Handling old unsigned commits

[Garcel]

Hey there 👋,

We have some repositories where we have established a branch protection rule that requires commits to be signed. This is good, and we like it.

However, when we need to create a new release branch (which is under the previous protection rule), we are getting an error since some of the old commits, pushed before this rule protection, were not signed.

Usually someone with admin permissions is able to bypass this situation, but we would like to know if there is, out there, a recommended (not ugly), way to handle this situation.

Thanks!

[surya-mu]

Hey this is what i could think of,

• One, is to simply disable the branch protection rule temporarily while you create the new release branch. You can then re-enable the branch protection rule once the new release branch has been created and all of the commits on the branch have been signed.

• Two, is to use a tool like Git-Rebase to rebase the old commits on the branch so that they are all signed. This can be a bit more complicated, but it is a good option if you want to keep the branch protection rule enabled all of the time.

• You could also use a third-party tool to generate signed commits for the old commits on the branch. This is the easiest option, but it is also the most expensive, some tools like git-cherry-pick might help i guess.

Which option is best for you will depend on your specific needs and requirements. If you only need to create a new release branch occasionally, then disabling the branch protection rule temporarily may be the simplest option. If you need to create new release branches frequently, then using a tool like Git-Rebase or a third-party tool to generate signed commits may be a better option.

[Garcel]

Thank you surya-mu 👏🏻

Currently we are sticking to option One, maybe we should give a chance to one of the others 🤔

[surya-mu]

Glad to help!
You can even refer to few GitHub docs related to this:
Signing Commits
Checking Signed Commits Status