Closed stefanbuck closed 1 year ago
Signing commits with PGP is slightly more complicated than I expected. The actual patch needs to be signed with the private key. The result of this operation is the actual signature string so a PGP client is required to make this work.
:tada: This issue has been resolved in version 4.2.0 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
First, this package is amazing. I just used it for the first time and the API is simple and powerful, well done @gr2m.
After tinkering with it for a bit, I've noticed commits aren't signed. The commits endpoint seems to support singing so I wonder if you would accept a pull request for this.
Update: It looks like the /commit endpoint is limited to GPG and therefore ssh keys can't be used to sign commit see https://github.com/orgs/community/discussions/7744#discussioncomment-3476152