-
-
Notifications
You must be signed in to change notification settings - Fork 435
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v7 - signed commits #3057
v7 - signed commits #3057
Conversation
f1d7317
to
ed155e5
Compare
Full test suite slash command (repository admin only)
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor rephrase in the feature description
Hey, Is the sign-commit feature ready? It is required by the branch protection rule. Anyway, I can assist to boost it up? |
It will be ready when this PR merges. I believe the TODOs are updated in the PR description. In the current version, the workaround is to generate a GPG key, then import it: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#gpg-commit-signature-verification |
44e8de5
to
6c1922b
Compare
deda877
to
d93a919
Compare
This comment was marked as outdated.
This comment was marked as outdated.
e7f5ea9
to
66ddf90
Compare
ebbc6d0
to
97730d8
Compare
87604c1
to
ce190a9
Compare
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [peter-evans/create-pull-request](https://redirect.github.com/peter-evans/create-pull-request) | action | major | `v6.1.0` -> `v7.0.0` | --- ### Release Notes <details> <summary>peter-evans/create-pull-request (peter-evans/create-pull-request)</summary> ### [`v7.0.0`](https://redirect.github.com/peter-evans/create-pull-request/releases/tag/v7.0.0) [Compare Source](https://redirect.github.com/peter-evans/create-pull-request/compare/v6.1.0...v7.0.0) :sparkles: Now supports commit signing with bot-generated tokens! See "What's new" below. :writing_hand::robot: ##### Behaviour changes - Action input `git-token` has been renamed `branch-token`, to be more clear about its purpose. The `branch-token` is the token that the action will use to create and update the branch. - The action now handles requests that have been rate-limited by GitHub. Requests hitting a primary rate limit will retry twice, for a total of three attempts. Requests hitting a secondary rate limit will not be retried. - The `pull-request-operation` output now returns `none` when no operation was executed. - Removed deprecated output environment variable `PULL_REQUEST_NUMBER`. Please use the `pull-request-number` action output instead. ##### What's new - The action can now sign commits as `github-actions[bot]` when using `GITHUB_TOKEN`, or your own bot when using [GitHub App tokens](docs/concepts-guidelines.md#authenticating-with-github-app-generated-tokens). See [commit signing](docs/concepts-guidelines.md#commit-signature-verification-for-bots) for details. - Action input `draft` now accepts a new value `always-true`. This will set the pull request to draft status when the pull request is updated, as well as on creation. - A new action input `maintainer-can-modify` indicates whether [maintainers can modify](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork) the pull request. The default is `true`, which retains the existing behaviour of the action. - A new output `pull-request-commits-verified` returns `true` or `false`, indicating whether GitHub considers the signature of the branch's commits to be verified. #### What's Changed - build(deps-dev): bump [@​types/node](https://redirect.github.com/types/node) from 18.19.36 to 18.19.39 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3000](https://redirect.github.com/peter-evans/create-pull-request/pull/3000) - build(deps-dev): bump ts-jest from 29.1.5 to 29.2.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3008](https://redirect.github.com/peter-evans/create-pull-request/pull/3008) - build(deps-dev): bump prettier from 3.3.2 to 3.3.3 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3018](https://redirect.github.com/peter-evans/create-pull-request/pull/3018) - build(deps-dev): bump ts-jest from 29.2.0 to 29.2.2 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3019](https://redirect.github.com/peter-evans/create-pull-request/pull/3019) - build(deps-dev): bump eslint-plugin-prettier from 5.1.3 to 5.2.1 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3035](https://redirect.github.com/peter-evans/create-pull-request/pull/3035) - build(deps-dev): bump [@​types/node](https://redirect.github.com/types/node) from 18.19.39 to 18.19.41 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3037](https://redirect.github.com/peter-evans/create-pull-request/pull/3037) - build(deps): bump undici from 6.19.2 to 6.19.4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3036](https://redirect.github.com/peter-evans/create-pull-request/pull/3036) - build(deps-dev): bump ts-jest from 29.2.2 to 29.2.3 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3038](https://redirect.github.com/peter-evans/create-pull-request/pull/3038) - build(deps-dev): bump [@​types/node](https://redirect.github.com/types/node) from 18.19.41 to 18.19.42 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3070](https://redirect.github.com/peter-evans/create-pull-request/pull/3070) - build(deps): bump undici from 6.19.4 to 6.19.5 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3086](https://redirect.github.com/peter-evans/create-pull-request/pull/3086) - build(deps-dev): bump [@​types/node](https://redirect.github.com/types/node) from 18.19.42 to 18.19.43 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3087](https://redirect.github.com/peter-evans/create-pull-request/pull/3087) - build(deps-dev): bump ts-jest from 29.2.3 to 29.2.4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3088](https://redirect.github.com/peter-evans/create-pull-request/pull/3088) - build(deps): bump undici from 6.19.5 to 6.19.7 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3145](https://redirect.github.com/peter-evans/create-pull-request/pull/3145) - build(deps-dev): bump [@​types/node](https://redirect.github.com/types/node) from 18.19.43 to 18.19.44 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3144](https://redirect.github.com/peter-evans/create-pull-request/pull/3144) - Update distribution by [@​actions-bot](https://redirect.github.com/actions-bot) in [https://github.com/peter-evans/create-pull-request/pull/3154](https://redirect.github.com/peter-evans/create-pull-request/pull/3154) - build(deps): bump undici from 6.19.7 to 6.19.8 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3213](https://redirect.github.com/peter-evans/create-pull-request/pull/3213) - build(deps-dev): bump [@​types/node](https://redirect.github.com/types/node) from 18.19.44 to 18.19.45 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3214](https://redirect.github.com/peter-evans/create-pull-request/pull/3214) - Update distribution by [@​actions-bot](https://redirect.github.com/actions-bot) in [https://github.com/peter-evans/create-pull-request/pull/3221](https://redirect.github.com/peter-evans/create-pull-request/pull/3221) - build(deps-dev): bump eslint-import-resolver-typescript from 3.6.1 to 3.6.3 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3255](https://redirect.github.com/peter-evans/create-pull-request/pull/3255) - build(deps-dev): bump [@​types/node](https://redirect.github.com/types/node) from 18.19.45 to 18.19.46 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3254](https://redirect.github.com/peter-evans/create-pull-request/pull/3254) - build(deps-dev): bump ts-jest from 29.2.4 to 29.2.5 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/peter-evans/create-pull-request/pull/3256](https://redirect.github.com/peter-evans/create-pull-request/pull/3256) - v7 - signed commits by [@​peter-evans](https://redirect.github.com/peter-evans) in [https://github.com/peter-evans/create-pull-request/pull/3057](https://redirect.github.com/peter-evans/create-pull-request/pull/3057) #### New Contributors - [@​rustycl0ck](https://redirect.github.com/rustycl0ck) made their first contribution in [https://github.com/peter-evans/create-pull-request/pull/3057](https://redirect.github.com/peter-evans/create-pull-request/pull/3057) **Full Changelog**: peter-evans/create-pull-request@v6.1.0...v7.0.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/robok-inc/Robok-Engine). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6ImRldiIsImxhYmVscyI6W119--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Aquiles Trindade <devsuay@gmail.com>
v7
If anyone is following this development and is willing to test the release candidate, you can find documentation for the
sign-commits
feature here.TODO:
base
input is not suppliedInvalid character
errorfileChanges
to output fromsrc/create-or-update-branch.ts
. (Should fix thepush-to-fork
cases.)fileChanges
refactorbuildFileChanges
test for binary file typeshttps://github.com/peter-evans/create-pull-request-tests/actions/runs/10101150705https://github.com/peter-evans/create-pull-request-tests/actions/runs/10126556967https://github.com/peter-evans/create-pull-request-tests/actions/runs/10184429745createCommitOnBranch
is designed to be a simplified way to commit. It doesn't support:https://github.com/peter-evans/create-pull-request-tests/actions/runs/10306598444Warn when using inputs the action will ignoreCan't do this because of the defaultsfalse
push-to-fork
git-token
tobranch-token
.push-to-fork
branch-token
for API operations to create/update the branch.push-to-fork
with fine-grained or App auth will need to set thebranch-token
, and leavetoken
as the default.push-to-fork
with fine-grained or App auth, where the pull request is being created in a remote repo will not work.push-to-fork
?)GITHUB_TOKEN
on new repos.git-token
->branch-token
Fixes: #2062
Fixes: #2848
Fixes: #1791
Fixes: #2443
Fixes: #2778
Fixes: #3159