build: add sign and verify badges

bordumb · bordumb · commit 5ed9d12daefc · 2026-04-06T22:36:27.000+01:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -33,15 +33,4 @@ jobs:
             exit 1
           }
 
-  verify-commits:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Verify commit signatures
-        uses: ./
-        with:
-          fail-on-unsigned: true
 
diff --git a/.github/workflows/sign-commits.yml b/.github/workflows/sign-commits.yml
@@ -0,0 +1,25 @@
+name: Sign Commits
+on:
+  push:
+    branches: [main]
+    paths-ignore:
+      - '**.md'
+      - 'docs/**'
+      - 'LICENSE*'
+      - '.gitignore'
+
+permissions:
+  contents: write
+
+jobs:
+  sign-commits:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: auths-dev/sign@v1
+        with:
+          token: ${{ secrets.AUTHS_CI_TOKEN }}
+          commits: 'HEAD~1..HEAD'
diff --git a/.github/workflows/verify-commits.yml b/.github/workflows/verify-commits.yml
@@ -0,0 +1,23 @@
+name: Verify Commits
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  verify:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: ./
+        with:
+          fail-on-unsigned: true
+          post-pr-comment: 'true'
+          github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/README.md b/README.md
@@ -1,6 +1,8 @@
 # Auths Verify Action
 
 [![Verified with Auths](https://img.shields.io/badge/Verified%20with-Auths-4B9CD3?logo=github&logoColor=white)](https://github.com/auths-dev/verify)
+[![Verify Commits](https://github.com/auths-dev/verify/actions/workflows/verify-commits.yml/badge.svg)](https://github.com/auths-dev/verify/actions/workflows/verify-commits.yml?query=branch%3Amain+event%3Apush)
+[![Sign Commits](https://github.com/auths-dev/verify/actions/workflows/sign-commits.yml/badge.svg)](https://github.com/auths-dev/verify/actions/workflows/sign-commits.yml?query=branch%3Amain)
 
 Verify commit signatures using [Auths](https://github.com/auths-dev/auths) token keys. Ensures every commit in a PR or push is cryptographically signed by an authorized developer.
 
