Skip to content

Support git signing with x.509 certificates #36219

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rarkins opened this issue May 29, 2025 · 0 comments · May be fixed by #36220
Open

Support git signing with x.509 certificates #36219

rarkins opened this issue May 29, 2025 · 0 comments · May be fixed by #36220
Labels
core:git Related to our git platform layer priority-2-high Bugs impacting wide number of users or very important features

Comments

@rarkins
Copy link
Collaborator

rarkins commented May 29, 2025

Describe the proposed change(s).

Today Renovate supports GPG signing of git commits using openpgp format. This logic exists in lib/util/git/private-key.ts

Renovate should be extended to also support x.509 certificates for signing. We should reuse gitPrivateKey and automatically detect (and log) whether it's GPG or x.509.

gpgsm and any other tools will be added to the Renovate environment/image if needed.
@rarkins rarkins added priority-2-high Bugs impacting wide number of users or very important features core:git Related to our git platform layer labels May 29, 2025
@rarkins rarkins linked a pull request May 29, 2025 that will close this issue
Open
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
core:git Related to our git platform layer priority-2-high Bugs impacting wide number of users or very important features
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(git): support x.509 commit signing renovatebot/renovate
1 participant
@rarkins