https://github.com/codenotary/notarize-and-verify-pr-action

GitHub action which uses VCN to notarize the latest commit in the PR for each approver and then verify it was notarized for each required approver
https://github.com/codenotary/notarize-and-verify-pr-action

Last synced: 3 months ago
JSON representation

GitHub action which uses VCN to notarize the latest commit in the PR for each approver and then verify it was notarized for each required approver

• Host: GitHub
• URL: https://github.com/codenotary/notarize-and-verify-pr-action
• Owner: codenotary
• License: apache-2.0
• Created: 2021-05-14T12:29:59.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2021-07-23T14:32:53.000Z (almost 4 years ago)
• Last Synced: 2024-03-15T11:51:34.598Z (over 1 year ago)
• Language: Go
• Size: 49.8 KB
• Stars: 6
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# GitHub action for notarizing and verifying pull requests using VCN

This official GitHub action from CodeNotary allows to notarize the latest commit on a Pull Request for each approver, and then verify it was notarized by a configurable list of signer IDs.

## Usage

:bulb: See [./.github/workflows/test.yml](.github/workflows/test.yml) for a full example and the complete list of supported inputs.

In summary, checkout the repo at the latest PR commit and then create a step using this action and pass it the following parameters:

- Immutable Ledger host

- Keep ${{ github.event.review.user.login }} so that the PR is notarized by the current user on approval

- Comma separated list of API keys which will be used during notarization and verification.

These also determine the required approvers: they will be the signer IDs (i.e. names) of the API keys.

  - :warning: the signer IDs must match GitHub usernames - either as `@github` either simply ``. Example value: `[email protected]...,ghuser2.yyy...`

  - :warning: if this input is specified, the following inputs will be ignored

```yaml

    steps:

      - name: Checkout repository

        uses: actions/checkout@v2

        with:

          ref: ${{ github.event.review.commit_id }}

      - name: Notarize and verify PR

        uses: codenotary/[email protected]

        with:

          cnil_host: your-immutable-ledger-host

          current_pr_approver: ${{ github.event.review.user.login }}

          cnil_api_keys: [email protected],[email protected]

```

Once a PR is ready for review, each approval will create a notarization. The action will succeed once all listed Signer IDs have notarized.

## How to build and publish the Docker image

If you want to produce an artifact for the action from the code, you can build the action yourself and publish it to your own registry:

`docker build -t /notarize-and-verify-pr .`

`docker push /notarize-and-verify-pr`