diff --git a/README.md b/README.md index 73693ac..864c2a9 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,9 @@ [![Main](https://github.com/commit-check/commit-check-action/actions/workflows/main.yaml/badge.svg)](https://github.com/commit-check/commit-check-action/actions/workflows/main.yaml) [![Commit Check](https://github.com/commit-check/commit-check-action/actions/workflows/commit-check.yml/badge.svg)](https://github.com/commit-check/commit-check-action/actions/workflows/commit-check.yml) ![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/commit-check/commit-check-action) -[![Used by](https://img.shields.io/static/v1?label=Used%20by&message=55&color=informational&logo=slickpic)](https://github.com/commit-check/commit-check-action/network/dependents) +[![Used by](https://img.shields.io/static/v1?label=Used%20by&message=64&color=informational&logo=slickpic)](https://github.com/commit-check/commit-check-action/network/dependents) [![GitHub marketplace](https://img.shields.io/badge/Marketplace-commit--check--action-blue)](https://github.com/marketplace/actions/commit-check-action) +[![slsa-badge](https://slsa.dev/images/gh-badge-level3.svg)](https://github.com/commit-check/commit-check-action/blob/a2873ca0482dd505c93fb51861c953e82fd0a186/action.yml#L59-L69) A Github Action for checking commit message formatting, branch naming, committer name, email, commit signoff and more. @@ -67,6 +68,8 @@ jobs: OpenCADC   Extrawest Extrawest + Chainlift + Chainlift   and many more.

diff --git a/action.yml b/action.yml index d23acfc..cdd75ea 100644 --- a/action.yml +++ b/action.yml @@ -51,9 +51,23 @@ runs: # https://github.com/pypa/setuptools/issues/3269 export DEB_PYTHON_INSTALL_LAYOUT=deb fi + + # Set up virtual environment python3 -m venv venv source venv/bin/activate - python3 -m pip install -r "$GITHUB_ACTION_PATH/requirements.txt" + + # Download artifact + python3 -m pip download -r "$GITHUB_ACTION_PATH/requirements.txt" + + # Verify artifact attestations + if ! gh attestation verify commit_check-*.whl -R commit-check/commit-check; then + echo "Artifact verification failed. Aborting installation." + exit 1 + fi + + # Install artifact + python3 -m pip install commit_check-*.whl PyGithub-*.whl + python3 "$GITHUB_ACTION_PATH/main.py" env: MESSAGE: ${{ inputs.message }} diff --git a/requirements.txt b/requirements.txt index 764bb33..e16e5b7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ # Install commit-check CLI # For details please see: https://github.com/commit-check/commit-check -commit-check==0.9.5 +commit-check==0.9.6 # Interact with the GitHub API. PyGithub==2.6.1 pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy