feat: Enhance signing description

wurstbrot · wurstbrot · commit 03f06cd3f644 · 2023-11-10T13:05:49.000+01:00
diff --git a/src/assets/YAML/default/BuildAndDeployment/Build.yaml b/src/assets/YAML/default/BuildAndDeployment/Build.yaml
@@ -159,11 +159,15 @@ Build and Deployment:
         Digitally signing artifacts for all steps during the build and especially
         docker images, helps to ensure their integrity and authenticity.
       description: |
-        ### Github
-        You need to be authenticated to perform a push to a Github repository. Github doesn't check if the authenticated user and the mail address in the commit corresponds. 
-        To highlight to reviewers who performed a commit, signing is needed.
-        Be aware that github actions like [semantic-release-action](https://github.com/cycjimmy/semantic-release-action) will not sign commits and will fail. You find an example working configuration to use semantic release action together with [planetscale/ghcommit-action](https://github.com/planetscale/ghcommit-action) in the [workflow folder](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel/blob/master/.github/workflows/main.yml) of DSOMM.
-        You might want to utilize [Fine-grained personal access tokens](https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/) from your organization for a specific repository and put the Personal Access Token (PAT) as secret into the project.
+        ### GitHub Authentication and Commit Signing  
+          To perform a push to a GitHub repository, you must be authenticated. It's important to note that GitHub does not verify if the authenticated user's email address matches the one in the commit.
+          To clearly identify the author of a commit for reviewers, commit signing is recommended.
+        
+          GitHub actions such as [semantic-release-action](https://github.com/cycjimmy/semantic-release-action) do not automatically sign commits and may encounter issues as a result.          
+
+          To address this, you can refer to a working configuration example in the [workflow folder](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel/blob/master/.github/workflows/main.yml) of DSOMM, which demonstrates how to use semantic release action in conjunction with [planetscale/ghcommit-action](https://github.com/planetscale/ghcommit-action).
+          For added security, consider using [Fine-grained personal access tokens](https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/) provided by your organization for a specific repository. Store the Personal Access Token (PAT) as a secret in your project.
+
       difficultyOfImplementation:
         knowledge: 2
         time: 2
