54 lines
1.6 KiB
YAML
54 lines
1.6 KiB
YAML
name: container project - PR build
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, reopened, synchronize]
|
|
|
|
jobs:
|
|
verify-signatures:
|
|
name: Verify commit signatures
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Check all commits are signed
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
REPO: ${{ github.repository }}
|
|
PR_NUMBER: ${{ github.event.pull_request.number }}
|
|
run: |
|
|
commits=$(gh api "repos/${REPO}/pulls/${PR_NUMBER}/commits" --paginate)
|
|
unsigned_commits=""
|
|
|
|
while IFS='|' read -r sha author verified; do
|
|
if [ "$verified" != "true" ]; then
|
|
unsigned_commits="$unsigned_commits - $sha by $author\n"
|
|
fi
|
|
done < <(echo "$commits" | jq -r '.[] | "\(.sha)|\(.commit.author.name)|\(.commit.verification.verified)"')
|
|
|
|
if [ -n "$unsigned_commits" ]; then
|
|
echo "::error::The following commits are not signed:"
|
|
echo -e "$unsigned_commits"
|
|
echo ""
|
|
echo "Please sign your commits. See:"
|
|
echo " - https://github.com/apple/containerization/blob/main/CONTRIBUTING.md#pull-requests"
|
|
echo " - https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits"
|
|
exit 1
|
|
fi
|
|
|
|
echo "All commits are signed!"
|
|
|
|
build:
|
|
name: Invoke build
|
|
uses: ./.github/workflows/common.yml
|
|
with:
|
|
release: false
|
|
coverage: true
|
|
pr_number: ${{ github.event.pull_request.number }}
|
|
secrets: inherit
|
|
permissions:
|
|
contents: read
|
|
packages: read
|
|
pages: write
|