DeathGun44 opened a new pull request, #5431: URL: https://github.com/apache/fineract/pull/5431
## Description This PR addresses **[FINERACT-2177](https://issues.apache.org/jira/browse/FINERACT-2177)** by adding a workflow to enforce Git Commit Signing. ### The Implementation * **Portable Logic:** Instead of relying on vendor-specific GitHub Actions, the logic is encapsulated in `scripts/verify-signed-commits.sh`. This ensures the check can be run locally by any developer (`./scripts/verify-signed-commits.sh`) and is CI-agnostic. * **Robust Verification:** The script handles CI environments where public keys are missing (accepting `U` status) while correctly flagging unsigned commits (`N`). * **UX:** Uses GitHub Annotations (`::error`) to highlight specific problematic commits in the PR file view. ### ⚠️ Strict Enforcement Note This PR includes the `--strict` flag, which **will fail the build** for unsigned commits. * **Why:** "Warn-only" checks are often ignored. Security requires enforcement. * **Mitigation:** If this is deemed too disruptive for existing open PRs, I can remove the `--strict` flag for the initial merge to allow a grace period. ## Checklist Please make sure these boxes are checked before submitting your pull request - thanks! - [x] Write the commit message as per [our guidelines](https://github.com/apache/fineract/blob/develop/CONTRIBUTING.md#pull-requests) - [x] Acknowledge that we will not review PRs that are not passing the build _("green")_ - it is your responsibility to get a proposed PR to pass the build, not primarily the project's maintainers. - [x] Create/update [unit or integration tests](https://fineract.apache.org/docs/current/#_testing) for verifying the changes made. - [x] Follow our [coding conventions](https://cwiki.apache.org/confluence/display/FINERACT/Coding+Conventions). - [ ] Add required Swagger annotation and update API documentation at fineract-provider/src/main/resources/static/legacy-docs/apiLive.htm with details of any API changes - [x] [This PR must not be a "code dump"](https://cwiki.apache.org/confluence/display/FINERACT/Pull+Request+Size+Limit). Large changes can be made in a branch, with assistance. Ask for help on the [developer mailing list](https://fineract.apache.org/#contribute). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
