{"id":38079104,"url":"https://github.com/matfax/verified-merge","last_synced_at":"2026-01-16T20:47:02.265Z","repository":{"id":308671155,"uuid":"1033188603","full_name":"matfax/verified-merge","owner":"matfax","description":"Resolving the \"Unverified Commit\" Issue with GitHub's Web-based Pull Request Management with Conventional Commits","archived":false,"fork":false,"pushed_at":"2025-12-20T07:37:53.000Z","size":66,"stargazers_count":0,"open_issues_count":13,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-22T14:22:50.305Z","etag":null,"topics":["auto-merge","commit-message","github-actions","squash","verification"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/matfax.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-08-06T12:35:17.000Z","updated_at":"2025-08-08T13:20:09.000Z","dependencies_parsed_at":"2025-08-24T04:38:34.331Z","dependency_job_id":"111e4106-380f-44e2-b384-e7948a5c2fb9","html_url":"https://github.com/matfax/verified-merge","commit_stats":null,"previous_names":["matfax/verified-merge"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/matfax/verified-merge","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matfax%2Fverified-merge","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matfax%2Fverified-merge/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matfax%2Fverified-merge/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matfax%2Fverified-merge/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/matfax","download_url":"https://codeload.github.com/matfax/verified-merge/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/matfax%2Fverified-merge/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28482310,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auto-merge","commit-message","github-actions","squash","verification"],"created_at":"2026-01-16T20:47:02.143Z","updated_at":"2026-01-16T20:47:02.251Z","avatar_url":"https://github.com/matfax.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Verified Auto-Merge Action\r\n\r\n**Automatically generate conventional commit messages and co-sign commits with GitHub auto-merge**\r\n\r\nPerfect for teams using squash merges who want consistent, AI-generated conventional commit messages without manual intervention.\r\n\r\n![GitHub release](https://img.shields.io/github/v/release/matfax/verified-merge)\r\n![GitHub](https://img.shields.io/github/license/matfax/verified-merge)\r\n![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/matfax/verified-merge/ci.yml)\r\n\r\n## Quick Start\r\n\r\n```yaml\r\n# .github/workflows/auto-merge-enhance.yml\r\nname: Auto-Merge Enhancement\r\non:\r\n  pull_request:\r\n    types: [auto_merge_enabled]\r\n\r\njobs:\r\n  enhance-auto-merge:\r\n    runs-on: ubuntu-latest\r\n    permissions:\r\n      contents: write\r\n      pull-requests: read\r\n      issues: read\r\n      checks: read\r\n      id-token: write\r\n    steps:\r\n      - uses: matfax/verified-merge@main\r\n        with:\r\n          anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}\r\n```\r\n\r\n## What It Does\r\n\r\n1. **Waits for all CI checks** to pass after auto-merge is enabled\r\n2. **Generates intelligent commit messages** using Claude AI (or falls back to auto-merge settings)  \r\n3. **Preserves co-authors** from all commits being squashed/rebased\r\n4. **Creates signed commits** with github-actions[bot] as co-author\r\n5. **Uses native GitHub logging** with proper exit codes for workflow status\r\n\r\n**Supported merge methods:** Squash (generates new message), Rebase (co-signs single commits), Merge (no action needed)\r\n\r\n## How It Works\r\n\r\n### Workflow Overview\r\n\r\n1. **Event Trigger**: Action runs when `auto_merge_enabled` event is fired\r\n2. **Check Waiting**: Waits for all CI/CD checks to complete (with configurable timeout)\r\n3. **Exit Strategy**: If checks fail or timeout, workflow fails with exit code 1 and appropriate logging\r\n4. **Merge Method Processing**:\r\n   - **`merge`**: No action needed, exits gracefully with exit code 0\r\n   - **`rebase`**: Co-signs any unsigned commits\r\n   - **`squash`**: Generates intelligent commit message using Claude\r\n\r\n### Merge Method Behaviors\r\n\r\n| Merge Method | Action Taken | Description |\r\n|--------------|--------------|-------------|\r\n| `merge` | None | Exits gracefully - merge commits don't need processing |\r\n| `rebase` | Co-sign (simple case) | Co-signs the latest unsigned commit if only 1 commit exists |\r\n| `squash` | Generate \u0026 squash | Uses Claude or auto-merge properties to create commit message |\r\n\r\n## Setup\r\n\r\n### 1. Add the Workflow\r\n\r\nCreate `.github/workflows/auto-merge-enhance.yml` in your repository:\r\n\r\n```yaml\r\nname: Auto-Merge Enhancement\r\non:\r\n  pull_request:\r\n    types: [auto_merge_enabled]\r\n\r\njobs:\r\n  enhance-auto-merge:\r\n    runs-on: ubuntu-latest\r\n    permissions:\r\n      contents: write\r\n      pull-requests: read\r\n      issues: read\r\n      checks: read\r\n      id-token: write # Required for Claude Code Action\r\n    steps:\r\n      - uses: matfax/verified-merge@main\r\n        with:\r\n          anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}\r\n```\r\n\r\n### 2. Add Anthropic API Key\r\n\r\n1. Get an [Anthropic API key](https://console.anthropic.com/) (requires credits)\r\n2. Add it as repository secret: `ANTHROPIC_API_KEY`\r\n\r\n\u003e **Alternative:** Claude Pro/Max users can use OAuth tokens instead. See [Advanced Configuration](#advanced-configuration) below.\r\n\r\n### 3. Configure Branch Protection Rules\r\n\r\nTo ensure the action works properly with GitHub's auto-merge feature, you need to set up branch protection rules:\r\n\r\n1. **Enable Required Signed Commits**:\r\n   - Go to your repository's Settings → Branches\r\n   - Add or edit a branch protection rule for your main branch\r\n   - Check ✅ **\"Require signed commits\"**\r\n\r\n2. **Add the Workflow as a Required Check**:\r\n   - In the same branch protection rule\r\n   - Check ✅ **\"Require status checks to pass before merging\"**\r\n   - In the status checks list, search for and select your workflow name (e.g., \"Auto-Merge Helper\")\r\n   - It is possible that the workflow needs to run at least once before it appears in the list\r\n   - Optionally check \"Require branches to be up to date before merging\"\r\n\r\n\u003e **Note**: The workflow itself acts as the status check - no separate status check configuration is needed.\r\n\r\n### Advanced Configuration\r\n\r\n```yaml\r\n- name: Verified Auto-Merge\r\n  uses: matfax/verified-merge@main\r\n  with:\r\n    # Choose ONE authentication method:\r\n    anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}\r\n    # claude-code-oauth-token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}  # Alternative to API key\r\n    enable-claude-generation: true\r\n    check-timeout-seconds: 1200\r\n    conventional-commit-types: 'feat,fix,docs,style,refactor,test,chore,ci,perf,build'\r\n    ignore-workflows: 'Auto-Merge'  # Ignore the calling workflow to prevent self-referential failures\r\n```\r\n\r\n## Configuration\r\n\r\n### Repository-Specific Instructions\r\n\r\nCreate a `.github/commit-instructions.md` file in your repository to provide custom instructions for commit message generation:\r\n\r\n```markdown\r\n# Commit Instructions for MyProject\r\n\r\n## Style Guidelines\r\n- Use present tense (\"add feature\" not \"added feature\")\r\n- Include ticket numbers when applicable: `feat: add user login (PROJ-123)`\r\n- For breaking changes, include `BREAKING CHANGE:` in the footer\r\n\r\n## Project-Specific Types\r\n- `api`: API changes\r\n- `ui`: User interface changes\r\n- `db`: Database schema changes\r\n\r\n## Examples\r\n- `feat(auth): implement OAuth2 integration (AUTH-456)`\r\n- `fix(api): resolve timeout in user endpoint (BUG-789)`\r\n- `docs: update deployment guide`\r\n```\r\n\r\n\r\n\u003c!--- BEGIN_ACTION_DOCS ---\u003e\r\n## Usage\r\n\r\n```yaml\r\n- name: Auto-Merge Enhanced Commit Processor\r\n  uses: ${{ github.repository }}@${{ github.ref }}\r\n  with:\r\n    # Anthropic API key for Claude Code Action\r\n    anthropic-api-key: 'your-value-here'\r\n    # Maximum time to wait for all checks to complete (in seconds)\r\n    check-timeout-seconds: 900\r\n    # Claude Code OAuth token for Claude Code Action\r\n    claude-code-oauth-token: 'your-value-here'\r\n    # Allowed conventional commit types (comma-separated)\r\n    conventional-commit-types: feat,fix,docs,style,refactor,test,chore,ci,perf,build\r\n    # Enable Claude-powered commit message generation (fallback to auto_merge properties if false)\r\n    enable-claude-generation: true\r\n    # GitHub token for API access\r\n    github-token: ${{ github.token }}\r\n    # Workflow names to ignore when waiting for checks (comma-separated) - typically the workflow calling this action to prevent self-referential failures\r\n    ignore-workflows: Auto-Merge,Auto-merge,Automerge,auto-merge,automerge,Verified-Merge,Verified-merge,verified-merge,verifiedmerge\r\n```\r\n\r\n## Example Workflow\r\n\r\n```yaml\r\nname: Auto-Merge\r\n\r\non:\r\n  pull_request:\r\n    types: [auto_merge_enabled]\r\n\r\npermissions:\r\n  contents: write      # Required for creating commits\r\n  pull-requests: read  # Required for reading PR details\r\n  issues: read         # Required for reading issue comments\r\n  checks: read         # Required for checking status checks\r\n  id-token: write      # Required for Claude OIDC\r\n\r\njobs:\r\n  automerge-helper:\r\n    name: Auto-Merge Helper\r\n    environment: claude\r\n    runs-on: ubuntu-latest\r\n    steps:\r\n      - name: Enhanced Auto-Merge Processing\r\n        uses: matfax/verified-merge@main\r\n        with:\r\n          # Anthropic API key authentication (choose one)\r\n          # anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}\r\n          claude-code-oauth-token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}\r\n          \r\n          # Optional: Enable/disable Claude generation (default: true)\r\n          enable-claude-generation: true\r\n          \r\n          # Optional: Timeout for waiting for status checks in seconds (default: 900 = 15 minutes)\r\n          check-timeout-seconds: 900\r\n\r\n```\r\n\r\n## Inputs\r\n\r\n### anthropic-api-key\r\n\r\n![Required](https://img.shields.io/badge/Required-no-inactive?style=flat-square)\r\n![Default](https://img.shields.io/badge/Default-none-lightgrey?style=flat-square)\r\n\r\nAnthropic API key for Claude Code Action\r\n\r\n### check-timeout-seconds\r\n\r\n![Required](https://img.shields.io/badge/Required-no-inactive?style=flat-square)\r\n![Default](https://img.shields.io/badge/Default-900-blue?style=flat-square)\r\n\r\nMaximum time to wait for all checks to complete (in seconds)\r\n\r\n### claude-code-oauth-token\r\n\r\n![Required](https://img.shields.io/badge/Required-no-inactive?style=flat-square)\r\n![Default](https://img.shields.io/badge/Default-none-lightgrey?style=flat-square)\r\n\r\nClaude Code OAuth token for Claude Code Action\r\n\r\n### conventional-commit-types\r\n\r\n![Required](https://img.shields.io/badge/Required-no-inactive?style=flat-square)\r\n![Default](https://img.shields.io/badge/Default-feat,fix,docs,style,refactor,test,chore,ci,perf,build-blue?style=flat-square)\r\n\r\nAllowed conventional commit types (comma-separated)\r\n\r\n### enable-claude-generation\r\n\r\n![Required](https://img.shields.io/badge/Required-no-inactive?style=flat-square)\r\n![Default](https://img.shields.io/badge/Default-true-blue?style=flat-square)\r\n\r\nEnable Claude-powered commit message generation (fallback to auto\\_merge properties if false)\r\n\r\n### github-token\r\n\r\n![Required](https://img.shields.io/badge/Required-no-inactive?style=flat-square)\r\n![Default](https://img.shields.io/badge/Default-${{_github.token_}}-blue?style=flat-square)\r\n\r\nGitHub token for API access\r\n\r\n### ignore-workflows\r\n\r\n![Required](https://img.shields.io/badge/Required-no-inactive?style=flat-square)\r\n![Default](https://img.shields.io/badge/Default-Auto--Merge,Auto--merge,Automerge,auto--merge,automerge,Verified--Merge,Verified--merge,verified--merge,verifiedmerge-blue?style=flat-square)\r\n\r\nWorkflow names to ignore when waiting for checks (comma-separated) - typically the workflow calling this action to prevent self-referential failures\r\n\r\n## Outputs\r\n\r\n### action_taken\r\n\r\n![Output](https://img.shields.io/badge/Output-action__taken-green?style=flat-square)\r\n\r\nAction taken (none, graceful-exit, co-signed, squash-generated)\r\n\r\n### checks_status\r\n\r\n![Output](https://img.shields.io/badge/Output-checks__status-green?style=flat-square)\r\n\r\nStatus of all checks (passed, failed, timeout)\r\n\r\n### commit_sha\r\n\r\n![Output](https://img.shields.io/badge/Output-commit__sha-green?style=flat-square)\r\n\r\nSHA of the final commit (if modified)\r\n\r\n### merge_method\r\n\r\n![Output](https://img.shields.io/badge/Output-merge__method-green?style=flat-square)\r\n\r\nThe merge method used (merge, rebase, squash)\r\n\r\n\u003c!--- END_ACTION_DOCS ---\u003e\r\n\r\n## Examples\r\n\r\n### Squash Merge with AI-Generated Message\r\n\r\n**Scenario**: PR with multiple commits using squash merge\r\n\r\n```\r\nPR Title: \"Add user authentication system\"\r\nPR Body: \"Implements OAuth2 with Google provider, includes tests and documentation\"\r\n\r\nOriginal commits:\r\n- \"wip: start auth\"\r\n- \"fix login bug\" \r\n- \"add tests\"\r\n- \"update readme\"\r\n\r\nGenerated: \"feat(auth): implement OAuth2 authentication with Google provider\r\n\r\n- Add OAuth2 integration with Google\r\n- Include comprehensive test coverage\r\n- Update documentation with setup instructions\"\r\n```\r\n\r\n### Rebase with Co-Signing (Simple Case)\r\n\r\n**Scenario**: PR with 1 unsigned commit using rebase merge\r\n\r\n```\r\nOriginal commit (unsigned):\r\n- \"feat: add payment processing\"\r\n  Co-authored-by: John Doe \u003cjohn@example.com\u003e\r\n\r\nAction: Co-signs commit with github-actions[bot] as additional co-author\r\nResult: Same commit message with all co-authors preserved + bot signature\r\n```\r\n\r\n**Complex Case**: Multiple commits - exits gracefully (not supported)\r\n\r\n### Merge - No Action\r\n\r\n**Scenario**: PR using merge method\r\n\r\n```\r\nAction: Exits gracefully with action_taken=none\r\nReason: Merge commits don't require processing\r\n```\r\n\r\n## Troubleshooting\r\n\r\n### Action Not Triggering\r\n\r\n**Check Event Configuration**:\r\n```yaml\r\non:\r\n  pull_request:\r\n    types: [auto_merge_enabled]  # Must be exactly this\r\n```\r\n\r\n**Verify Auto-Merge is Enabled**:\r\n- Go to PR page\r\n- Click \"Enable auto-merge\" button\r\n- Select merge method\r\n- Action should trigger immediately\r\n\r\n### Checks Timeout\r\n\r\n**Issue**: Action times out waiting for checks\r\n**Solutions**:\r\n- Increase `check-timeout-seconds` parameter\r\n- Ensure all required checks are configured correctly\r\n- Check that CI/CD workflows complete successfully\r\n- Note: Action will fail (exit 1) if checks timeout, preventing auto-merge\r\n\r\n### Claude API Errors\r\n\r\n**Issue**: Commit message generation fails\r\n**Solutions**:\r\n- Verify `ANTHROPIC_API_KEY` is valid and has credits\r\n- Check API rate limits\r\n- Review action logs for specific error messages\r\n- Set `enable-claude-generation: false` to use auto-merge fallback\r\n\r\n### Missing Configuration File\r\n\r\n**Issue**: No repository-specific instructions found\r\n**Solution**: The action uses fallback instructions automatically. To customize:\r\n1. Create `.github/commit-instructions.md` in your repository\r\n2. Add your project-specific guidelines\r\n3. Action will automatically detect and use them\r\n\r\n### Rebase Limitations\r\n\r\n**Issue**: \"Rebase processing not needed or not supported\"  \r\n**Solution**: This is expected behavior. The action only handles simple rebase cases (1 unsigned commit). For complex rebases, it exits gracefully (exit 0) to avoid complications.\r\n\r\n### Permission Errors\r\n\r\n**Issue**: Cannot create commits or access PR data\r\n**Solutions**:\r\n- Ensure workflow has `contents: write` permission\r\n- Verify `checks: read` permission for status checking\r\n- Check that `GITHUB_TOKEN` has sufficient scope\r\n\r\n## Dependencies\r\n\r\nThis composite action uses the following GitHub Actions:\r\n- [`poseidon/wait-for-status-checks`](https://github.com/poseidon/wait-for-status-checks) - Wait for all PR checks\r\n- [`anthropics/claude-code-action`](https://github.com/anthropics/claude-code-action) - Claude AI integration\r\n- [`iarekylew00t/verified-bot-commit`](https://github.com/iarekylew00t/verified-bot-commit) - Create signed commits\r\n- [`actions/checkout`](https://github.com/actions/checkout) - Repository checkout\r\n\r\n## Logging and Exit Codes\r\n\r\nThe action uses GitHub Actions native logging commands and proper exit codes:\r\n\r\n- **`::notice::`** - Informational messages (graceful exits, skipped actions)\r\n- **`::warning::`** - Non-critical issues (failed to fetch comments, timeouts)\r\n- **`::error::`** - Critical failures that should fail the workflow\r\n- **Exit Code 0** - Success or graceful skip\r\n- **Exit Code 1** - Failure (prevents auto-merge)\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmatfax%2Fverified-merge","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmatfax%2Fverified-merge","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmatfax%2Fverified-merge/lists"}