如何限制推送操作以仅允许在 github 中使用 GPG 签名的提交

How to limit pushing operation to allow only commits that are signed with GPG in github

我有一个 Github 存储库,我们共享它用于我们的开发。为了确保完整性,我们决定使用 GPG 签署我们的提交和标签。

现在,我如何防止开发人员将未签名的提交推送到我们在 Github 中的存储库以及白名单 GPG public 密钥以允许推送使用白名单 [=22= 签名的提交] 键

我检查了一些预推钩子,但没有按照我上面描述的方式解决,这里是。

remote=""
url=""

z40=0000000000000000000000000000000000000000

IFS=' '
while read local_ref local_sha remote_ref remote_sha
do
    if [ "$local_sha" = $z40 ]
    then
    # Handle delete
    else
    if [ "$remote_sha" = $z40 ]
    then
        # New branch, examine all commits
        range="$local_sha"
    else
        # Update to existing branch, examine new commits
        range="$remote_sha..$local_sha"
    fi

    # Check for WIP commit
    commit=`git rev-list -n 1 --grep '^WIP' "$range"`
    if [ -n "$commit" ]
    then
        echo "Found WIP commit in $local_ref, not pushing"
        exit 1
     fi
    fi
 done
exit 0

我怎样才能完成这项工作?任何概念或示例将不胜感激。

您似乎在 GitHub Enterprise 上并试图 create a pre-receive hook script that rejects any unsigned commits - correct? If so, here is an open source GPG script from GitHub. If you are on GitHub.com, please note they do not support pre-receive hooks and instead you would want to set up a protected branch with required status check 拒绝未签名的工作。

关于设置密钥,你检查过了吗this article