Fspiers/ent 3334/incremental sync batch 2 #17
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check signed commits in PR | |
| on: pull_request_target | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number }} | |
| cancel-in-progress: true | |
| jobs: | |
| check-signed-commits: | |
| name: Check signed commits in PR | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| - name: Check for bot commits | |
| id: check-bots | |
| run: | | |
| # Get all commits in the PR | |
| git fetch origin ${{ github.event.pull_request.base.ref }} | |
| COMMITS=$(git log origin/${{ github.event.pull_request.base.ref }}..HEAD --format="%an") | |
| echo "Commits in PR:" | |
| echo "$COMMITS" | |
| # Check if any commits are NOT from bots | |
| # grep -v returns 0 (true) if it finds lines NOT matching the pattern | |
| # grep -v returns 1 (false) if all lines match the pattern (all are bots) | |
| if echo "$COMMITS" | grep -qv '\[bot\]'; then | |
| echo "Found human commits" | |
| echo "has_human_commits=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "All commits are from bots" | |
| echo "has_human_commits=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Check signed commits in PR | |
| if: steps.check-bots.outputs.has_human_commits == 'true' | |
| continue-on-error: true | |
| uses: 1Password/check-signed-commits-action@ed2885f3ed2577a4f5d3c3fe895432a557d23d52 # v1.2.0 | |
| with: | |
| comment: | | |
| ## ⚠️ Unsigned Commits Detected | |
| This pull request contains unsigned commits. | |
| ### What does this mean? | |
| Signed commits help ensure the authenticity and traceability of contributions. They allow us to verify that commits actually came from the stated author, even if GitHub accounts are deleted or modified in the future. | |
| ### Current Policy (Grace Period) | |
| **This is currently a warning only.** We are in a transition period to give all contributors time to set up commit signing. | |
| After this grace period, **all commits will be required to be signed** before PRs can be merged. | |
| ### How to sign your commits | |
| Please see our [Contributing Guide](../blob/main/CONTRIBUTING.md#setting-up-your-development-environment) for detailed instructions on setting up commit signing. | |
| ### Resources | |
| - [Contributing Guide: Development Setup](../blob/main/CONTRIBUTING.md#setting-up-your-development-environment) | |
| - [GitHub Docs: About Commit Signature Verification](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) | |
| --- | |
| _This check will become mandatory in the future. Please start signing your commits now to avoid issues later._ |