-
-
Notifications
You must be signed in to change notification settings - Fork 415
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot sign commit using Github App auth #1241
Comments
Hi @andridzi Please could you explain in more detail about what you are trying and what does/doesn't work.
So are you saying it works when you set the - uses: peter-evans/create-pull-request@v4
with:
committer: ''
author: '' |
Hi @peter-evans, Yes, something like that. And inside the action when From what I've found during the investigation. Commit will be signed:
Commit will NOT be signed:
And when comparing both commits through the GitHub API - the only difference (except date, hash etc.) is that first one is signed, and second one isn't. |
@andridzi I'm not sure how to approach this problem because this action does not use the API you mentioned. Commits are made locally in the GitHub Actions run using the Git protocol, not the REST API. If I was to allow |
@peter-evans Yes, indeed. I missed that commits created using Git protocol. So, currently in |
Is it not possible to achieve this without using GitHub's REST API for committing? Perhaps there is some way to do this using the git protocol, too. |
Git is the way:
|
I've documented how you can do it with GPG here: Not sure if something like this can work with tokens generated from a GitHub auth app, though. |
Closing this for now because it appears to not be possible. |
Yeah, its not possible to create signed commits with a github app token without using github's REST or GQL API https://github.com/orgs/community/discussions/24664#discussioncomment-5084236 |
Subject of the issue
Cannot sign commit using Github App auth.
Steps to reproduce
As mentioned in docs,
Signature verification for bots
will only work if there isno custom author information, custom committer information, and no custom signature information
.Even if put correct
committer
andauthor
fields commit will not be signed.It will be signed only when
committer
andauthor
fields not set at all.The text was updated successfully, but these errors were encountered: