Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: GH: auto comment unsigned PR #7938

Merged
merged 6 commits into from
Sep 14, 2023
Merged

Conversation

ddevsr
Copy link
Collaborator

@ddevsr ddevsr commented Sep 13, 2023

Description
I think this help
See https://github.com/1Password/check-signed-commits-action

Checklist:

  • Securely signed commits
  • Component(s) with PHPDoc blocks, only if necessary or adds value
  • Unit testing, with >80% coverage
  • User guide updated
  • Conforms to style guide

@ddevsr ddevsr added the github_actions Pull requests that update Github_actions code label Sep 13, 2023
@ddevsr ddevsr changed the title GH: auto labeling unsigned PR GH: auto comment unsigned PR Sep 13, 2023
Copy link
Member

@MGatner MGatner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checkout v4 is going to take some getting used to 😉

This looks like a great addition.

.github/workflows/label-signing.yml Outdated Show resolved Hide resolved
Co-authored-by: MGatner <mgatner@icloud.com>
@ddevsr ddevsr requested a review from MGatner September 13, 2023 12:46
Copy link
Member

@MGatner MGatner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@kenjis kenjis changed the title GH: auto comment unsigned PR chore: GH: auto comment unsigned PR Sep 14, 2023
@kenjis kenjis merged commit 367c308 into codeigniter4:develop Sep 14, 2023
2 checks passed
@ddevsr ddevsr deleted the label-signing branch September 14, 2023 04:51
@kenjis
Copy link
Member

kenjis commented Dec 12, 2023

Run 1Password/check-signed-commits-action@v1
Run unsigned_commits="$(curl -s -H "Authorization: token $GITHUB_TOKEN" "$COMMITS_URL" | jq '.[] | select(.commit.verification.verified == false) | .commit.message')"
Found unsigned commits:
"Skip hostname checks if CURLRequest options 'verify' is set to false.\n\nWhen CURLRequest options 'verify' is set to false, some CURLOPT_SSL_... options should be disabled in such a way as to allow requests to pass through in case the destination is for example on private networks."
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   743  100   153  100   590    444   1714 --:--:-- --:--:-- --:--:--  2159
{
  "message": "Resource not accessible by integration",
  "documentation_url": "https://docs.github.com/rest/issues/comments#create-an-issue-comment"
}
Error: Process completed with exit code 1.

https://github.com/codeigniter4/CodeIgniter4/actions/runs/6993466495/job/19026745521

@kenjis
Copy link
Member

kenjis commented Dec 12, 2023

To post comments, it seems pull_request_target is needed:
https://github.com/1Password/check-signed-commits-action#pull_request_target-vs-pull_request

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
github_actions Pull requests that update Github_actions code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants