So today I added a rule in my team's GitHub repo that every commit must have a valid signature. I installed GPG to sign my commits, but when I push my commit to the GitHub repo, it kept on saying that I bypassed that rule. But when I added the flag --signed, the GitHub repo does not accept it. Here is the output of when I pushed without --signed:
C:\Users\Family\Parkour>git add .
C:\Users\Family\Parkour>git ci -S -m "firstcommit"
[main fefd3e6] firstcommit
6 files changed, 2 insertions(+), 856 deletions(-)
delete mode 100644 notshowingfiles
delete mode 100644 notshowingfiles
C:\Users\Family\Parkour>git push
Enumerating objects: 19, done.
Counting objects: 100% (19/19), done.
Delta compression using up to 4 threads
Compressing objects: 100% (10/10), done.
Writing objects: 100% (10/10), 1.39 KiB | 236.00 KiB/s, done.
Total 10 (delta 9), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (9/9), completed with 9 local objects.
remote: Bypassed rule violations for refs/heads/main:
remote:
remote: - Commits must have valid signatures.
remote:
To https://github.com/team/game.git
67ef523..fefd3e6 main -> main
And here is the output of when I pushed with --signed
C:\Users\Family\Parkour>git add .
warning: in the working copy of 'notshowingfiles', LF will be replaced by CRLF the next time Git touches it
C:\Users\TheUser\Parkour>git ci -S -m "secondcommit"
[main 946458c] secondcommit
9 files changed, 1695 insertions(+), 853 deletions(-)
create mode 100644 notshowingfiles
create mode 100644 notshowingfiles
C:\Users\TheUser\Parkour>git push --signed
fatal: the receiving end does not support --signed push
fatal: the remote end hung up unexpectedly
error: failed to push some refs to 'https://github.com/team/game.git'
(removed some stuff)
Does GitHub not support GPG, or I have a mistake somewhere?
As jornrsharpe already said in a comment, a signed push is not supported by github.
But what you most probably enabled instead with that rule is to enforce signed commits. To push signed commits, you do a normal push, as you did in your first snippet.
The error message then doesn't say your commits are not signed, it says, the signature is not valid. What this most probably refers to is a so called verified signature.
So, to enable github to verify your signature, you need to add the public key of your signing keypair to github. You can find good step-by-step descriptions in their docs for each variant, be it GPG, SSH or S/MIME.
Since you mentioned GPG in the tags, here's a direct link.
Basically it's Settings, Access, SSH and GPG keys and add it there.