Rebased commits by the web interface aren't signed #11639
Replies: 22 comments 17 replies
-
This seemingly also applies to the "Merge with Rebase" feature too. |
Beta Was this translation helpful? Give feedback.
-
This actually causes a lot of conflicts each time after local rebase once you pull main that is contains «rewritten without a sign» commits by Github, and rebase it onto existing branch that contains those commits in signed form. Thus, making Github Rebase feature pretty unusable which is bad. |
Beta Was this translation helpful? Give feedback.
-
For what it's worth, this also seems to be an issue if you're using the API to rebase a PR which contains only signed commits. |
Beta Was this translation helpful? Give feedback.
-
any update on this? |
Beta Was this translation helpful? Give feedback.
-
Also seems to happen when you revert a PR, I am sure it used to work in the past |
Beta Was this translation helpful? Give feedback.
-
Is any fix existing for this? |
Beta Was this translation helpful? Give feedback.
-
Would love to see this fixed. It's pretty jarring to see a lot of |
Beta Was this translation helpful? Give feedback.
-
Still can observe the issue. Can you guys try to fix it? |
Beta Was this translation helpful? Give feedback.
-
I have also detected this issue. |
Beta Was this translation helpful? Give feedback.
-
Same. gpg --list-secret-keys --keyid-format=long
git config --global user.signingkey <your key>
git rebase --exec 'git commit --amend --no-edit -n -S' -i <SHA before the one to fix> |
Beta Was this translation helpful? Give feedback.
-
Hit this again today. Used the script above to fix. Any update? |
Beta Was this translation helpful? Give feedback.
-
Yeah, still broken. Some updated? It's annoying to have to do it manually when using GitHub. |
Beta Was this translation helpful? Give feedback.
-
Yeah, the pull request merge buttons no longer seem to sign my commits. It used to work a few months ago, and now it doesn't. I'm using an SSH Signing Key. |
Beta Was this translation helpful? Give feedback.
-
Any update on this? I just spotted the same issue. |
Beta Was this translation helpful? Give feedback.
-
@magneland 's command works well, but I really don't want to force-push everytime I have to rebase. Why would the commits be unverified if it's on Github's own page and pull request, AND the commits are already signed.. Can we get some update on this? |
Beta Was this translation helpful? Give feedback.
-
Any update on this? |
Beta Was this translation helpful? Give feedback.
-
Does anyone have a workaround for this? Right now I resign commits locally and push --force-with-lease them |
Beta Was this translation helpful? Give feedback.
-
I hit this issue as well. And based on Github doc, since Github has no access to the private key then it cannot sign the commits, you can only merge it locally and then push as a workaround. But as above I remembered it worked before, now I'm wondering how it works before... |
Beta Was this translation helpful? Give feedback.
-
I've raised a support ticket to see if we can get an official response from GitHub on this one. |
Beta Was this translation helpful? Give feedback.
-
Is anyone aware of any official response from Github? Right now I resign commits locally and push with |
Beta Was this translation helpful? Give feedback.
-
Maddening, open two years. Instead of doing simple updates in UI from a phone or tablet have to lug around my laptop and fire up full Git to be able to merge a stack of PRs. |
Beta Was this translation helpful? Give feedback.
-
Hi!
First of all, I'm more than happy to rebase my branch on GitHub without switching, pulling and all the jazz. However, when I rebase my branch on the PR by clicking 'Update with rebase', my signed commits become unsigned, resulting in an 'Unverified' badge if the user is using the vigilant mode.
IIRC GitHub signs the commit that has been created on the website by GitHub's key, and I was wondering if we could do the same for rebasing too.
Beta Was this translation helpful? Give feedback.
All reactions