From f61038e9d8dfe27f595554d5b045c6957b1dddea Mon Sep 17 00:00:00 2001 From: Simon Barendse Date: Fri, 22 Sep 2023 12:11:39 +0200 Subject: [PATCH 1/4] Fix signed commits CI job The job was previously ran on "pull_request_target". This runs the job on the base branch (i.e. the `main` branch of the 1password/shell-plugins repo). Since we want to know if commits are signed on all the commits to be merged (i.e. also on the fork), I have changed this job to run on the merge commit instead. Relevant documentation: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target Note that the usage example of https://github.com/1Password/check-signed-commits-action also recommends running on the "pull_reqeusts" event. --- .github/workflows/pr-check-signed-commits.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-check-signed-commits.yml b/.github/workflows/pr-check-signed-commits.yml index 94164af1a..fe7903ae9 100644 --- a/.github/workflows/pr-check-signed-commits.yml +++ b/.github/workflows/pr-check-signed-commits.yml @@ -1,5 +1,5 @@ name: Check signed commits in PR -on: pull_request_target +on: pull_request jobs: build: From 51fde3778757d1dcf20d11a1641b2aebba2f52eb Mon Sep 17 00:00:00 2001 From: Simon Barendse Date: Fri, 22 Sep 2023 13:26:51 +0200 Subject: [PATCH 2/4] Revert "Fix signed commits CI job" This reverts commit f61038e9d8dfe27f595554d5b045c6957b1dddea. --- .github/workflows/pr-check-signed-commits.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-check-signed-commits.yml b/.github/workflows/pr-check-signed-commits.yml index fe7903ae9..94164af1a 100644 --- a/.github/workflows/pr-check-signed-commits.yml +++ b/.github/workflows/pr-check-signed-commits.yml @@ -1,5 +1,5 @@ name: Check signed commits in PR -on: pull_request +on: pull_request_target jobs: build: From 27a1686fcf32258182182c14856f69cfedd0da83 Mon Sep 17 00:00:00 2001 From: Simon Barendse Date: Fri, 22 Sep 2023 13:27:30 +0200 Subject: [PATCH 3/4] Fix CI job to check for signed commits The previously version of the check-signed-commits-action did not support forks. So bumping to the latest version which does support forks. I've switched to @main so we automatically keep up with new updates to the check-signed-commits-action without action in this repo required. --- .github/workflows/pr-check-signed-commits.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-check-signed-commits.yml b/.github/workflows/pr-check-signed-commits.yml index 94164af1a..2ab7bab93 100644 --- a/.github/workflows/pr-check-signed-commits.yml +++ b/.github/workflows/pr-check-signed-commits.yml @@ -13,4 +13,4 @@ jobs: uses: actions/checkout@v3 - name: Check signed commits in PR - uses: 1Password/check-signed-commits-action@v1 + uses: 1Password/check-signed-commits-action@main From 2755a57cf0c05d736acc1cdb8efe9b15441decaa Mon Sep 17 00:00:00 2001 From: Simon Barendse Date: Fri, 22 Sep 2023 13:47:49 +0200 Subject: [PATCH 4/4] Remove step to checkout code for commit signing job - it's unused We don't use the checked out code, so this is a redundant step in this job. --- .github/workflows/pr-check-signed-commits.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/pr-check-signed-commits.yml b/.github/workflows/pr-check-signed-commits.yml index 2ab7bab93..425472107 100644 --- a/.github/workflows/pr-check-signed-commits.yml +++ b/.github/workflows/pr-check-signed-commits.yml @@ -9,8 +9,5 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@v3 - - name: Check signed commits in PR uses: 1Password/check-signed-commits-action@main