A GitHub action to verify the authenticity of your commits with CodeNotary.io
You can sign your work locally using the CodeNotary vcn tool (ie. vcn notarize git://.). This action will verify these signatures so other people will know that your commits come from a trusted source.
Create a workflow .yml file in your repositories .github/workflows directory (eg. .github/workflows/verify.yml). In your workflow you first need to checkout your repository then use this action:
name: CodeNotary
on: [push]
jobs:
check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@master
- name: Verify
uses: vchain-us/verify-action@masterFor more details, see Contexts and expression syntax for GitHub Actions
See action.yml.
Available inputs
signerID- List of SignerID(s) (separated by space) to authenticate against. A SignerID is the signer's public address (represented as a 40 hex characters long string prefixed with0x).org- Organization's ID to authenticate against. Note thatorgtakes precedence oversignerIDpath- Path to git working directory. Default to the current directory.
Example:
- name: Verify
uses: vchain-us/verify-action@master
with:
signerID: <a trusted signer ID>
org: <a trusted organization>
path: <path to your repository, if not the current directory>