GitHub does not sign commits by default for Codespaces environments. Some of the repositories in GitHub requires GPG signing to prove their identity so Codespace commits should also be signed.
Hey, thanks for raising. We’re working through the signing experience in Codespaces now and we’ll share an update in the near future.
Is there any update on this? I see that Codespaces are now configured with a weird
gh-gpgsign command that doesn’t appear to be fully working. After inspecting
git commit using
GIT_TRACE=1 and manually invoking
/codespaces/.bin/gh-gpgsign, it appears that Codespaces aren’t fully authorized for GPG signing currently?
[GNUPG:] BEGIN_SIGNING 2020/12/19 23:47:08 error signing commit: error signing commit: error making request: 403 | codespace is not authorized or active, error making request: 403 | codespace is not authorized or active
@jarrodldavis Hey Jarrod, we’ve been hard at work on the signing experience and are excited to share it with you all soon. Check back after the holidays for updates on this!