Add a CI job to this repo that just verifies all of the signatures? #18
Comments
|
Yeah, should be as easy as running |
|
But we won't have the private key available, so we need to do it with only the public key. |
|
If I understand correctly, the Could we refactor the |
DilumAluthge
moved this to Todo
in CI on the external JuliaCI/julia-buildkite repository
Yep, I did that! So we're one step closer. :) |
|
@DilumAluthge since we're doing some mad wizardry via buildkite in this repo, it would be a little painful to have a buildkite job here that we don't have on base Julia. So can we add the |
|
FWIW I'd be totally fine running that job on Base Julia as well. It should be very quick. |
|
And probably it makes sense to have the CI on this repo just exactly mirror the CI on Base. |
|
Okay, we'll put it in the same place as |
This is no longer an issue. Every PR that is opened to this repo now has the full Base Julia CI suite run on it before we merge the PR into this repo. So, there is actually no longer a need for a separate signature check. |
|
I think it would still be good to implement this. Buildkite can take a while to run, but a GitHub Actions CI job (to verify the signatures) would run really quickly, and would provide immediate feedback. |
One of the most frequent mistakes that I make is forgetting to update the signatures. Obviously we'll catch that when we run the test job on our test repo. But I would much rather catch that mistake sooner, before I merge the PR here.
What I'm envisioning is a very quick GitHub Action on this repo that simply takes in the repo public key and verifies all of the signatures against the public key.
The text was updated successfully, but these errors were encountered: