CodeNotary.io allows you to verify the authenticity of commits with a simple GitHub Action.
You can notarize your work locally using the CodeNotary vcn CLI, see Git Integration for more details. Once signed, the GitHub Action will automatically verify the commits’ notarizations, so that other users will be able the source of the commits and their authenticity.
Please install the latest version the CodeNotary vcn CLI. It can be downloaded from GitHub vcn repository or directly from the dashboard https://dashboard.codenotary.io/download.
Create a workflow
.yml file in your repositories
.github/workflows directory (eg.
.github/workflows/verify.yml). In your workflow you first need to checkout your repository then use this action:
name: CodeNotary on: [push] jobs: check: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@master - name: Verify uses: vchain-us/verify-action@master
For more details on the GitHub Action, please check Contexts and expression syntax for GitHub Actions
orgtakes precedence over
- name: Verify uses: vchain-us/verify-action@master with: signerID: <a trusted signer ID> org: <a trusted organization> path: <path to your repository, if not the current directory>