chore(deps): bump dotenv from 16.4.5 to 16.4.6 #10561
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Commit signatures" | |
on: | |
pull_request: | |
jobs: | |
check: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Fetch commits | |
run: gh api "${{ github.event.pull_request._links.commits.href }}" | tee commits.json | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Filter unverified commits | |
run: jq '[.[].commit | select(.verification.verified == false)]' < commits.json | tee unverified-commits.json | |
- name: List unverified commits | |
run: jq '.[] | [{message, tree, author, committer, verification}]' < unverified-commits.json | |
- name: Result | |
run: | | |
COUNT="$(jq '. | length' < unverified-commits.json)" | |
if [[ "$COUNT" == "0" ]]; | |
then | |
echo "✅ All commits are verified." | |
exit 0 | |
fi | |
echo "❌ PR contains $COUNT unverified commit(s)!" | |
echo "" | |
echo "Please note that we require that all commits are signed." | |
echo "Please see the documentation about signed commits and how to sign yours on GitHub:" | |
echo "- https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification" | |
echo "- https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits" | |
echo '' | |
echo 'Once you have set up commit signatures, you can sign your existing commits:' | |
echo '' | |
echo ' git rebase main --exec "git commit --amend --gpg-sign --no-edit"' | |
echo '' | |
echo 'Then you will need to force-push your branch once:' | |
echo '' | |
echo ' git push --force' | |
echo '' | |
exit 1 |