NvbnRyaWJ1dG9yc190b190cmFja190aW1lIjogdHJ1ZSwKICAgICAgImVuYWJsZV9pc3N1ZV9kZXBlbmRlbmNpZXMiOiB0cnVlCiAgICB9LAogICAgImhhc193aWtpIjogdHJ1ZSwKICAgICJoYXNfcHVsbF9yZXF1ZXN0cyI6IHRydWUsCiAgICAiaGFzX3Byb2plY3RzIjogdHJ1ZSwKICAgICJoYXNfcmVsZWFzZXMiOiB0cnVlLAogICAgImhhc19wYWNrYWdlcyI6IHRydWUsCiAgICAiaGFzX2FjdGlvbnMiOiBmYWxzZSwKICAgICJpZ25vcmVfd2hpdGVzcGFjZV9jb25mbGljdHMiOiBmYWxzZSwKICAgICJhbGxvd19tZXJnZV9jb21taXRzIjogdHJ1ZSwKICAgICJhbGxvd19yZWJhc2UiOiB0cnVlLAogICAgImFsbG93X3JlYmFzZV9leHBsaWNpdCI6IHRydWUsCiAgICAiYWxsb3dfc3F1YXNoX21lcmdlIjogdHJ1ZSwKICAgICJhbGxvd19yZWJhc2VfdXBkYXRlIjogdHJ1ZSwKICAgICJkZWZhdWx0X2RlbGV0ZV9icmFuY2hfYWZ0ZXJfbWVyZ2UiOiBmYWxzZSwKICAgICJkZWZhdWx0X21lcmdlX3N0eWxlIjogIm1lcmdlIiwKICAgICJkZWZhdWx0X2FsbG93X21haW50YWluZXJfZWRpdCI6IGZhbHNlLAogICAgImF2YXRhcl91cmwiOiAiIiwKICAgICJpbnRlcm5hbCI6IGZhbHNlLAogICAgIm1pcnJvcl9pbnRlcnZhbCI6ICIiLAogICAgIm1pcnJvcl91cGRhdGVkIjogIjAwMDEtMDEtMDFUMDA6MDA6MDBaIiwKICAgICJyZXBvX3RyYW5zZmVyIjogbnVsbAogIH0sCiAgInB1c2hlciI6IHsKICAgICJpZCI6IDEsCiAgICAibG9naW4iOiAidGFsZXhhbmRlciIsCiAgICAibG9naW5fbmFtZSI6ICIiLAogICAgImZ1bGxfbmFtZSI6ICIiLAogICAgImVtYWlsIjogInRhbGV4YW5kZXJAbm9yZXBseS5jb2RlLmZpenouYnV6eiIsCiAgICAiYXZhdGFyX3VybCI6ICJodHRwczovL2NvZGUuZml6ei5idXp6L2F2YXRhcnMvOWQ0MDJhODliNWEwNzg2ZjgzYzFiOGM1NDg2ZmM3ZmYzZDA4M2E1NGZlMjBlNTVjMGE3NzZhMTkzMmMzMDI4OSIsCiAgICAibGFuZ3VhZ2UiOiAiIiwKICAgICJpc19hZG1pbiI6IGZhbHNlLAogICAgImxhc3RfbG9naW4iOiAiMDAwMS0wMS0wMVQwMDowMDowMFoiLAogICAgImNyZWF0ZWQiOiAiMjAyMy0wNy0wNVQyMjowMzoyOFoiLAogICAgInJlc3RyaWN0ZWQiOiBmYWxzZSwKICAgICJhY3RpdmUiOiBmYWxzZSwKICAgICJwcm9oaWJpdF9sb2dpbiI6IGZhbHNlLAogICAgImxvY2F0aW9uIjogIiIsCiAgICAid2Vic2l0ZSI6ICIiLAogICAgImRlc2NyaXB0aW9uIjogIiIsCiAgICAidmlzaWJpbGl0eSI6ICJwdWJsaWMiLAogICAgImZvbGxvd2Vyc19jb3VudCI6IDAsCiAgICAiZm9sbG93aW5nX2NvdW50IjogMCwKICAgICJzdGFycmVkX3JlcG9zX2NvdW50IjogMCwKICAgICJ1c2VybmFtZSI6ICJ0YWxleGFuZGVyIgogIH0sCiAgInNlbmRlciI6IHsKICAgICJpZCI6IDEsCiAgICAibG9naW4iOiAidGFsZXhhbmRlciIsCiAgICAibG9naW5fbmFtZSI6ICIiLAogICAgImZ1bGxfbmFtZSI6ICIiLAogICAgImVtYWlsIjogInRhbGV4YW5kZXJAbm9yZXBseS5jb2RlLmZpenouYnV6eiIsCiAgICAiYXZhdGFyX3VybCI6ICJodHRwczovL2NvZGUuZml6ei5idXp6L2F2YXRhcnMvOWQ0MDJhODliNWEwNzg2ZjgzYzFiOGM1NDg2ZmM3ZmYzZDA4M2E1NGZlMjBlNTVjMGE3NzZhMTkzMmMzMDI4OSIsCiAgICAibGFuZ3VhZ2UiOiAiIiwKICAgICJpc19hZG1pbiI6IGZhbHNlLAogICAgImxhc3RfbG9naW4iOiAiMDAwMS0wMS0wMVQwMDowMDowMFoiLAogICAgImNyZWF0ZWQiOiAiMjAyMy0wNy0wNVQyMjowMzoyOFoiLAogICAgInJlc3RyaWN0ZWQiOiBmYWxzZSwKICAgICJhY3RpdmUiOiBmYWxzZSwKICAgICJwcm9oaWJpdF9sb2dpbiI6IGZhbHNlLAogICAgImxvY2F0aW9uIjogIiIsCiAgICAid2Vic2l0ZSI6ICIiLAogICAgImRlc2NyaXB0aW9uIjogIiIsCiAgICAidmlzaWJpbGl0eSI6ICJwdWJsaWMiLAogICAgImZvbGxvd2Vyc19jb3VudCI6IDAsCiAgICAiZm9sbG93aW5nX2NvdW50IjogMCwKICAgICJzdGFycmVkX3JlcG9zX2NvdW50IjogMCwKICAgICJ1c2VybmFtZSI6ICJ0YWxleGFuZGVyIgogIH0KfQ==
 EOF
-              )
+           )
 
-curl -v \
-     --http2-prior-knowledge \
-     -X POST \
-     -H 'Content-Type: application/json' \
-     -H 'X-GitHub-Delivery: 2187f277-1104-4011-845b-a88a5a98731f' \
-     -H 'X-GitHub-Event: push' \
-     -H 'X-GitHub-Event-Type: push' \
-     -H 'X-Gitea-Delivery: 2187f277-1104-4011-845b-a88a5a98731f' \
-     -H 'X-Gitea-Event: push' \
-     -H 'X-Gitea-Event-Type: push' \
-     -H 'X-Gitea-Signature: 5f5ca80269a5cebd41c3ef2de547b86c40b35418fbefc9f59459602435d2d9ea' \
-     -H 'X-Gogs-Delivery: 2187f277-1104-4011-845b-a88a5a98731f' \
-     -H 'X-Gogs-Event: push' \
-     -H 'X-Gogs-Event-Type: push' \
-     -H 'X-Gogs-Signature: 5f5ca80269a5cebd41c3ef2de547b86c40b35418fbefc9f59459602435d2d9ea' \
-     -H 'X-Hub-Signature: sha1=6e13417e9a9ce53fc08a684635350aa2c60ce7bc' \
-     -H 'X-Hub-Signature-256: sha256=5f5ca80269a5cebd41c3ef2de547b86c40b35418fbefc9f59459602435d2d9ea' \
-     -d @- \
-     'http://127.0.0.1:8080/hook' <<<"$payload"
+    sha256signature=$(echo "$payload" | openssl sha256 -hmac "$WEBHOOK_BRIDGE_HMAC_SECRET" | awk '{print $2}')
+    sha1signature=$(echo "$payload" | openssl sha1 -hmac "$WEBHOOK_BRIDGE_HMAC_SECRET" | awk '{print $2}')
+
+    curl -v \
+         --http2-prior-knowledge \
+         -X POST \
+         -H 'Content-Type: application/json' \
+         -H 'X-GitHub-Delivery: 90c4c994-dd31-4a21-8902-92aa76a10e53' \
+         -H 'X-GitHub-Event: push' \
+         -H 'X-GitHub-Event-Type: push' \
+         -H 'X-Gitea-Delivery: 90c4c994-dd31-4a21-8902-92aa76a10e53' \
+         -H 'X-Gitea-Event: push' \
+         -H 'X-Gitea-Event-Type: push' \
+         -H "X-Gitea-Signature: $sha256signature" \
+         -H 'X-Gogs-Delivery: 90c4c994-dd31-4a21-8902-92aa76a10e53' \
+         -H 'X-Gogs-Event: push' \
+         -H 'X-Gogs-Event-Type: push' \
+         -H "X-Gogs-Signature: $sha256signature" \
+         -H "X-Hub-Signature: sha1=$sha1signature" \
+         -H "X-Hub-Signature-256: sha256=$sha256signature" \
+         -d @- \
+         'http://127.0.0.1:9988/hook' <<<"$payload"
 }
 
 main "${@}"