Closed cj81499 closed 2 years ago
asottile
commented
2 years ago yeah I plan to do this at some point -- it's unfortunately a ton of work (and there isn't a way that I know of to associate a personal gpg key with pre-commit ci -- so I have to make commits via the api) -- if you want to track progress of that follow along here: #65
iirc there's a way to allowlist particular users and you could allowlist pre-commit-ci[bot]
cj81499
commented
2 years ago I'm not certain I understand how the linked issue relates to signed commits, do you mind explaining? The only thing I can think of after reading through is that the GitHub API may not provide a way to sign a commit. Is that it?
Additionally, do you mind explaining why some commits are signed, but others are not?
iirc there's a way to allowlist particular users and you could allowlist pre-commit-ci[bot]
I know you can include/exclude admins, but I'm not aware of a way to allowlist users/bots (and I don't want to make pre-commit-ci[bot] an admin, if that's even possible).
asottile
commented
2 years ago the other ticket is related because I need to use the api to end up with signed commits. the autoupdate commits are signed because they are made with the api whereas the autofix ones are not
cj81499
commented
2 years ago Makes sense. Thanks!
I'd like to use pre-commit.ci in a repository that requires that uses the "Require signed commits" setting.
Although autoupdate commits are signed, auto fix commits are not.
It'd be great if all commits authored by pre-commit.ci are signed.