Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ Verified commits when using GH_INSTALLATION_TOKEN as authentication #153

Merged
merged 1 commit into from
Feb 8, 2022

Conversation

alvarezfr
Copy link
Contributor

Related with #150.

This PR tries to replace the way that the commits are created when using GH_INSTALLATION_TOKEN as authentication.

Some resources:

When using the API to create the commits for the bots, we will get the verified flag for each bot commit, similar to the commits created by dependabot:
image

src/git.js Show resolved Hide resolved
src/git.js Show resolved Hide resolved
src/git.js Show resolved Hide resolved
src/git.js Show resolved Hide resolved
Copy link
Owner

@BetaHuhn BetaHuhn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, thanks for the comments explaining some of the changes!

src/git.js Show resolved Hide resolved
src/git.js Show resolved Hide resolved
@BetaHuhn
Copy link
Owner

I will test this a bit more and merge this sometime this week.

@BetaHuhn BetaHuhn changed the base branch from master to develop February 8, 2022 13:18
@BetaHuhn BetaHuhn changed the title Feature: verified commits when using GH_INSTALLATION_TOKEN as authentication ✨ Verified commits when using GH_INSTALLATION_TOKEN as authentication Feb 8, 2022
@BetaHuhn BetaHuhn merged commit a547f3c into BetaHuhn:develop Feb 8, 2022
@BetaHuhnBot
Copy link
Collaborator

🎉 This PR is included in version 1.17.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@alvarezfr alvarezfr deleted the feature/verified_commits branch February 9, 2022 22:32
BetaHuhn pushed a commit that referenced this pull request Aug 13, 2022
The original implementation for signed commits in #153 did not
consider the `SKIP_PR` flag - if used together with an installation
token it fails now.

This change adds support by:
1) comparing changes against the remote branch, as base branch and HEAD
   are the same
2) Skipping pr branch creation
3) using the base instead of the undefined prBranch as upload target
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants