@@ -41,29 +41,29 @@ jobs:
4141 with :
4242 egress-policy : audit
4343
44- # - name: Verify commit authenticity
45- # env:
46- # GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
47- # run: |
48- # # Get commit data from GitHub API to verify its authenticity
49- # COMMIT_DATA=$(gh api repos/${{ github.repository }}/commits/$COMMIT_SHA)
50- # # Check if commit signature is verified (GPG signed)
51- # VERIFIED=$(echo "$COMMIT_DATA" | jq -r '.commit.verification.verified')
52- # # Check if commit was made through GitHub's web interface (merge queue)
53- # COMMITTER=$(echo "$COMMIT_DATA" | jq -r '.commit.committer.email')
54-
55- # # Security checks to ensure we only publish from verified and trusted sources
56- # if [[ "$VERIFIED" != "true" ]]; then
57- # echo "❌ Unverified commit! Aborting."
58- # exit 1
59- # fi
60-
61- # if [[ "$COMMITTER" != "[email protected] " ]]; then 62- # echo "❌ Not merged with the merge queue! Aborting."
63- # exit 1
64- # fi
65-
66- # echo "✅ Commit is verified and trusted."
44+ - name : Verify commit authenticity
45+ env :
46+ GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
47+ run : |
48+ # Get commit data from GitHub API to verify its authenticity
49+ COMMIT_DATA=$(gh api repos/${{ github.repository }}/commits/$COMMIT_SHA)
50+ # Check if commit signature is verified (GPG signed)
51+ VERIFIED=$(echo "$COMMIT_DATA" | jq -r '.commit.verification.verified')
52+ # Check if commit was made through GitHub's web interface (merge queue)
53+ COMMITTER=$(echo "$COMMIT_DATA" | jq -r '.commit.committer.email')
54+
55+ # Security checks to ensure we only publish from verified and trusted sources
56+ if [[ "$VERIFIED" != "true" ]]; then
57+ echo "❌ Unverified commit! Aborting."
58+ exit 1
59+ fi
60+
61+ if [[ "$COMMITTER" != "[email protected] " ]]; then 62+ echo "❌ Not merged with the merge queue! Aborting."
63+ exit 1
64+ fi
65+
66+ echo "✅ Commit is verified and trusted."
6767
6868name : Checkout repository
6969 uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
0 commit comments