@semantic-release-extras/verified-git-commit
v1.0.9
Published
[![Build Status]](https://github.com/semantic-release-extras/verified-git-commit/actions/workflows/release.yml)
Downloads
1,340
Readme
@semantic-release-extras/verified-git-commit
This is a feature-limited alternative to the standard @semantic-release/git plugin. This plugin lets you create gpg-signed verified commits without having to manage your own gpg keys. This is possible since GitHub automatically signs commits made by bots over the REST API.
Commits made by this plugin look like this.
Caveats
Only supports GitHub
This plugin uses the GitHub API, so other git forges are not supported.
Each commit can only update one file
The underlying API endpoint can only update a single file at a time. Consequently, if you update 3 files, each release will create 3 additional commits to your repository.
If you need to commit multiple release assets regularly, consider wrangling your own gpg keys so you can commit all release assets in a single commit.
Cannot create files
Tracked by issue #6
This plugin currently cannot create a new file, it can only update an existing, tracked file.
If you see this error message:
fatal: path '<asset>' exists on disk, but not in 'master'
touch
the file and push it upstream before restarting your CI workflow.
This is a low-priority bug because there is a known workaround, and it occurs infrequently and under very specific/reproducible conditions.
Install
npm install --save-dev --save-exact @semantic-release-extras/verified-git-commit
Use
| Step | Description |
| -------- | -------------------------------------------------------------------------------------------------- |
| assets
| List of assets to commit back to the release branch. Each asset will be updated in its own commit. |
For example:
{
"plugins": [
[
"@semantic-release-extras/verified-git-commit",
{
"assets": ["CHANGELOG.md"]
}
]
]
}
Acknowledgments
Many thanks to @swinton for documenting the approach in this gist!
Alternatives
One of these tutorials may outline a workflow that works better for your specific needs: