Add check for signed commits #14
Comments
|
@Abhishek-kumar09 Bhaiya How to do that ? I want to work on this issue ? any resource from where can I learn about github actions |
|
This could help: https://github.com/marketplace/actions/verify-commit |
|
Github actions is nothing but just the set of actions to perform automatically on some event triggers like pull requests, issues, etc. |
|
Also @AdityaTeltia create a PR to include yourself in the contributor list :) |
|
Basically I have to add action.yml file github workflows with this following snippet ? |
|
Yes, You have to add it in github workflows. |
|
This above snippet is giving error , I cannot resolve ... |
|
Where have you integrated it? Can you show the repo with the workflow |
|
@Abhishek-kumar09 bhaiya can you please check where is the error ? |
|
Give the link to doc you are following and I don't know what is the error you are facing, so please provide the error you are facing. Also if you are using some marketplace product provide the link to that too. |
|
https://github.com/vchain-us/verify-action/blob/master/action.yml , Here check this |
|
replace it with this, and let me know if it is working: |
|
Something like this is coming ! |
|
I've been trying to get this to work as well, but here's something that I observed with CodeNotary which felt a bit weird to me. This screenshot shows the hash generated after notarization:
Here's the output I received from GitHub actions for my test commit in a private repository to check the verification:Run vchain-us/verify-action@master
with:
org: vchain.us
path: .
/usr/bin/docker run --name codenotaryvcn07_7aa372 --label 8a33c1 --workdir /github/workspace --rm -e INPUT_ORG -e INPUT_SIGNERID -e INPUT_PATH -e VCN_SIGNERID -e VCN_ORG -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/vchain-test/vchain-test":"/github/workspace" codenotary/vcn:0.7 "a" "git://."
Your asset(s) will not be uploaded but processed locally.
Looking for blockchain entry matching the organization (vchain.us)...
Kind: git
Name: https://github.com/zeborg/vchain-test@1db1279
Hash: 161e09a8525120a5a73090ba13f56e4073588e26888477fa734174fbb0c8ff7b
Size: 938 B
Metadata: git={
"Author": {
"Name": "Abhinav Sinha",
"Email": "REDACTED",
"When": "2021-04-28T23:33:27+05:30"
},
"Commit": "1db12797cf2ba0c4c33dcf4299ce6c8526bf62f2",
"Committer": {
"Name": "Abhinav Sinha",
"Email": "REDACTED",
"When": "2021-04-28T23:33:27+05:30"
},
"Message": "Updated test file for signature verification\n",
"PGPSignature": "-----BEGIN PGP SIGNATURE-----\n\niQGzBAABCAAdFiEE8jFd5MLLOO+HQ/9CVZbo6m8wdIkFAmCJo28ACgkQVZbo6m8w\ndIlJJwv7BxryQ9E+EC9ptbA8ERgmjP5cvNoRRNcfbybzx8NXg2z7qlkZP+y2BLad\nuyM+j9f8ytx37YmpF8y1lnZon8F9n/0Jmepb1RLV27FDBxJaLF+cgkv4gSVMVu7B\nFqv3gkeZjVE7OGm8PII5t4oM6JgmAw9iF9xlHox0mFN7ZTEHKjoV/2GRr8v9WBvI\n157ar43vdMOiF7F7lZaq9BNj18wjPHDENSO1G3BLWydHqeubAcAdZQ1e6+a5YTWI\nlIcwKj5OL+kpG8+bRLaZY2Lu6NpgPACvX60x8umUGJyZQinwyAKZ/DLxORnpuJ/t\nmaOsy+FhWEXIEvn/KjWU1K75zUlex8rFeSztU6ZSFfCS8oGfxIZGJDIA4rSSsvyK\nqIHyqKnVU/8IQ+VuEkkZ6VfQaOfY9LKRyM1bxq42L7KJkiRofYiZo+3Dq9FGO3Ol\nUXT5dG59BuXVj7lpGjUU8IXbSGnIkhcS8/nTLvZNsLJ7O7OKzWVDZQoZk5KxWvMc\n8rn8rwyn\n=t7V/\n-----END PGP SIGNATURE-----\n",
"Parents": [
"a431af3fcaa5c3def80df7806bbd33cedb8f05bb"
],
"Tree": "a84652327988f303ac450c0b76b95394cbda5d62"
}
Status: UNKNOWN
Error: 161e09a8525120a5a73090ba13f56e4073588e26888477fa734174fbb0c8ff7b was not notarized by "vchain.us"
A newer version of vcn is available to download.
Your version: v0.7.4
Latest version: v0.9.4
You can find the latest release at https://github.com/vchain-us/vcn/releasesBoth of them show the same generated hash, but CLI shows that it's Lastly, here's my online notarization history in CodeNotary, which shows that the latest commit has the same commit ID as the one mentioned in both the image and the GitHub actions output:
|
What is your feature request related to ?
What is your feature request ? Describe
We want to have every commit being signed from the contributor, for the authorship management and to follow the best open source practices.
Describe the solution you'd like
Github actions may work perfectly fine here.
The text was updated successfully, but these errors were encountered: