Skip to content

chore: Use custom action to commit changes in CI instead of git commit#445

Merged
fnesveda merged 6 commits into
masterfrom
chore/use-custom-action-to-commit
May 18, 2026
Merged

chore: Use custom action to commit changes in CI instead of git commit#445
fnesveda merged 6 commits into
masterfrom
chore/use-custom-action-to-commit

Conversation

@fnesveda
Copy link
Copy Markdown
Member

@fnesveda fnesveda commented May 14, 2026
edited
Loading

We want to enforce commit signing for all commits in our repositories.
To do that, we need to make sure even commits created by CI workflows are signed.

It would be possible to sign using GPG keys, but that would require a lot of maintenance.

Instead, we can commit using the GitHub GraphQL API, which automatically signs commits.

This PR replaces direct git commit / git push usage (and third-party commit actions like EndBug/add-and-commit)
with the apify/actions/signed-commit action, which uses the GraphQL API under the hood.

@github-actions github-actions Bot added the t-management Issues with this label belong to the CTO or engineering managers. label May 14, 2026
@fnesveda fnesveda added the adhoc Ad-hoc unplanned task added during the sprint. label May 14, 2026
@fnesveda fnesveda requested a review from barjin May 14, 2026 09:28
barjin
barjin approved these changes May 18, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@barjin barjin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thank you @fnesveda !

Just one idea for the future iterations ⬇️

Comment thread .github/workflows/node-release.yaml
Comment on lines +96 to +105
- name: Create version tag
working-directory: .
env:
GH_TOKEN: ${{ secrets.APIFY_SERVICE_ACCOUNT_GITHUB_TOKEN }}
TAG_NAME: "js-${{ steps.get-new-version.outputs.TARGET_VERSION }}"
COMMIT_SHA: ${{ steps.commit.outputs.commit_long_sha }}
run: |
gh api -X POST "repos/${GITHUB_REPOSITORY}/git/refs" \
-f ref="refs/tags/${TAG_NAME}" \
-f sha="${COMMIT_SHA}"
Copy link
Copy Markdown
Member

@barjin barjin May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be nice if apify/actions/signed-commit had this feature in-built (you can sign git tags too after all - docs).

This is not blocking this PR for me, though.

Copy link
Copy Markdown
Member Author

@fnesveda fnesveda May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea 👍 PRs are welcome 😅

@fnesveda fnesveda merged commit 01d92cf into master May 18, 2026
8 checks passed
@fnesveda fnesveda deleted the chore/use-custom-action-to-commit branch May 18, 2026 15:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@barjin barjin barjin approved these changes

Assignees

@fnesveda fnesveda

Labels

adhoc Ad-hoc unplanned task added during the sprint. t-management Issues with this label belong to the CTO or engineering managers.

Projects

None yet

Milestone

140th sprint - Management team

Development

Successfully merging this pull request may close these issues.

3 participants

@fnesveda @barjin @apify-service-account