0

I am currently using this method (PyGithub's update_file) to commit and push changes to a external repo. The commits are not getting signed. Is there any way to get the commit signed/verified like in the attached image?

Code overview:

g = Github(ghtoken)

repo = g.get_repo(f"{username}/{repo_name}")

repo.update_file(
                path=contents.path,
                message=commit_message,
                content=new_readme,
                author=author,
                sha=contents.sha,
                branch="master",
                committer=committer,
            )

Image Here

Aditya Prasad S
  • 21
  • 1
  • 4
  • @larsks thanks for the info, will try to clone the repo, commit locally and push it – Aditya Prasad S Jun 17 '22 at 11:36
  • I'm deleting my previous comment, because if you just want the commit signed by GitHub's key, then there ought to be a way to get that to work (just like for changes submitted via the web UI). What I said earlier holds true only if you're trying to sign commits with your *own* key. – larsks Jun 17 '22 at 11:54
  • ahh, can u share on how to sign with Github's key? Thanks – Aditya Prasad S Jun 17 '22 at 11:57
  • So, [this](https://gist.github.com/swinton/03e84635b45c78353b1f71e41007fc7c) information from some random person on the 'net suggests that GitHub only signs commits made with bot tokens (that is, tokens generated by github as part of automated actions). You may be stuck with the original plan of signing things locally if you want commit signatures. – larsks Jun 17 '22 at 12:04

0 Answers0