gitsign bot #27
Comments
|
This is definitely doable but a bit tricky, there are a few options. A github action can do some of these checks, but must be manually configured by each repo admin. We can put it in the template, but then each repo owner needs to keep it there and keep it up to date. There's no centralized way to manage them. A github app can be installed and configured by an org admin, and it also gets more access to the Github api than the actions do. This is why the DCO bot is an application rather than an action. |
|
Is it possible to make identity visible when inspecting the signature in the UI? I’ve seen only the common name and organization, which makes it hard to quickly verify the signer when reviewing commits. |
|
FYI github will be adding DCO support in the github UI soon btw todogroup/gh-issues#50 (comment) |
Throw DCO bot in the toilet and take over things with gitsign bot.
In all seriousness, a bot that checks commits are signed, or fails CI.
The text was updated successfully, but these errors were encountered: