feat: support commit sign without GPG#200
feat: support commit sign without GPG#200hackardoX wants to merge 1 commit intoDeterminateSystems:mainfrom
Conversation
Signed-off-by: andrea11 <10788630+andrea11@users.noreply.github.com>
cole-h
left a comment
cole-h
left a comment
There was a problem hiding this comment.
The approach seems fine to me.
| - name: Create PR | ||
| id: create-pr | ||
| uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 | ||
| uses: peter-evans/create-pull-request@v7 |
There was a problem hiding this comment.
If you could go back to using the revision associated with the tag at this point in time, that would be swell.
| - name: Set environment variables (signed commits) | ||
| if: ${{ inputs.sign-commits == 'true' }} | ||
| - name: Set environment variables (signed commits with GPG) | ||
| if: ${{ inputs.gpg-private-key != '' }} |
There was a problem hiding this comment.
And we don't do this for both cases because create-pull-request handles it for us, I assume?
| sign-commits: true | ||
| ``` | ||
|
|
||
| ### With GPG commit signing |
There was a problem hiding this comment.
Should probably update this example to remove sign-commits so that it's not trying to sign with both the token and GPG?
In fact, we should probably make that an error: specifying both sign-commits as well as gpg-private-key.
| default: "github-actions[bot]@users.noreply.github.com" | ||
| sign-commits: | ||
| description: "Set to true if the action should sign the commit with GPG" | ||
| description: "Set to true if the action should sign the commit" |
There was a problem hiding this comment.
| description: "Set to true if the action should sign the commit" | |
| description: "Set to true if the action should sign the commit with the GitHub Actions token" |
or something, to make it more explicit that it should only be set in case you want the commit signed by the token and not by GPG, etc
|
I'm looking forward to being able to use this :) |
|
Hey @HeitorAugustoLN, I wanted to merge this one first: #199, I will ask for a new review |
3 participants
Description
Currently this action allows to sign the commit via the GPG. However, with the new v7 Peter Evans's create-pull-request action, there is an option to use the GitHub token or GitHub App token to sign the commit automatically. I did not have time to test yet, but I wanted to know if the refactoring I was doing here is something accepted. This is why I am keeping as a draft
Checklist