Verify with Auths

Version updated for https://github.com/auths-dev/verify to version v1.0.1.

• This action is used across all versions by ? repositories.

Action Type

This is a Node action using Node version 20.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The “Auths Verify Action” is a GitHub Action designed to automate the verification of commit signatures in pull requests or pushes using cryptographic keys managed by the Auths CLI. It ensures that every commit is signed by authorized developers, enhancing security and preventing unauthorized modifications. Key capabilities include automatic detection of commit ranges, detailed failure reporting, and optional posting of results to pull requests for better transparency and accountability.

What’s Changed

Auths Verify GitHub Action

Verify commit signatures and artifact attestations in your CI pipeline using Auths identity keys.

Usage

- uses: auths-dev/verify@v1
  with:
    token: '.auths/allowed_signers'

New: Artifact verification

- uses: auths-dev/verify@v1
  with:
    token: $\{{ secrets.AUTHS_CI_TOKEN }}
    files: 'dist/*.tar.gz'

See the README for full configuration options.

Full Changelog: https://github.com/auths-dev/verify/compare/v1.0.0...v1.0.1

• auths-dev
• GitHub Actions