name: Commits
on:
push:
branches:
pull_request:
permissions:
jobs:
signatures:
name: Check PGP Signatures
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
fetch-depth: 0
- name: Assert Commits are Signed
run: bash contrib/check-signatures.sh