search

nautilus-cyberneering / chinese-ideographs-website

This repository automatically generates a simple image website from each time a file is added or modified in the Chinese Ideographs repository.
Other
2 stars 2 forks source link

Sign Git Queue commits #30

Open josecelano opened 2 years ago

josecelano commented 2 years ago

Commits created by the Git Queue action are not being signed.

image

That's because by default the git queue does not sign the commits.

@da2ce7 proposed to sign them at the end of the workflow with a commit amend.

It can be done with a rebase: https://superuser.com/a/1123928/277693

Until we implement that final solution we just can enable signing when using the git-queue action:

- name: Create new job
  id: create-job
  if: ${{ steps.get-next-job.outputs.job_found == 'false' && steps.update-submodule.outputs.updated == 'true' }}
  uses: Nautilus-Cyberneering/git-queue@v1-beta
  with:
    queue_name: "library-update"
    action: "create-job"
    job_payload: "${{ steps.build-payload.outputs.payload }}"
    git_commit_gpg_sign: "true"

We have to do it with all steps using the action.

josecelano commented 2 years ago

It seems that is not working only by enabling the input: git_commit_gpg_sign: "true"

josecelano commented 2 years ago

It seems that is not working only by enabling the input: git_commit_gpg_sign: "true"

Fixed. We have signed commits using git-queue:

image

I'm going to reopen the issue to implement the definitive solution: signing after committing.

da2ce7 commented 2 years ago

Related: https://github.com/Nautilus-Cyberneering/git-queue/issues/31

josecelano commented 2 years ago

Related: Nautilus-Cyberneering/git-queue#31

@da2ce7 I think it's more related to this one: https://github.com/Nautilus-Cyberneering/git-queue/issues/22

The author, as far as I know, it's not related to the GPG signing key. It's the "committer".