ci: Add check for unsigned commits in the PR

- Add verify-signed-commits job that runs on PR
  - check-labels and all downstream jobs are skipped
    if signed commmit verifications fails
  - Fetch all commits in the PR via GitHub API
    and check verification status
  - Fail and print the unsigned commit SHAs if any
    unsigned commits are found.

Co-authored-by: Shubhika Garg <shubhika.garg@openairinterface.org>
Signed-off-by: Jaroslava Fiedlerova <jaroslava.fiedlerova@openairinterface.org>
This commit is contained in:
Shubhika Garg
2026-06-17 13:38:12 +02:00
parent 910f8cef33
commit 840abd0048

View File

@@ -17,7 +17,36 @@ permissions:
pull-requests: write
jobs:
verify-signed-commits:
runs-on: ubuntu-24.04
if: github.event_name == 'pull_request_target'
steps:
- name: Check all commits are signed
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
UNSIGNED=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/commits \
--paginate --jq '[.[] | select(.commit.verification.verified == false) | .sha[:7]] | join(", ")')
if [ -n "$UNSIGNED" ]; then
echo -e "$UNSIGNED commits are missing signature"
gh pr comment ${{ github.event.pull_request.number }} --repo ${{ github.repository }} --body "$(cat <<EOF
**Validation:**
The following commit(s) are missing signature:
$UNSIGNED
Please use 'git commit -S' to sign your commits.
For detailed instructions, refer to the [CONTRIBUTING.md](https://github.com/duranta-project/openairinterface5g/blob/develop/CONTRIBUTING.md) file at the root of this repository or [GitHub Docs](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)
EOF
)"
exit 1
fi
check-labels:
needs: verify-signed-commits
runs-on: ubuntu-24.04
if: github.event_name == 'pull_request_target'