can't use author as it's set to actor, not github

pAI-OS · Jul 20, 2024 · bf64e69 · bf64e69
1 parent 63158bf
commit bf64e69
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/.github/scripts/verify-gpg-signatures.sh b/.github/scripts/verify-gpg-signatures.sh
@@ -72,12 +72,6 @@ for commit in $(git rev-list $commit_range); do
   commit_author=$(git log -1 --format='%an <%ae>' $commit)
   echo "Commit author: $commit_author"
 
-  # Check if it's a GitHub commit
-  if [[ "$commit_author" == "GitHub <noreply@github.com>" ]]; then
-    echo "::notice file=.github/scripts/verify-signatures.sh::Commit $commit is from GitHub (likely made through web interface or API)"
-    continue
-  fi
-
   # Get detailed signature information
   echo "Attempting to verify commit signature..."
   signature_info=$(git verify-commit "$commit" 2>&1) || true
@@ -110,6 +104,12 @@ for commit in $(git rev-list $commit_range); do
     continue
   fi
 
+  # Check if it's GitHub's key
+  if [ "$signing_key" = "B5690EEEBB952194" ]; then
+    echo "::notice file=.github/scripts/verify-signatures.sh::Commit $commit by $commit_author is signed by GitHub (likely made through web interface or API)"
+    continue
+  fi
+
   # Check if the signing key is a trusted key
   if gpg --list-keys --with-colons "$signing_key" 2>/dev/null | grep -q "^pub"; then
     echo "::notice file=.github/scripts/verify-signatures.sh::Commit $commit by $commit_author is signed by a trusted key: $signing_key"