Skip to content

Latest commit

 

History

History
86 lines (55 loc) · 3.14 KB

README.md

File metadata and controls

86 lines (55 loc) · 3.14 KB

@semantic-release-extras/verified-git-commit

Build Status

This is a feature-limited alternative to the standard @semantic-release/git plugin. This plugin lets you create gpg-signed verified commits without having to manage your own gpg keys. This is possible since GitHub automatically signs commits made by bots over the REST API.

Commits made by this plugin look like this.

Caveats

Only supports GitHub

This plugin uses the GitHub API, so other git forges are not supported.

Each commit can only update one file

The underlying API endpoint can only update a single file at a time. Consequently, if you update 3 files, each release will create 3 additional commits to your repository.

If you need to commit multiple release assets regularly, consider wrangling your own gpg keys so you can commit all release assets in a single commit.

Cannot create files

Tracked by issue #6

This plugin currently cannot create a new file, it can only update an existing, tracked file.

If you see this error message:

fatal: path '<asset>' exists on disk, but not in 'master'

touch the file and push it upstream before restarting your CI workflow.

This is a low-priority bug because there is a known workaround, and it occurs infrequently and under very specific/reproducible conditions.

Install

npm install --save-dev --save-exact @semantic-release-extras/verified-git-commit

Use

Step Description
assets List of assets to commit back to the release branch. Each asset will be updated in its own commit.

For example:

{
  "plugins": [
    [
      "@semantic-release-extras/verified-git-commit",
      {
        "assets": ["CHANGELOG.md"]
      }
    ]
  ]
}

Acknowledgments

Many thanks to @swinton for documenting the approach in this gist!

Alternatives

One of these tutorials may outline a workflow that works better for your specific needs: