The email in this signature doesn’t match the committer email.

Cant sign the commits. git log --show-signature shows that the author and gpg key email are the same so I dont really know what to do. Google doesnt help

Do you have set up the global config? If the answer is no, you have to check this

yes I have. everything that I have in my git config is global. Git logs show "good signature from <myemail> and the author is listed the same email however it keeps saying that the email in the signature doesnt match commiters. I use only one email so wtf?

Are the commits in which you’re seeing this occur in a repo that’s public on GitHub, by chance? If so, can you please share links? If not, I’d recommend reaching out to private support so they can take a closer look.

Hi. I stumbled upon the same issue.

  1. I’ve generated a new GPG key (RSA - RSA): gpg --full-generate-key.
  2. Included signingkey = ... and gpgsign = true in my .gitconfig.
  3. Uploaded public key generated by gpg --armor --export ... to Github.

The end result: “The email in this signature doesn’t match the committer email”.
The SSH and GPG keys page shows Email address: (i.e., empty) for the respective GPG key.

Now, when creating a key with gnupg, fullname is optional (but if present, it must be at least 5 characters long). But it seems Github system doesn’t know that and doesn’t handle a GPG key with an e-mail address only well.

So, the possible workaround: create a key both with a fullname and an e-mail.
And Github team could either document this or tweak their public key parser (if technically possible).