v1.1.3

fix: Update the verification to be more resilient.

v1.1.2

fix: Add jq to dependencies

v1.1.1

fix: Adds curl to Dockerfile to allow checking for all SHAs.

v1.1.0

v1.1.0 Release Notes

• New Feature: The Repasar GitHub Action now verifies signatures for all commits in a pull request (PR), greatly enhancing security by ensuring every change in a PR is properly signed and verified. For push events, the action continues to check the latest commit as before.
• Documentation Updates: The README and action.yml have been updated to clarify the new verification workflow for PRs, required environment variables (such as GITHUB_TOKEN for PR verification), and usage instructions.
• Security Improvements: The action will now fail the workflow if any commit in a PR cannot be verified, when configured to do so. This helps enforce stricter signature validation for your repositories.

These changes provide stronger commit signature verification for PRs, making your GitHub workflows more secure and transparent.

v1.0.0

Releasing version 1.0 of Repasar GitHub Action to use GPG signed with SSH keys to verify that the SHA for the current commit is signed by a user in a /.github/allowed_signers file that gets checked into the repository. This path is configurable to be anywhere in the repository. The Action can optionally be made to fail in order to prevent Pull Requests from being able to be merged in if the user's SSH key is not used to sign the commits and known to the repository.