You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/assets/YAML/default/BuildAndDeployment/Build.yaml
+5Lines changed: 5 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -158,6 +158,11 @@ Build and Deployment:
158
158
measure:
159
159
Digitally signing artifacts for all steps during the build and especially
160
160
docker images, helps to ensure their integrity and authenticity.
161
+
description: |
162
+
## Github
163
+
You need to be authenticated to perform a push to a Github repository. Github doesn't check if the authenticated user and the mail address in the commit corresponds.
164
+
To highlight to reviewers who performed a commit, signing is needed.
165
+
Be aware that github actions like [semantic-release-action](https://github.com/cycjimmy/semantic-release-action) will not sign commits and will fail. You find an example working configuration to use semantic release action together with [planetscale/ghcommit-action](https://github.com/planetscale/ghcommit-action) in the [workflow folder](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel/blob/master/.github/workflows/main.yml) of DSOMM.
0 commit comments