mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-23 00:56:45 +01:00
ci: reject tags if not signed by Matthew Holt's key (#3932)
* ci: reject tags if not signed by Matthew Holt's key * ci: don't reject tags if an intermediate commits are not signed
This commit is contained in:
parent
635f075f18
commit
2b90cdba52
1 changed files with 10 additions and 0 deletions
10
.github/workflows/release.yml
vendored
10
.github/workflows/release.yml
vendored
|
@ -53,6 +53,16 @@ jobs:
|
||||||
echo "::set-output name=tag_patch::${TAG_PATCH}"
|
echo "::set-output name=tag_patch::${TAG_PATCH}"
|
||||||
echo "::set-output name=tag_special::${TAG_SPECIAL}"
|
echo "::set-output name=tag_special::${TAG_SPECIAL}"
|
||||||
|
|
||||||
|
- name: Validate commits and tag signatures
|
||||||
|
run: |
|
||||||
|
|
||||||
|
# Import Matt Holt's key
|
||||||
|
curl 'https://github.com/mholt.gpg' | gpg --import
|
||||||
|
|
||||||
|
echo "Verifying the tag: ${{ steps.vars.outputs.version_tag }}"
|
||||||
|
# tags are only accepted if signed by Matt's key
|
||||||
|
git verify-tag "${{ steps.vars.outputs.version_tag }}" || exit 1
|
||||||
|
|
||||||
- name: Cache the build cache
|
- name: Cache the build cache
|
||||||
uses: actions/cache@v2
|
uses: actions/cache@v2
|
||||||
with:
|
with:
|
||||||
|
|
Loading…
Reference in a new issue