9

According to this article, Github now supports signing commits with a bot. After reading the documentation, I think there are a few things I need to do to make it work:

  1. Generate a GPG key
  2. Add the GPG key to the bot account
  3. Configure the bot account to use the GPG key

I am stuck at step 2 - I could not find anywhere I can add the GPG key to the bot account. I developed a Github app and I clicked through all its configuration, but did not find the place to add that. This is definitely doable according to that screen shot in the article. What am I missing?

Improve this question

1 Answer 1

Reset to default
0

Per their support, you cannot add a gpg key to a bot. To get a bot to have signed/verified commits you will have to use their commit APIs https://docs.github.com/en/rest/git?apiVersion=2022-11-28 and it will automatically sign for you. Their docs are not clear about this so I hope this helps someone not waste time implementing it the wrong way.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.