No signed/verified commits

[hotzen]

Subject of the issue

We have enabled commit signature verification but Pull-Requests/Commits created by this action lead to

The base branch requires all commits to be signed

Is there a way to produce signed commits, either by providing an ssh private key or by the github-api creating verified commits by itself?

any advice appreciated

Steps to reproduce

- name: Create pull-request
        uses: .../create-pull-request@.... (fork of this repo)
        with:
          token: ${{ secrets.COYOTE_REPO_SUBMODULE_UPDATER_PAT }}
          commit-message: "update git submodules"
          title: "update git submodules"
          body: "automatically triggered by recent changes to master in ..."
          branch: git-submodule-update
          delete-branch: true

[peter-evans]

Hi @hotzen

Please see the docs here for how to make signed commits with GPG.
https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#gpg-commit-signature-verification