From 822f3b39c185a42fe9df7365339e2399cf9e4900 Mon Sep 17 00:00:00 2001
From: Peter Evans <18365890+peter-evans@users.noreply.github.com>
Date: Fri, 9 Aug 2024 16:34:28 +0000
Subject: [PATCH] only build commits when feature enabled

---
 README.md                      |  2 +-
 action.yml                     |  6 +++---
 dist/index.js                  | 19 +++++++++++--------
 src/create-or-update-branch.ts | 10 +++++++---
 src/create-pull-request.ts     |  7 ++++---
 src/main.ts                    |  4 ++--
 6 files changed, 28 insertions(+), 20 deletions(-)

diff --git a/README.md b/README.md
index 967a06e..3145032 100644
--- a/README.md
+++ b/README.md
@@ -65,6 +65,7 @@ All inputs are **optional**. If not set, sensible defaults will be used.
 | `branch-suffix` | The branch suffix type when using the alternative branching strategy. Valid values are `random`, `timestamp` and `short-commit-hash`. See [Alternative strategy](#alternative-strategy---always-create-a-new-pull-request-branch) for details. | |
 | `base` | Sets the pull request base branch. | Defaults to the branch checked out in the workflow. |
 | `push-to-fork` | A fork of the checked-out parent repository to which the pull request branch will be pushed. e.g. `owner/repo-fork`. The pull request will be created to merge the fork's branch into the parent's base. See [push pull request branches to a fork](docs/concepts-guidelines.md#push-pull-request-branches-to-a-fork) for details. | |
+| `sign-commits` | Sign commits as `github-actions[bot]` when using `GITHUB_TOKEN`, or your own bot when using [GitHub App tokens](docs/concepts-guidelines.md#authenticating-with-github-app-generated-tokens). See [commit signing](docs/concepts-guidelines.md#commit signing) for details.  | `false` |
 | `title` | The title of the pull request. | `Changes by create-pull-request action` |
 | `body` | The body of the pull request. | `Automated changes by [create-pull-request](https://github.com/peter-evans/create-pull-request) GitHub action` |
 | `body-path` | The path to a file containing the pull request body. Takes precedence over `body`. | |
@@ -74,7 +75,6 @@ All inputs are **optional**. If not set, sensible defaults will be used.
 | `team-reviewers` | A comma or newline-separated list of GitHub teams to request a review from. Note that a `repo` scoped [PAT](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token), or equivalent [GitHub App permissions](docs/concepts-guidelines.md#authenticating-with-github-app-generated-tokens), are required. | |
 | `milestone` | The number of the milestone to associate this pull request with. | |
 | `draft` | Create a [draft pull request](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests#draft-pull-requests). It is not possible to change draft status after creation except through the web interface. | `false` |
-| `sign-commit` | Sign the commit as bot [refer: [Signature verification for bots](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification#signature-verification-for-bots)]. This can be useful if your repo or org has enforced commit-signing. | `false` |
 
 #### commit-message
 
diff --git a/action.yml b/action.yml
index 872a7a4..7a8f470 100644
--- a/action.yml
+++ b/action.yml
@@ -51,6 +51,9 @@ inputs:
       A fork of the checked out parent repository to which the pull request branch will be pushed.
       e.g. `owner/repo-fork`.
       The pull request will be created to merge the fork's branch into the parent's base.
+  sign-commits:
+    description: 'Sign commits as `github-actions[bot]` when using `GITHUB_TOKEN`, or your own bot when using GitHub App tokens.'
+    default: true
   title:
     description: 'The title of the pull request.'
     default: 'Changes by create-pull-request action'
@@ -74,9 +77,6 @@ inputs:
   draft:
     description: 'Create a draft pull request. It is not possible to change draft status after creation except through the web interface'
     default: false
-  sign-commit:
-    description: 'Sign the commit as github-actions bot (and as custom app if a different github-token is provided)'
-    default: true
 outputs:
   pull-request-number:
     description: 'The pull request number'
diff --git a/dist/index.js b/dist/index.js
index 7c002b8..4d35c58 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -136,8 +136,8 @@ function splitLines(multilineString) {
         .map(s => s.trim())
         .filter(x => x !== '');
 }
-function createOrUpdateBranch(git, commitMessage, base, branch, branchRemoteName, signoff, addPaths) {
-    return __awaiter(this, void 0, void 0, function* () {
+function createOrUpdateBranch(git_1, commitMessage_1, base_1, branch_1, branchRemoteName_1, signoff_1, addPaths_1) {
+    return __awaiter(this, arguments, void 0, function* (git, commitMessage, base, branch, branchRemoteName, signoff, addPaths, signCommits = false) {
         // Get the working base.
         // When a ref, it may or may not be the actual base.
         // When a commit, we must rebase onto the actual base.
@@ -280,8 +280,11 @@ function createOrUpdateBranch(git, commitMessage, base, branch, branchRemoteName
         // Get the base and head SHAs
         result.baseSha = yield git.revParse(base);
         result.headSha = yield git.revParse(branch);
-        // Build the branch commits
-        result.branchCommits = yield buildBranchCommits(git, base, branch);
+        // NOTE: This could always be built and returned. Maybe remove when there is confidence in buildBranchCommits.
+        if (signCommits) {
+            // Build the branch commits
+            result.branchCommits = yield buildBranchCommits(git, base, branch);
+        }
         // Delete the temporary branch
         yield git.exec(['branch', '--delete', '--force', tempBranch]);
         // Checkout the working base to leave the local repository as it was found
@@ -449,14 +452,14 @@ function createPullRequest(inputs) {
             core.endGroup();
             // Create or update the pull request branch
             core.startGroup('Create or update the pull request branch');
-            const result = yield (0, create_or_update_branch_1.createOrUpdateBranch)(git, inputs.commitMessage, inputs.base, inputs.branch, branchRemoteName, inputs.signoff, inputs.addPaths);
+            const result = yield (0, create_or_update_branch_1.createOrUpdateBranch)(git, inputs.commitMessage, inputs.base, inputs.branch, branchRemoteName, inputs.signoff, inputs.addPaths, inputs.signCommits);
             // Set the base. It would have been '' if not specified as an input
             inputs.base = result.base;
             core.endGroup();
             if (['created', 'updated'].includes(result.action)) {
                 // The branch was created or updated
                 core.startGroup(`Pushing pull request branch to '${branchRemoteName}/${inputs.branch}'`);
-                if (inputs.signCommit) {
+                if (inputs.signCommits) {
                     // Create signed commits via the GitHub API
                     const stashed = yield git.stashPush(['--include-untracked']);
                     yield git.checkout(inputs.branch);
@@ -1402,6 +1405,7 @@ function run() {
                 branchSuffix: core.getInput('branch-suffix'),
                 base: core.getInput('base'),
                 pushToFork: core.getInput('push-to-fork'),
+                signCommits: core.getBooleanInput('sign-commits'),
                 title: core.getInput('title'),
                 body: core.getInput('body'),
                 bodyPath: core.getInput('body-path'),
@@ -1410,8 +1414,7 @@ function run() {
                 reviewers: utils.getInputAsArray('reviewers'),
                 teamReviewers: utils.getInputAsArray('team-reviewers'),
                 milestone: Number(core.getInput('milestone')),
-                draft: core.getBooleanInput('draft'),
-                signCommit: core.getBooleanInput('sign-commit')
+                draft: core.getBooleanInput('draft')
             };
             core.debug(`Inputs: ${(0, util_1.inspect)(inputs)}`);
             if (!inputs.token) {
diff --git a/src/create-or-update-branch.ts b/src/create-or-update-branch.ts
index d70188b..0740dc2 100644
--- a/src/create-or-update-branch.ts
+++ b/src/create-or-update-branch.ts
@@ -154,7 +154,8 @@ export async function createOrUpdateBranch(
   branch: string,
   branchRemoteName: string,
   signoff: boolean,
-  addPaths: string[]
+  addPaths: string[],
+  signCommits: boolean = false
 ): Promise<CreateOrUpdateBranchResult> {
   // Get the working base.
   // When a ref, it may or may not be the actual base.
@@ -325,8 +326,11 @@ export async function createOrUpdateBranch(
   result.baseSha = await git.revParse(base)
   result.headSha = await git.revParse(branch)
 
-  // Build the branch commits
-  result.branchCommits = await buildBranchCommits(git, base, branch)
+  // NOTE: This could always be built and returned. Maybe remove when there is confidence in buildBranchCommits.
+  if (signCommits) {
+    // Build the branch commits
+    result.branchCommits = await buildBranchCommits(git, base, branch)
+  }
 
   // Delete the temporary branch
   await git.exec(['branch', '--delete', '--force', tempBranch])
diff --git a/src/create-pull-request.ts b/src/create-pull-request.ts
index c44674d..5c77199 100644
--- a/src/create-pull-request.ts
+++ b/src/create-pull-request.ts
@@ -23,6 +23,7 @@ export interface Inputs {
   branchSuffix: string
   base: string
   pushToFork: string
+  signCommits: boolean
   title: string
   body: string
   bodyPath: string
@@ -32,7 +33,6 @@ export interface Inputs {
   teamReviewers: string[]
   milestone: number
   draft: boolean
-  signCommit: boolean
 }
 
 export async function createPullRequest(inputs: Inputs): Promise<void> {
@@ -184,7 +184,8 @@ export async function createPullRequest(inputs: Inputs): Promise<void> {
       inputs.branch,
       branchRemoteName,
       inputs.signoff,
-      inputs.addPaths
+      inputs.addPaths,
+      inputs.signCommits
     )
     // Set the base. It would have been '' if not specified as an input
     inputs.base = result.base
@@ -195,7 +196,7 @@ export async function createPullRequest(inputs: Inputs): Promise<void> {
       core.startGroup(
         `Pushing pull request branch to '${branchRemoteName}/${inputs.branch}'`
       )
-      if (inputs.signCommit) {
+      if (inputs.signCommits) {
         // Create signed commits via the GitHub API
         const stashed = await git.stashPush(['--include-untracked'])
         await git.checkout(inputs.branch)
diff --git a/src/main.ts b/src/main.ts
index 486381f..2d37efb 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -19,6 +19,7 @@ async function run(): Promise<void> {
       branchSuffix: core.getInput('branch-suffix'),
       base: core.getInput('base'),
       pushToFork: core.getInput('push-to-fork'),
+      signCommits: core.getBooleanInput('sign-commits'),
       title: core.getInput('title'),
       body: core.getInput('body'),
       bodyPath: core.getInput('body-path'),
@@ -27,8 +28,7 @@ async function run(): Promise<void> {
       reviewers: utils.getInputAsArray('reviewers'),
       teamReviewers: utils.getInputAsArray('team-reviewers'),
       milestone: Number(core.getInput('milestone')),
-      draft: core.getBooleanInput('draft'),
-      signCommit: core.getBooleanInput('sign-commit')
+      draft: core.getBooleanInput('draft')
     }
     core.debug(`Inputs: ${inspect(inputs)}`)