CodeNotary
Integrations

CodeNotary.io allows you to verify the authenticity of commits with a simple GitHub Action.

You can notarize your work locally using the CodeNotary vcn CLI, see Git Integration for more details. Once signed, the GitHub Action will automatically verify the commits’ notarizations, so that other users will be able the source of the commits and their authenticity.

Requirements

Please install the latest version the CodeNotary vcn CLI. It can be downloaded from GitHub vcn repository or directly from the dashboard https://dashboard.codenotary.io/download.

Usage

Create a workflow .yml file in your repositories .github/workflows directory (eg. .github/workflows/verify.yml). In your workflow you first need to checkout your repository then use this action:

name: CodeNotary

on: [push]

jobs:
  check:

    runs-on: ubuntu-latest

    steps:
     - name: Checkout
       uses: actions/checkout@master

     - name: Verify
       uses: vchain-us/verify-action@master

For more details on the GitHub Action, please check Contexts and expression syntax for GitHub Actions

Inputs

See action.yml.

Available inputs

  • signerID: List of SignerID(s) (separated by space) to authenticate against. A SignerID is the signer’s public address (represented as a 40 hex characters long string prefixed with 0x).
  • org: the organization’s ID to authenticate against. Note that org takes precedence over signerID
  • path: the path to git working directory. Default to the current directory.

Example:

     - name: Verify
       uses: vchain-us/verify-action@master
       with:
         signerID: <a trusted signer ID>
         org: <a trusted organization>
         path: <path to your repository, if not the current directory>