git-commit-guard 0.22.2__py3-none-any.whl → 0.22.3__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -295,9 +295,9 @@ def check_required_trailers(message, required, result):
295
295
  result.error(f"missing required trailer: {trailer}")
296
296
 
297
297
 
298
- def _get_author_email(rev):
298
+ def _get_committer_email(rev):
299
299
  return subprocess.check_output( # noqa: S603
300
- ["git", "log", "-1", "--format=%ae", rev], # noqa: S607
300
+ ["git", "log", "-1", "--format=%ce", rev], # noqa: S607
301
301
  text=True,
302
302
  stderr=subprocess.PIPE,
303
303
  timeout=_git_timeout(),
@@ -320,7 +320,7 @@ def _get_github_remote_info():
320
320
  return match.group("owner"), match.group("repo")
321
321
 
322
322
 
323
- def _fetch_github_commit_author(owner, repo, sha):
323
+ def _fetch_github_commit_committer(owner, repo, sha):
324
324
  url = f"https://api.github.com/repos/{owner}/{repo}/commits/{sha}"
325
325
  headers = {"Accept": "application/vnd.github+json"}
326
326
  token = os.environ.get("GITHUB_TOKEN") or os.environ.get("GH_TOKEN")
@@ -329,8 +329,8 @@ def _fetch_github_commit_author(owner, repo, sha):
329
329
  req = urllib.request.Request(url, headers=headers) # noqa: S310 Audit URL open for permitted schemes
330
330
  with urllib.request.urlopen(req, timeout=_git_timeout()) as resp: # noqa: S310 Audit URL open for permitted schemes
331
331
  data = json.loads(resp.read())
332
- author = data.get("author")
333
- return author["login"] if author else None
332
+ committer = data.get("committer")
333
+ return committer["login"] if committer else None
334
334
 
335
335
 
336
336
  def _parse_noreply_username(email):
@@ -435,7 +435,7 @@ def _resolve_github_username(rev, email):
435
435
  if remote:
436
436
  owner, repo = remote
437
437
  try:
438
- username = _fetch_github_commit_author(owner, repo, rev)
438
+ username = _fetch_github_commit_committer(owner, repo, rev)
439
439
  except urllib.error.HTTPError as e:
440
440
  if e.code == HTTPStatus.NOT_FOUND:
441
441
  commits_api_404 = True
@@ -450,24 +450,24 @@ def _resolve_github_username(rev, email):
450
450
  return username, commits_api_404
451
451
 
452
452
 
453
- def _author_not_found_message(commits_api_404):
453
+ def _committer_not_found_message(commits_api_404):
454
454
  had_token = bool(os.environ.get("GITHUB_TOKEN") or os.environ.get("GH_TOKEN"))
455
455
  if commits_api_404 and not had_token:
456
456
  return (
457
- "commit author not found on GitHub — if the repo is private, "
457
+ "committer not found on GitHub — if the repo is private, "
458
458
  "set GITHUB_TOKEN in the workflow step "
459
459
  "(env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }})"
460
460
  )
461
- return "commit author not found on GitHub — cannot verify signature"
461
+ return "committer not found on GitHub — cannot verify signature"
462
462
 
463
463
 
464
464
  def check_signature(rev, result):
465
465
  try:
466
- email = _get_author_email(rev)
466
+ email = _get_committer_email(rev)
467
467
  username, commits_api_404 = _resolve_github_username(rev, email)
468
468
  if username is None:
469
469
  result.error(
470
- _author_not_found_message(commits_api_404),
470
+ _committer_not_found_message(commits_api_404),
471
471
  check=Check.SIGNATURE,
472
472
  )
473
473
  return
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: git-commit-guard
3
- Version: 0.22.2
3
+ Version: 0.22.3
4
4
  Summary: Opinionated conventional commit message linter with imperative mood detection
5
5
  Project-URL: Homepage, https://github.com/benner/commit-guard
6
6
  Project-URL: Repository, https://github.com/benner/commit-guard
@@ -36,7 +36,7 @@ Opinionated conventional commit message linter with imperative mood detection.
36
36
  verb, verified via nltk POS tagging — not a hand-coded regex of "bad"
37
37
  words.
38
38
  * **Signature verification without a local keyring.** Resolves the commit
39
- author via the GitHub API and verifies GPG/SSH against their published
39
+ committer via the GitHub API and verifies GPG/SSH against their published
40
40
  `.gpg`/`.keys` — no per-runner key management.
41
41
  * **Strict by default.** Subject format, body, trailers, `Signed-off-by`,
42
42
  and signature all enforced out of the box; opt out with `--disable`.
@@ -242,7 +242,7 @@ independently of `--enable`/`--disable`.
242
242
  The `signature` check verifies the commit without any local keyring setup:
243
243
 
244
244
  1. If the repo has a GitHub remote, call the Commits API
245
- (`GET /repos/{owner}/{repo}/commits/{sha}`) to resolve the author's GitHub
245
+ (`GET /repos/{owner}/{repo}/commits/{sha}`) to resolve the committer's GitHub
246
246
  username — this works for corporate emails, noreply addresses, or any email
247
247
  not listed publicly on a GitHub profile.
248
248
  2. If the Commits API is unavailable (no GitHub remote, commit not yet pushed,
@@ -250,7 +250,7 @@ The `signature` check verifies the commit without any local keyring setup:
250
250
  (`{id}+{username}@users.noreply.github.com` or
251
251
  `{username}@users.noreply.github.com`) — no API call needed.
252
252
  3. If neither of the above resolves a username, fall back to searching GitHub
253
- by the commit author's email.
253
+ by the commit committer's email.
254
254
  4. Fetch the resolved user's public keys from `github.com/{username}.gpg`
255
255
  (GPG) and the `/users/{username}/ssh_signing_keys` API (SSH keys tagged
256
256
  with the **Signing key** role). Auth-only SSH keys are deliberately not
@@ -261,7 +261,7 @@ The `signature` check verifies the commit without any local keyring setup:
261
261
  `git verify-commit` with the SSH allowed-signers config.
262
262
  7. If any key verifies, the check passes. If none do, it fails.
263
263
 
264
- If the author cannot be resolved via either method, or the GitHub API is
264
+ If the committer cannot be resolved via either method, or the GitHub API is
265
265
  unreachable, the check fails with a clear error.
266
266
 
267
267
  For private repositories, set `GITHUB_TOKEN` or `GH_TOKEN` so the Commits API
@@ -316,7 +316,7 @@ COMMIT_GUARD_GIT_TIMEOUT=30 commit-guard --range origin/main..HEAD
316
316
  In GitHub Actions, set it at the step or job level:
317
317
 
318
318
  ```yaml
319
- - uses: benner/commit-guard@v0.22.2
319
+ - uses: benner/commit-guard@v0.22.3
320
320
  env:
321
321
  COMMIT_GUARD_GIT_TIMEOUT: 30
322
322
  with:
@@ -400,7 +400,7 @@ steps:
400
400
  - uses: actions/checkout@v4
401
401
  with:
402
402
  fetch-depth: 0
403
- - uses: benner/commit-guard@v0.22.2
403
+ - uses: benner/commit-guard@v0.22.3
404
404
  ```
405
405
 
406
406
  Check all commits in a pull request:
@@ -416,7 +416,7 @@ jobs:
416
416
  - uses: actions/checkout@v4
417
417
  with:
418
418
  fetch-depth: 0
419
- - uses: benner/commit-guard@v0.22.2
419
+ - uses: benner/commit-guard@v0.22.3
420
420
  with:
421
421
  range: ${{ env.PR_BASE }}..${{ env.PR_HEAD }}
422
422
  ```
@@ -424,7 +424,7 @@ jobs:
424
424
  Check a specific commit SHA (mirrors the positional CLI argument):
425
425
 
426
426
  ```yaml
427
- - uses: benner/commit-guard@v0.22.2
427
+ - uses: benner/commit-guard@v0.22.3
428
428
  with:
429
429
  rev: ${{ github.sha }}
430
430
  ```
@@ -442,7 +442,7 @@ jobs:
442
442
  - uses: actions/checkout@v4
443
443
  with:
444
444
  fetch-depth: 0
445
- - uses: benner/commit-guard@v0.22.2
445
+ - uses: benner/commit-guard@v0.22.3
446
446
  with:
447
447
  range: ${{ env.PR_BASE }}..${{ env.PR_HEAD }}
448
448
  disable: signed-off,signature
@@ -462,7 +462,7 @@ jobs:
462
462
  When `output-file` is set the action exposes the path as an output:
463
463
 
464
464
  ```yaml
465
- - uses: benner/commit-guard@v0.22.2
465
+ - uses: benner/commit-guard@v0.22.3
466
466
  id: cg
467
467
  with:
468
468
  range: ${{ env.PR_BASE }}..${{ env.PR_HEAD }}
@@ -478,7 +478,7 @@ Add to your `.pre-commit-config.yaml`:
478
478
  ---
479
479
  repos:
480
480
  - repo: https://github.com/benner/commit-guard
481
- rev: v0.22.2
481
+ rev: v0.22.3
482
482
  hooks:
483
483
  - id: commit-guard
484
484
  - id: commit-guard-signature
@@ -0,0 +1,6 @@
1
+ git_commit_guard/__init__.py,sha256=NbdRkWxWEzt3-uunql1FYl4vA2Vt7ULbDI1i0yNRLXg,29621
2
+ git_commit_guard-0.22.3.dist-info/METADATA,sha256=PgMzlU9yXNHl3HvCI6-qPxECULeOxJqfX982gbGRvYM,15462
3
+ git_commit_guard-0.22.3.dist-info/WHEEL,sha256=mffPy8wBnZQn2VnJUU5jE99KsxaSfiyMHV9Yt0aLVxs,87
4
+ git_commit_guard-0.22.3.dist-info/entry_points.txt,sha256=24HK4TwCgn3tSQHOWnGE6zJK6nvg7EMAut7VHe9nuH4,55
5
+ git_commit_guard-0.22.3.dist-info/licenses/LICENSE,sha256=gXf5dRMhNSbfLPYYTY_5hsZ1r7UU1OaKQEAQUhuIBkM,18092
6
+ git_commit_guard-0.22.3.dist-info/RECORD,,
@@ -1,6 +0,0 @@
1
- git_commit_guard/__init__.py,sha256=FrKpmqyW_YO2RgMj8Ff2m1TVEqQqBDhvm1pFtfem8rQ,29599
2
- git_commit_guard-0.22.2.dist-info/METADATA,sha256=4pWaUYZ4ta6OwftzPFenE_KtBxzrFlmKcl1tKVi9qdE,15450
3
- git_commit_guard-0.22.2.dist-info/WHEEL,sha256=mffPy8wBnZQn2VnJUU5jE99KsxaSfiyMHV9Yt0aLVxs,87
4
- git_commit_guard-0.22.2.dist-info/entry_points.txt,sha256=24HK4TwCgn3tSQHOWnGE6zJK6nvg7EMAut7VHe9nuH4,55
5
- git_commit_guard-0.22.2.dist-info/licenses/LICENSE,sha256=gXf5dRMhNSbfLPYYTY_5hsZ1r7UU1OaKQEAQUhuIBkM,18092
6
- git_commit_guard-0.22.2.dist-info/RECORD,,