I work on the OpenZiti project and I have a CI server that accepts GitHub webhooks, but I don't want to expose my server to the internet with open ports. I used the Python SDK for OpenZiti (overlay networking platform) to create a GitHub Action that sends the webhook to my private server via overlay instead of via the open internet.
This GitHub repo is a template that I made to show you how it all works. You can use it right away to run the sample server (httpbin-go) and see the GitHub Action in...action. Relevant threads include https://news.ycombinator.com/item?id=32596212 .
ngrok http 80 --verify-webhook=slack --verify-webhook-secret=[secret]
with a ton of providers out of the box: https://ngrok.com/docs/cloud-edge#webhook-verification
Also, we recently launched https://webhooks.fyi/ to serve as a community resource to capture patterns & practices around webhook implementations. That's a github pages site so pull requests welcome!
Disclosure: I work at ngrok and helped create webhooks.fyi :)