RFC: Support Require signed commits on github protected branches #46
ChrisJStone
started this conversation in
RFC Proposals
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
When setting up branch protection rules for a repository on github one of the available options is Require signed commits. Currently with how git-flow handles finishing branches this prevents any PR's from being merged into a protected branch with this option enabled.
In order to allow git-flow to support this branch protection option at this time I see two possible solutions either all commits need to be signed or only allow for squashed merge commits that are signed when finishing any branch.
Even with configuring git to auto sign every commit I'm not certain how viable of a solution this would be as it could cause unnecessary work and possible confusion for the end user especially if they are new to git.
Initially I was not fond of the idea of using squash merges. After skimming over Two years of squash merge I'm starting to lean more towards a solution involving squashing merge commits. Though the stackoverflow article How squash and merge a Pull Request with GPG signing via command line? does point out that squash and merge pull request commits does not support gpg signing. and the PR would have to be manually closed.
Since the most likely use case I can see for this particular option would be on a production branch perhaps the best solution would be to squash any merge commits that are made to a production branch that way they can be signed.
Beta Was this translation helpful? Give feedback.
All reactions