Status:
deprecatedarchivedThis repo is historical only. The canonical GitHub Action source lives in
TrustSignal/github-actions/trustsignal-verify-artifact.
Canonical repo roles and ownership are defined in TrustSignal/docs/REPO_ROLES.md.
This repository is no longer the canonical TrustSignal GitHub Action.
Use the monorepo action instead. The path below is the active replacement, not an invitation to keep publishing from this repository:
TrustSignal/github-actions/trustsignal-verify-artifact- Workflow path:
TrustSignal-dev/TrustSignal/github-actions/trustsignal-verify-artifact - Pinning note: this repo set does not currently document a confirmed public monorepo release ref. Pin to a maintainer-published release tag or commit SHA.
The canonical product stack is:
- API:
TrustSignal/apps/api - Public frontend:
v0-signal-new - GitHub App backend:
TrustSignal-App - GitHub Action:
TrustSignal/github-actions/trustsignal-verify-artifact
This repository drifted away from the canonical action contract:
- it uses a different auth path than the monorepo action
- it documents the old env allowlist model
- it creates ambiguity about which action pilots should install
History is preserved here for reference, but pilots should not publish from or integrate against this repository.
- Stop using
TrustSignal-dev/TrustSignal-Verify-Artifact. - Move workflows to
TrustSignal-dev/TrustSignal/github-actions/trustsignal-verify-artifact. - Pin the action to a maintainer-published release tag or commit SHA. Do not assume a stable major alias exists until the monorepo release policy documents one.
- Keep using the secret name
TRUSTSIGNAL_API_KEY. - Target
https://api.trustsignal.dev.
Archived/deprecated surface only. No new releases should be cut from this repository.