gitghost verify
ActionsAbout
Tags
(2)Verify ghost commits (LSAG ring signatures) on every pull request. Posts a single sticky comment summarising what's anonymous, what's verified, and what's anchored on Base.
For maintainers running rings: drop this action into .github/workflows/
and every PR gets a verifiable proof panel without leaving GitHub.
This repo's commits are themselves signed with gitghost — eat your own
dogfood. Run gitghost verify <sha> on any commit here to see the LSAG
math hold.
.github/workflows/gitghost.yml
name: gitghost
on:
pull_request:
types: [opened, synchronize, reopened]
permissions:
contents: read
pull-requests: write
jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: gitghostonbase/gitghost-action@v1
with:
github-token: ${{ github.token }}That's it. The action:
- lists every commit in the PR
- calls
https://gitghost.org/api/verifyfor each - upserts a single comment on the PR with the verdict
It works the same on PRs from forks. The action only reads commits and writes a comment — it never executes third-party code.
A comment that updates in place across every push:
✅ All 3 ghost commits verified.
5total ·3ghost ·3verified ·0invalid
commit ring key image anchor ✅ a1b2c3dlinux-kernel-core (4) 02a1b2c3d4…f6abcdblock 46343294 ✅ e4f5g6hlinux-kernel-core (4) 02a1b2c3d4…f6abcdoff-chain ✅ i7j8k9llinux-kernel-core (4) 037788991a…aabbccblock 46343512
Regular (non-ghost) commits are silently skipped — the action only surfaces commits that opted in to ring signing.
| Input | Default | Description |
|---|---|---|
api-url |
https://gitghost.org/api/verify |
Override the verify endpoint (self-host or staging). |
github-token |
${{ github.token }} |
Token used to read PR commits and write the sticky comment. |
fail-on-invalid |
true |
Fail the run when at least one ghost commit fails verification. |
comment |
true |
Set to false to skip posting the sticky comment (useful in audit-only setups). |
| Output | Description |
|---|---|
total |
Total commits inspected. |
ghost |
Number of ghost commits found. |
verified |
Number of ghost commits whose LSAG signature passed. |
invalid |
Number of ghost commits that failed verification. |
The action needs:
contents: read— implicit foractions/checkout-style jobs (not strictly required here).pull-requests: write— to post and update the verification comment.
Forked PRs against public repos run with a read-only GITHUB_TOKEN by
default. To allow comments on fork PRs, switch the trigger to
pull_request_target (and accept the security trade-offs documented
here).
Make this action a required check:
- Settings → Branches → branch protection rule for
main - "Require status checks to pass" → tick gitghost / verify
- (Recommended) tick Require branches to be up to date before merging
Now any PR with an invalid ghost signature is blocked at the merge gate.
The action is a thin client over the public verify endpoint. To run
against your own deployment, set api-url:
- uses: gitghostonbase/gitghost-action@v1
with:
api-url: https://verify.example.com/api/verifyThe endpoint must speak the same JSON contract as
POST /api/verify
in the upstream repo.
MIT.
gitghost verify is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
About
Tags
(2)gitghost verify is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.