Skip to content

Feature: Run tasks on signed commits only #3165

New issue
New issue
Open
Feature
Open
Feature: Run tasks on signed commits only#3165
Feature
Labels
enhancement
@fpedrei

Description

@fpedrei
fpedrei
opened on Jul 23, 2025

Related to

Ansible (task execution), Service (scheduled tasks, alerts)

Impact

security improvements

Missing Feature

git allows to sign (and verify) commits using GPG and SSH keys (and x509 certificates with some limitations). This could be used to ensure that only signed commits are enrolled into production, allowing to run repositories without privileges.

Implementation

I would like to see ability, that tasks are run on commits signed by a group of keys. If the head commit isn't signed, the task should fail.

Design

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancement

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions