Commit signing

[alexsunins]

Thanks for stopping by to ask us a question! Please make sure to include:

• What you're trying to do
• What code you've already tried
• Any error messages you're getting

PLEASE READ: If you have a support contract with Google, please create an issue in the support console instead of filing on GitHub. This will ensure a timely response.

Hi, we are trialing Release Please and so far we like functionality of the product.
One of the features we want to have is the ability to sign commits so that the commits created by the tool have the "Verified" label.

What I have done so far:

• used the Release Please action (v4 and v3) and have re-used my SSH key pair in attempt to test the feature
• used the Release Please CLI in my GitHub Actions workflow and configured commit signing using git command line tool in the runner, i.e.

      - name: Set up SSH for signing
        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

      - name: Configure Git for signing
        run: |
          ssh-add -L > ~/.ssh/allowed_signers
          git config --global gpg.format ssh
          git config --global user.signingkey ~/.ssh/allowed_signers
          git config --global user.name "Alex Sunins"
          git config --global user.email "alex@footprintit.net"
          git config --global commit.gpgsign true

After consulting the documentation for the CLI I could not find any flags that replicate git commit -S behaviour.

Is this feature (commit signing with either SSH or GPG) supported by the tool?