GitHub: signing commit in a workflow
April 4, 2024
Committing in your workflow can normally be done using git commands or other actions that perform commits for you. However, if your repository requires commit signing, it is difficult to manage securely a GPG keys and set up GitHub Runner to sign your commit. Fortunately, this can be done through the GitHub GraphQL API.