Skip to content

1Password/check-signed-commits-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Check signed commits in PR

A GitHub Action that checks the commits of the current PR and fails if it contains unsigned commits. It also places a comment in the PR to inform the author about next steps.

Usage

name: Check signed commits in PR 
on: pull_request_target

jobs:
  check-signed-commits:
    name: Check signed commits in PR
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
    steps:
      - name: Check signed commits in PR
        uses: 1Password/check-signed-commits-action@v1

pull_request_target vs. pull_request

Workflows containing this action can be configured to run both on pull_request events as on pull_request_target events.

The reason to prefer pull_request_target over pull_request is to allow the action to post comments on external PRs created from forks. The GitHub token that comes with the regular pull_request event does not support commenting on PRs in the upstream repo.

When using pull_request_target, make sure to set the right permissions in the workflow:

permissions:
  contents: read
  pull-requests: write

Change PR Comment

The comment that will be placed in the PR upon detecting unsigned commits can be changed using the comment field:

- name: Check signed commits in PR
  uses: 1Password/check-signed-commits-action@v1
  with:
    comment: |
      Customized comment in the PR

About

GitHub Action to check PRs for signed commits

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •