GitHub Codespaces Should GPG-sign commits

GitHub does not sign commits by default for Codespaces environments. Some of the repositories in GitHub requires GPG signing to prove their identity so Codespace commits should also be signed.

5 Likes

Hey, thanks for raising. We’re working through the signing experience in Codespaces now and we’ll share an update in the near future.

7 Likes

Is there any update on this? I see that Codespaces are now configured with a weird gh-gpgsign command that doesn’t appear to be fully working. After inspecting git commit using GIT_TRACE=1 and manually invoking /codespaces/.bin/gh-gpgsign, it appears that Codespaces aren’t fully authorized for GPG signing currently?

[GNUPG:] BEGIN_SIGNING
2020/12/19 23:47:08 error signing commit: error signing commit: error making request: 403 | codespace is not authorized or active, error making request: 403 | codespace is not authorized or active

@jarrodldavis Hey Jarrod, we’ve been hard at work on the signing experience and are excited to share it with you all soon. Check back after the holidays for updates on this!

2 Likes

@jarrodldavis We just announced this feature, take a look and let us know what you think! New Features in GitHub Codespaces

1 Like