Verify Commit Signatures with Auths

Version updated for https://github.com/auths-dev/auths-verify-github-action to version v1.2.1.

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Auths Verify Action is a GitHub Action that automates the verification of commit signatures using cryptographic identity keys. It ensures that every commit in a pull request or push event is signed by authorized developers, helping teams enforce code integrity and prevent unauthorized changes. Key features include automatic detection of commit ranges, classification of verification failures, and detailed reporting with actionable fix instructions.

What’s Changed

Auths Verify GitHub Action

Verify commit signatures and artifact attestations in your CI pipeline using Auths identity keys.

Usage

- uses: auths-dev/auths-verify-github-action@v1.2.1
  with:
    allowed-signers: '.auths/allowed_signers'

New: Artifact verification

- uses: auths-dev/auths-verify-github-action@v1.2.1
  with:
    identity-bundle: 
    artifact-paths: 'dist/*.tar.gz'

See the README for full configuration options.

Full Changelog: https://github.com/auths-dev/auths-verify-github-action/compare/v1.2.0...v1.2.1

• auths-dev
• GitHub Actions