如何限制推送操作以仅允许在 github 中使用 GPG 签名的提交

Question

我有一个 Github 存储库，我们共享它用于我们的开发。为了确保完整性，我们决定使用 GPG 签署我们的提交和标签。

现在，我如何防止开发人员将未签名的提交推送到我们在 Github 中的存储库以及白名单 GPG public 密钥以允许推送使用白名单 [=22= 签名的提交] 键

我检查了一些预推钩子，但没有按照我上面描述的方式解决，这里是。

remote=""
url=""

z40=0000000000000000000000000000000000000000

IFS=' '
while read local_ref local_sha remote_ref remote_sha
do
    if [ "$local_sha" = $z40 ]
    then
    # Handle delete
    else
    if [ "$remote_sha" = $z40 ]
    then
        # New branch, examine all commits
        range="$local_sha"
    else
        # Update to existing branch, examine new commits
        range="$remote_sha..$local_sha"
    fi

    # Check for WIP commit
    commit=`git rev-list -n 1 --grep '^WIP' "$range"`
    if [ -n "$commit" ]
    then
        echo "Found WIP commit in $local_ref, not pushing"
        exit 1
     fi
    fi
 done
exit 0

我怎样才能完成这项工作？任何概念或示例将不胜感激。

Answer 1

您似乎在 GitHub Enterprise 上并试图 create a pre-receive hook script that rejects any unsigned commits - correct? If so, here is an open source GPG script from GitHub. If you are on GitHub.com, please note they do not support pre-receive hooks and instead you would want to set up a protected branch with required status check 拒绝未签名的工作。

关于设置密钥，你检查过了吗this article？