automated workflow to check sign commits (#85)

nirrozenbaum · web-flow · commit 027dbcdbfe21 · 2026-04-29T08:14:42.000-04:00
Signed-off-by: Nir Rozenbaum &lt;nrozenba@redhat.com&gt;
diff --git a/.github/workflows/ci-signed-commits.yaml b/.github/workflows/ci-signed-commits.yaml
@@ -0,0 +1,23 @@
+name: Check Signed Commits in PR
+
+on:
+  pull_request_target:
+
+jobs:
+  check-signed-commits:
+    name: Check signed commits in PR
+    if: |
+      !startsWith(github.head_ref, 'release-notes/pr-') ||
+      github.event.pull_request.user.login != 'github-actions[bot]'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write # Required to post comments on PRs
+    steps:
+      - name: Check signed commits in PR
+        uses: 1Password/check-signed-commits-action@v1 # Use the action
+        with:
+          comment: |
+            🚨 Unsigned commits detected! Please sign your commits.
+
+            For instructions on how to set up GPG/SSH signing and verify your commits, please see [GitHub Documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification).
