GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects β†’ jarrodldavis β†’ Probot Gpg

jarrodldavis / Probot Gpg

Licence: mit
A GitHub App that enforces GPG signatures on pull requests (no longer maintained)

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

github-apipull-requestsgithub-appgpgprobot-appprobot

Projects that are alternatives of or similar to Probot Gpg

scalafmt-probot
πŸ€–Github bot for checking code formatting with scalafmt
Stars: ✭ 15 (+15.38%)
Mutual labels:  probot, github-api, pull-requests, github-app, probot-app
branch-switcher
a GitHub bot that switches the base branch of pull requests to the preferred branch
Stars: ✭ 15 (+15.38%)
Mutual labels:  probot, pull-requests, github-app, probot-app
react-preview
a GitHub App built with probot that generates preview links for react based projects.
Stars: ✭ 14 (+7.69%)
Mutual labels:  probot, github-api, github-app, probot-app
linter-alex
πŸ“Sensitive, considerate writing before you merge your Pull Requests
Stars: ✭ 67 (+415.38%)
Mutual labels:  probot, github-app, probot-app
Todo
πŸ€–βœ… GitHub App that creates new issues from actionable comments in your code.
Stars: ✭ 685 (+5169.23%)
Mutual labels:  github-app, probot-app, probot
Request Info
Requests more info from PRs/Issues with either the default title or a blank body
Stars: ✭ 89 (+584.62%)
Mutual labels:  github-app, probot-app, probot
Stale
A GitHub App built with Probot that closes abandoned Issues and Pull Requests after a period of inactivity.
Stars: ✭ 1,070 (+8130.77%)
Mutual labels:  github-app, probot-app, probot
Gh Polls Bot
Automatically create polls in GitHub issues.
Stars: ✭ 187 (+1338.46%)
Mutual labels:  github-app, probot-app, probot
Auto Assign
πŸ€– A Probot app that adds reviewers to pull requests when pull requests are opened.
Stars: ✭ 140 (+976.92%)
Mutual labels:  github-app, probot-app, probot
merge-me
A GitHub app that merges your pull requests once all required checks pass.
Stars: ✭ 19 (+46.15%)
Mutual labels:  probot, github-app, probot-app
new-pr-welcome
Welcome users when they open their first PR in your repository
Stars: ✭ 20 (+53.85%)
Mutual labels:  probot, github-app, probot-app
boring-cyborg
πŸ€– A Github bot to automatically label PRs, issues and perform all the boring operations that you don't want to do.
Stars: ✭ 66 (+407.69%)
Mutual labels:  probot, github-app, probot-app
Commitlint Bot
[NOT MAINTAINED] use https://github.com/apps/semantic-pull-requests
Stars: ✭ 157 (+1107.69%)
Mutual labels:  github-app, probot-app, probot
Weekly Digest
Weekly summary of activity on your GitHub repository πŸ“†
Stars: ✭ 199 (+1430.77%)
Mutual labels:  github-app, probot-app, probot
issuelabeler
A GitHub bot to label issues automatically based on title and body against list of defined labels. System status (https://status.verticalaxisbd.com/)
Stars: ✭ 23 (+76.92%)
Mutual labels:  probot, github-app, probot-app
Mergeable
πŸ€– All the missing GitHub automation πŸ™‚ πŸ™Œ
Stars: ✭ 475 (+3553.85%)
Mutual labels:  github-app, probot-app, probot
triage-new-issues
A GitHub App, built with Probot that adds `triage` label to newly-created issues which don't have labels
Stars: ✭ 23 (+76.92%)
Mutual labels:  github-app, probot-app
pull-request-size
Applies labels to Pull Requests based on the total lines of code changed.
Stars: ✭ 98 (+653.85%)
Mutual labels:  pull-requests, github-app
prosebot
πŸ€–πŸ”Š Probot App to help you write better on GitHub.
Stars: ✭ 46 (+253.85%)
Mutual labels:  probot, probot-app
go-github-app
Template for building GitHub Apps in Go.
Stars: ✭ 45 (+246.15%)
Mutual labels:  github-api, github-app
View All Similar Projects βž”

Probot GPG logo

Probot GPG

Probot Head logo

A GitHub App built with Probot that enforces GPG signatures on pull requests

Deprecation

This GitHub App is no longer being kept up-to-date and is considered deprecated. It is recommended to use GitHub's built-in enforcement of commit signature verification instead.

Setup

# Install dependencies
npm install

# Run the bot
npm start

Usage

Configure this app on your organizations and repositories. Be sure to enable required status checks if you want to enforce GPG signatures on all pull requests.

See docs/deploy.md if you would like to run your own instance of this plugin.

How it works

Git supports signing commits with GPG keys to verify commit authorship beyond the easy-to-forge author field.

GitHub supports verifying GPG signatures on commits and has an excellent series of help articles for creating a GPG key, using it with git locally, and linking it to a GitHub account.

After installation, this app checks all commits of new (or newly updated) pull requests for valid GPG signatures according to the GitHub API. Note that for the status check to be success, every contributor of a pull request must:

  • set up a GPG key on their local machine
  • sign all of their commits in the pull request with that key
  • link that key with their GitHub account

GPG status check success screenshot

Otherwise, the app will set the status to failure.

GPG status check failed screenshot

Email privacy

If you or any of your contributors use a GitHub-provided noreply email address to keep a personal email address private, that noreply address should be used when creating a GPG key. Make sure that git's config is also using that noreply address so that GitHub associates the GPG key correctly and validates it.

Further reading

Special thanks and attributions

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].