GPG Sign merge-commits of pull-requests (install GPG-key for gitea?)
I am looking for a way to sign a merge-commit of a pull-request.
When merging a pull-request, gitea will generate a commit itself. According to the gitea docs those commits could automatically be signed by gitea.
When a branch is proteced with 'status check' and 'require signed commits' enabled, a merge is impossible, because
some required checks are missing.
When disabling 'require signed commits' (but with 'status check' still being enabled) an administrator may merge the pull request, but gitea clearly states that
there is no key available to sign this commit.
In both cases, all commits being contained in the pull-request are signed with a proper signature, that gitea trusts.
According to the gitea API, the public key can be retrieved from https://codeberg.org/api/v1/signing-key. When requesting that link, Gitea returns http status code
200, but the result is an empty string.
All this looks like there is no GPG key installed for Gitea at codeberg.org and thus signing merge-commits of pull-requests is just not possible.
Would it be possible to install a GPG-key for the gitea-instance at codeberg.org?
Or am I missing something and there is another way to get signed merge-commits of pull-requests?
If codeberg add a gpg key for gitea to sign (file+config), gitea can sign if it make commits (doesnt mather witcho one (merge,file-edit, ...))
Deleting a branch is permanent. It CANNOT be undone. Continue?