From 55e594077120820bbb3de684637be7a1de197776 Mon Sep 17 00:00:00 2001
From: haloivanid <haloivan.idn@gmail.com>
Date: Mon, 25 Nov 2024 10:06:10 +0700
Subject: [PATCH] ci(github): action

add github action to verify commit
---
 .github/workflows/verify-commits.yml | 41 ++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 .github/workflows/verify-commits.yml

diff --git a/.github/workflows/verify-commits.yml b/.github/workflows/verify-commits.yml
new file mode 100644
index 0000000..4b54cc9
--- /dev/null
+++ b/.github/workflows/verify-commits.yml
@@ -0,0 +1,41 @@
+name: Verify Commit Signatures
+
+on:
+  pull_request:
+    branches:
+      - master
+      - develop
+  push:
+    branches:
+      - master
+      - develop
+
+jobs:
+  verify-commit-signature:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Important: fetch all history for all branches and tags
+
+      - name: Verify commit signatures
+        run: |
+          # Check all commits in the push or pull request
+          unsigned_commits=$(git log --pretty=format:'%H %an %ae' --no-merges | while read -r commit author email; do
+            # Verify signature for each commit
+            if ! git verify-commit "$commit" 2>/dev/null; then
+              echo "Unsigned commit detected: $commit by $author <$email>"
+              echo "$commit"
+            fi
+          done)
+          
+          # If there are any unsigned commits, fail the workflow
+          if [ -n "$unsigned_commits" ]; then
+            echo "Error: The following commits are not signed:"
+            echo "$unsigned_commits"
+            exit 1
+          fi
+          
+          echo "All commits are properly signed!"
\ No newline at end of file