Skip to content

ci: add workflow to verify commits touching key files #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 3, 2025
Merged

ci: add workflow to verify commits touching key files #41

merged 1 commit into from
Jul 3, 2025

Conversation

@aduh95
Copy link
Contributor

@aduh95 aduh95 commented Jul 3, 2025

Enforcing that commits touching key files are signed with that specific key have several upsides:

  • it simplifies the check whether the releaser GitHub account knows about the key.
  • it's a stronger indication of the releaser approval (mostly relevant for the case they're not already the author of the commit).

@aduh95 aduh95 force-pushed the add-ci-for-commit-signature branch from 6f5337c to c7ab438 Compare July 3, 2025 09:34
@aduh95 aduh95 force-pushed the add-ci-for-commit-signature branch from c7ab438 to d6919b2 Compare July 3, 2025 09:35
@aduh95 aduh95 merged commit d6919b2 into main Jul 3, 2025
1 check passed
@aduh95 aduh95 deleted the add-ci-for-commit-signature branch July 3, 2025 09:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@richardlau richardlau richardlau approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aduh95 @richardlau