{"id":13992913,"url":"https://github.com/1Password/check-signed-commits-action","last_synced_at":"2025-07-22T16:32:39.501Z","repository":{"id":165896091,"uuid":"617566946","full_name":"1Password/check-signed-commits-action","owner":"1Password","description":"GitHub Action to check PRs for signed commits","archived":false,"fork":false,"pushed_at":"2024-07-25T06:46:16.000Z","size":21,"stargazers_count":45,"open_issues_count":2,"forks_count":5,"subscribers_count":9,"default_branch":"main","last_synced_at":"2024-11-06T08:03:36.672Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/1Password.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-03-22T16:49:10.000Z","updated_at":"2024-10-11T02:17:35.000Z","dependencies_parsed_at":"2024-03-23T22:44:43.988Z","dependency_job_id":null,"html_url":"https://github.com/1Password/check-signed-commits-action","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1Password%2Fcheck-signed-commits-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1Password%2Fcheck-signed-commits-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1Password%2Fcheck-signed-commits-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1Password%2Fcheck-signed-commits-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/1Password","download_url":"https://codeload.github.com/1Password/check-signed-commits-action/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227133936,"owners_count":17735830,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-09T14:02:10.465Z","updated_at":"2024-11-29T13:31:33.095Z","avatar_url":"https://github.com/1Password.png","language":null,"funding_links":[],"categories":["Others"],"sub_categories":[],"readme":"# Check signed commits in PR\n\nA GitHub Action that checks the commits of the current PR and fails if it contains unsigned commits. It also places a comment in the PR to inform the author about next steps.\n\n## Usage\n\n```yml\nname: Check signed commits in PR \non: pull_request_target\n\njobs:\n  check-signed-commits:\n    name: Check signed commits in PR\n    runs-on: ubuntu-latest\n    permissions:\n      contents: read\n      pull-requests: write\n    steps:\n      - name: Check signed commits in PR\n        uses: 1Password/check-signed-commits-action@v1\n```\n\n## `pull_request_target` vs. `pull_request`\n\nWorkflows containing this action can be configured to run both on [`pull_request`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request) events as on [`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) events.\n\nThe reason to prefer `pull_request_target` over `pull_request` is to allow the action to post comments on external PRs created from forks. The GitHub token that comes with the regular `pull_request` event does not support commenting on PRs in the upstream repo.\n\n When using `pull_request_target`, make sure to set the right permissions in the workflow:\n\n```yml\npermissions:\n  contents: read\n  pull-requests: write\n```\n\n## Change PR Comment\n\nThe comment that will be placed in the PR upon detecting unsigned commits can be changed using the `comment` field:\n\n```yml\n- name: Check signed commits in PR\n  uses: 1Password/check-signed-commits-action@v1\n  with:\n    comment: |\n      Customized comment in the PR\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F1Password%2Fcheck-signed-commits-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F1Password%2Fcheck-signed-commits-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F1Password%2Fcheck-signed-commits-action/lists"}