⚗️ Test for CI System (#12) #64
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 🍉 Verify Commits | |
on: | |
pull_request: | |
branches: | |
- main | |
jobs: | |
verify: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 # fetch all histories | |
- name: Install GPG | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y gnupg | |
- name: Import GPG public key from secret | |
run: | | |
echo "${{ secrets.GPG_PUBLIC_KEY }}" | gpg --import | |
- name: Fetch all commits for the PR | |
run: | | |
# Fetch the base branch to ensure we have the latest commits from main | |
git fetch origin main | |
# Fetch the PR branch using the PR number | |
git fetch origin pull/${{ github.event.pull_request.number }}/head:pr | |
- name: Debug fetched refs | |
run: | | |
echo "Available refs:" | |
git show-ref | |
- name: Verify GPG signatures | |
run: | | |
# Get the list of commits in the PR | |
PR_COMMITS=$(git rev-list origin/main..pr) | |
echo "Commits in the PR: $PR_COMMITS" | |
# Iterate over each commit and verify its GPG signature | |
for commit_hash in $PR_COMMITS; do | |
echo "Verifying commit $commit_hash..." | |
if git verify-commit $commit_hash; then | |
echo "Commit $commit_hash is verified." | |
else | |
echo "Commit $commit_hash is not verified." | |
exit 1 | |
fi | |
done |