stefanbuck
commented
1 year ago Signing commits with PGP is slightly more complicated than I expected. The actual patch needs to be signed with the private key. The result of this operation is the actual signature string so a PGP client is required to make this work.
github-actions[bot]
First, this package is amazing. I just used it for the first time and the API is simple and powerful, well done @gr2m.
After tinkering with it for a bit, I've noticed commits aren't signed. The commits endpoint seems to support singing so I wonder if you would accept a pull request for this.
Update: It looks like the /commit endpoint is limited to GPG and therefore ssh keys can't be used to sign commit see https://github.com/orgs/community/discussions/7744#discussioncomment-3476152