Use the cashapp/check-signature-action

Use the cashapp/check0signature-action GitHub Action, instead of running the inline bash script to verify that the release tag was signed. Signed-off-by: Yoav Amit <yoav@squareup.com>
cashapp · Jul 21, 2023 · 02a672d · 02a672d
1 parent 9f03bbf
commit 02a672d
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 8 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -23,13 +23,13 @@ jobs:
           java-version: 17
       - name: Setup gradle
         uses: gradle/gradle-build-action@v2
-      - name: Verify release tag
-        run: |
-          set -euxo pipefail
-          cd ${{ github.workspace }}
-          git config gpg.ssh.allowedSignersFile ./config/allowed_release_signers
-          git fetch --tags -f
-          git tag -v ${{ github.ref_name }}
+      - name: "Verify release tag"
+        uses: cashapp/check-signature-action@v0.2.0
+        id: check-tag-sig
+        env:
+          GH_TOKEN: ${{ github.token }}
+        with:
+          allowed-release-signers: yoavamit
       - name: Build library
         uses: gradle/gradle-build-action@v2
         with:

diff --git a/config/allowed_release_signers b/config/allowed_release_signers