v1.1.0

Auths Verify GitHub Action

Verify commit signatures in your CI pipeline using Auths identity keys.

Features

• Verifies SSH commit signatures against an allowed signers file or identity bundle
• Auto-downloads the auths CLI at runtime
• SHA256 checksum verification on downloaded binaries
• Supports pull_request and push events with automatic commit range detection
• GitHub Step Summary with per-commit verification results
• Optional PR comments with fix instructions for unsigned commits
• Skips merge commits and GPG-signed commits by default

Usage

- uses: auths-dev/auths-verify-github-action@v1
  with:
    allowed-signers: '.auths/allowed_signers'

See the README for full configuration options.

What's Changed

• feat: add cross-run binary caching to speed up repeated workflow runs by @bordumb in #1

New Contributors

• @bordumb made their first contribution in #1

Full Changelog: v1.0.0...v1.1.0

v1.0.0

Auths Verify GitHub Action

Verify commit signatures in your CI pipeline using Auths identity keys.

Features

• Verifies SSH commit signatures against an allowed signers file or identity bundle
• Auto-downloads the auths CLI at runtime
• SHA256 checksum verification on downloaded binaries
• Supports pull_request and push events with automatic commit range detection
• GitHub Step Summary with per-commit verification results
• Optional PR comments with fix instructions for unsigned commits
• Skips merge commits and GPG-signed commits by default

Usage

- uses: auths-dev/auths-verify-github-action@v1
  with:
    allowed-signers: '.auths/allowed_signers'

See the README for full configuration options.