In order to ensure compliance with GSA-wide security initiatives, datagovteam wants to require developers to ensure their commits to github are signed.
Acceptance Criteria
[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]
[ ] GIVEN I have a repo in GSA org
WHEN I configure the branch rules
THEN I will require signed commits to the main branch
[ ] GIVEN I am a developer on data.gov
WHEN I want to add code to a branch on a github repository
THEN I will have my github profile configured to support signed commits
User Story
In order to ensure compliance with GSA-wide security initiatives, datagovteam wants to require developers to ensure their commits to github are signed.
Acceptance Criteria
[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]
[ ] GIVEN I have a repo in GSA org WHEN I configure the branch rules THEN I will require signed commits to the main branch
[ ] GIVEN I am a developer on data.gov WHEN I want to add code to a branch on a github repository THEN I will have my github profile configured to support signed commits
Background
Related to:
[Any helpful contextual notes or links to artifacts/evidence, if needed]
Security Considerations (required)
[Any security concerns that might be implicated in the change. "None" is OK, just be explicit here!]
Sketch
main
branch of all repos