Sign commits

[EwoutH]

It would be great if the commits gradle-update-robot pushes could get signed with a GPG key. Some repositories require verified commits.

[bngrgl]

Hello everybody,

Faced with the same requirement in our code-base, so could you please add a gpg-key for gradle-update-robot, or extend the API by a feature to import custom GPG, like these guys do

[cristiangreco]

Hey thanks both for reporting this feature request, will look into your use cases and figure out an implementation.

[bngrgl]

Hey thanks both for reporting this feature request, will look into your use cases and figure out an implementation.

Hey @cristiangreco, thanks for taking care. Together with colleagues we've discussed another option which might help us to resolve this situation: you could also extend the API by adding custom email address (custom commiter) as an input parameter, so that we could set GPG key by another action.

[etiennestuder]

We run into the same issue at Gradle:
gradle/develocity-build-validation-scripts#19

[bbednarek]

@cristiangreco any plans to support signed commits?

[denyago]

@cristiangreco, can you recommend any workarounds?
Are you OK with accepting a PR to solve this issue?