You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: src/assets/YAML/default/BuildAndDeployment/Build.yaml
+7-9
Original file line number
Diff line number
Diff line change
@@ -158,16 +158,14 @@ Build and Deployment:
158
158
measure:
159
159
Digitally signing artifacts for all steps during the build and especially
160
160
docker images, helps to ensure their integrity and authenticity.
161
-
description: |
162
-
### GitHub Authentication and Commit Signing
163
-
To perform a push to a GitHub repository, you must be authenticated. It's important to note that GitHub does not verify if the authenticated user's email address matches the one in the commit.
164
-
To clearly identify the author of a commit for reviewers, commit signing is recommended.
165
-
166
-
GitHub actions such as [semantic-release-action](https://github.com/cycjimmy/semantic-release-action) do not automatically sign commits and may encounter issues as a result.
167
-
168
-
To address this, you can refer to a working configuration example in the [workflow folder](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel/blob/master/.github/workflows/main.yml) of DSOMM, which demonstrates how to use semantic release action in conjunction with [planetscale/ghcommit-action](https://github.com/planetscale/ghcommit-action).
169
-
For added security, consider using [Fine-grained personal access tokens](https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/) provided by your organization for a specific repository. Store the Personal Access Token (PAT) as a secret in your project.
161
+
description: |-
162
+
To perform a push to a GitHub repository, you must be authenticated. It's important to note that GitHub does not verify if the authenticated user's email address matches the one in the commit.
163
+
To clearly identify the author of a commit for reviewers, commit signing is recommended.
164
+
165
+
GitHub actions such as [semantic-release-action](https://github.com/cycjimmy/semantic-release-action) do not automatically sign commits and may encounter issues as a result.
170
166
167
+
To address this, you can refer to a working configuration example in the [workflow folder](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel/blob/master/.github/workflows/main.yml) of DSOMM, which demonstrates how to use semantic release action in conjunction with [planetscale/ghcommit-action](https://github.com/planetscale/ghcommit-action).
168
+
For added security, consider using [Fine-grained personal access tokens](https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/) provided by your organization for a specific repository. Store the Personal Access Token (PAT) as a secret in your project.
0 commit comments