You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/assets/YAML/default/BuildAndDeployment/Build.yaml
+2-1Lines changed: 2 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -159,10 +159,11 @@ Build and Deployment:
159
159
Digitally signing artifacts for all steps during the build and especially
160
160
docker images, helps to ensure their integrity and authenticity.
161
161
description: |
162
-
## Github
162
+
### Github
163
163
You need to be authenticated to perform a push to a Github repository. Github doesn't check if the authenticated user and the mail address in the commit corresponds.
164
164
To highlight to reviewers who performed a commit, signing is needed.
165
165
Be aware that github actions like [semantic-release-action](https://github.com/cycjimmy/semantic-release-action) will not sign commits and will fail. You find an example working configuration to use semantic release action together with [planetscale/ghcommit-action](https://github.com/planetscale/ghcommit-action) in the [workflow folder](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel/blob/master/.github/workflows/main.yml) of DSOMM.
166
+
You might want to utilize [Fine-grained personal access tokens](https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/) from your organization for a specific repository and put the Personal Access Token (PAT) as secret into the project.
0 commit comments