Skip to content

Update release.yml to support commit signing#458

Merged
Piccirello merged 5 commits intomasterfrom
tom/commit-signing
Mar 10, 2026
Merged

Update release.yml to support commit signing#458
Piccirello merged 5 commits intomasterfrom
tom/commit-signing

Conversation

@Piccirello
Copy link
Member

@Piccirello Piccirello commented Mar 9, 2026
edited
Loading

The planetscale/ghcommit-action action uses ghcommit which uses the GitHub API, which supports commit signing by default. This removes the need to configure a GPG key in our Action.

I have not tested this and I think it would be tricky to test. It seems reasonable to merge, attempt a release, and roll back if it breaks.

@Piccirello
Update release.yml to support commit signing
18a2943 
The `planetscale/ghcommit-action` action uses ghcommit which uses the GitHub API, which supports commit signing by default. This removes the need to configure a GPG key in our Action.
rafaeelaudibert
rafaeelaudibert reviewed Mar 9, 2026
View reviewed changes
.github/workflows/release.yml
Comment on lines 142 to 150
- name: Commit release changes
id: commit-release
uses: planetscale/ghcommit-action@25309d8005ac7c3bcd61d3fe19b69e0fe47dbdde # v0.2.20
with:
commit_message: "chore: Release v${{ steps.sampo-release.outputs.new_version }}"
repo: ${{ github.repository }}
branch: master
env:
GITHUB_TOKEN: ${{ steps.releaser.outputs.token }}
Copy link
Member

@rafaeelaudibert rafaeelaudibert Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What user.name and user.email is it going to use? 🤔

Copy link
Member Author

@Piccirello Piccirello Mar 9, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The GitHub API will use the identity associated with the GITHUB_TOKEN. In this case that would be the "Releaser (posthog-python)" GitHub App.

Copy link
Member

@rafaeelaudibert rafaeelaudibert Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's pretty good! Better than what we had before. I wonder what image it's going to use 🤔

Copy link
Member Author

@Piccirello Piccirello Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should be the image we've set for the GitHub App. But only one way to find out!

Copy link
Member

@rafaeelaudibert rafaeelaudibert Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I love how safe this all sounds :)

In Portuguese, Security and Safety are the exact same word - it took me some time to understand the difference between them in English -, so I hope you can appreciate why this is funny in my head

Copy link
Member Author

@Piccirello Piccirello Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In Portuguese, Security and Safety are the exact same word

I love this so much

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Mar 9, 2026

Last reviewed commit: 18a2943

@github-actions
Copy link
Contributor

github-actions bot commented Mar 9, 2026
edited
Loading

posthog-python Compliance Report

Date: 2026-03-10 02:48:44 UTC
Duration: 159385ms

✅ All Tests Passed!

29/29 tests passed

Capture Tests

29/29 tests passed

View Details
Test Status Duration
Format Validation.Event Has Required Fields 518ms
Format Validation.Event Has Uuid 1508ms
Format Validation.Event Has Lib Properties 1507ms
Format Validation.Distinct Id Is String 1507ms
Format Validation.Token Is Present 1506ms
Format Validation.Custom Properties Preserved 1508ms
Format Validation.Event Has Timestamp 1508ms
Retry Behavior.Retries On 503 9519ms
Retry Behavior.Does Not Retry On 400 3506ms
Retry Behavior.Does Not Retry On 401 3507ms
Retry Behavior.Respects Retry After Header 9514ms
Retry Behavior.Implements Backoff 23530ms
Retry Behavior.Retries On 500 7506ms
Retry Behavior.Retries On 502 7510ms
Retry Behavior.Retries On 504 7514ms
Retry Behavior.Max Retries Respected 23530ms
Deduplication.Generates Unique Uuids 1497ms
Deduplication.Preserves Uuid On Retry 7511ms
Deduplication.Preserves Uuid And Timestamp On Retry 14525ms
Deduplication.Preserves Uuid And Timestamp On Batch Retry 7510ms
Deduplication.No Duplicate Events In Batch 1504ms
Deduplication.Different Events Have Different Uuids 1507ms
Compression.Sends Gzip When Enabled 1508ms
Batch Format.Uses Proper Batch Structure 1507ms
Batch Format.Flush With No Events Sends Nothing 1005ms
Batch Format.Multiple Events Batched Together 1505ms
Error Handling.Does Not Retry On 403 3509ms
Error Handling.Does Not Retry On 413 3507ms
Error Handling.Retries On 408 7515ms

rafaeelaudibert
rafaeelaudibert approved these changes Mar 10, 2026
View reviewed changes
.github/workflows/release.yml
Comment on lines 142 to 150
- name: Commit release changes
id: commit-release
uses: planetscale/ghcommit-action@25309d8005ac7c3bcd61d3fe19b69e0fe47dbdde # v0.2.20
with:
commit_message: "chore: Release v${{ steps.sampo-release.outputs.new_version }}"
repo: ${{ github.repository }}
branch: master
env:
GITHUB_TOKEN: ${{ steps.releaser.outputs.token }}
Copy link
Member

@rafaeelaudibert rafaeelaudibert Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's pretty good! Better than what we had before. I wonder what image it's going to use 🤔

@Piccirello Piccirello merged commit 7ffac1b into master Mar 10, 2026
24 checks passed
@Piccirello Piccirello deleted the tom/commit-signing branch March 10, 2026 17:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rafaeelaudibert rafaeelaudibert rafaeelaudibert approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Piccirello @rafaeelaudibert