Require signed commits for main branch in all repos

[btylerburton]

User Story

In order to ensure compliance with GSA-wide security initiatives, datagovteam wants to require developers to ensure their commits to github are signed.

Acceptance Criteria

[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]

• [ ] GIVEN I have a repo in GSA org WHEN I configure the branch rules THEN I will require signed commits to the main branch

• [ ] GIVEN I am a developer on data.gov WHEN I want to add code to a branch on a github repository THEN I will have my github profile configured to support signed commits

Background

Related to:

• https://github.com/GSA/resources.data.gov/issues/662

[Any helpful contextual notes or links to artifacts/evidence, if needed]

Security Considerations (required)

[Any security concerns that might be implicated in the change. "None" is OK, just be explicit here!]

Sketch

• [ ] Require signed commits to main branch of all repos
• [ ] Configure signed commits for self
• [ ] Document process for setting up signed commits
• [ ] Ensure all developers are aware of requirement for signed commits and how to configure them

[gujral-rei]

need help/info from authorized individual (admin access) update the onboarding documentation individual team members need to action