Signed commits

[EmilioHerreraSoukup]

Hi, currently I'm using peter-evans/rebase@v2 to rebase some PRS, but after they rebased they are not GPG signed anymore. I couldn't figure it out from the docs. Is this something supported, maybe? Any help is appreciated. Thank you!

[peter-evans]

Hi @EmilioHerreraSoukup

I've not tested it, but I think following this documentation to use your own GPG key for signing might work for this action, too.
https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#gpg-commit-signature-verification

The committer used to commit must match the email address used in the GPG key. Currently, this action takes the committer of the last commit to perform the rebase. If there are some issues with matching the committer email address because of this logic, what I might be able to do is provide an override input for the committer.

rebase/src/rebase-helper.ts

Lines 37 to 45 in 8c87ad8

	core.startGroup(
	`Setting committer to match the last commit on the head ref.`
	)
	const sha = await this.git.revParse('HEAD')
	const committerName = await this.log1([`--format='%cn'`, sha])
	const committerEmail = await this.log1([`--format='%ce'`, sha])
	await this.git.config('user.name', committerName)
	await this.git.config('user.email', committerEmail)
	core.endGroup()

Please try this and let me know if it works for you.

[EmilioHerreraSoukup]

"@peter-evans, I tried using the action and encountered the following error:

Unexpected input(s) 'github-token', 'committer', valid inputs are ['token', 'repository', 'head', 'base', 'include-labels', 'exclude-labels', 'exclude-drafts'].

I'm not sure if I followed the instructions correctly. Essentially, I'm attempting to rebase all my Dependabot PRs using rebase. Dependabot should already have a valid GPG signature, right? This left me a bit confused.

I was considering adding a command like

git rebase --exec 'git commit --amend --no-edit -n -S' -i main

in the script here:

rebase/src/rebase-helper.ts

Line 89 in 8c87ad8

const result = await this.git.exec(['rebase', `${remoteName}/${ref}`])

[peter-evans]

@EmilioHerreraSoukup Please show me your workflow so I can help you.

[EmilioHerreraSoukup]

@peter-evans thank you!, its pretty straight forward

name: Rebase Pull Requests
on:
  push:
    branches: [main]
jobs:
  rebase:
    runs-on: ubuntu-latest
    steps:
      - uses: peter-evans/rebase@v2
        with:
          include-labels: |
            dependabot

[peter-evans]

@EmilioHerreraSoukup Your workflow only includes the rebase action. Did you try updating your workflow to follow this example? https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#gpg-commit-signature-verification

You need to follow the instructions in the example I linked and update your workflow.

name: Rebase Pull Requests
on:
  push:
    branches: [main]
jobs:
  rebase:
    runs-on: ubuntu-latest
    steps:
      - uses: crazy-max/ghaction-import-gpg@v5
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          git_user_signingkey: true
          git_commit_gpgsign: true

      - uses: peter-evans/rebase@v2
        with:
          include-labels: |
            dependabot