-
Notifications
You must be signed in to change notification settings - Fork 1
Git Workflow
Rachel Fryan edited this page Jan 22, 2026
·
3 revisions
Guidelines for commits, signing, and collaborative development.
The main branch requires all commits to be signed with GPG. This verifies commit authenticity and prevents unauthorized changes.
If you don't have one, generate a new GPG key:
gpg --full-generate-keyUse the same name and email as your GitHub account for the key.
For detailed instructions, see the GitHub GPG Key Generation Guide.
- Export your public key
- Add it to your GitHub account settings
See the GitHub GPG Key Setup Guide.
Tell Git which GPG key to use:
git config --global user.signingkey <KEY_ID>
git config --global commit.gpgsign trueReplace <KEY_ID> with your GPG key ID.
Optional: Omit --global to only sign commits in this repository:
git config user.signingkey <KEY_ID>
git config commit.gpgsign trueMake a test commit and verify it's signed:
git commit --allow-empty -m "Test signed commit"
git log --show-signatureYou should see "gpg: Good signature" in the output.
- Create a feature branch from the latest main
- Make your changes and commit them (with proper signing)
- Push your branch and create a pull request
- Request review from team members
- All checks must pass before merging
- Squash or rebase commits as needed before merge
- Make small, logical commits with clear messages
- Keep commits focused on a single concern
- Reference issues in commit messages when relevant
- Keep commit messages in present tense ("Add feature" not "Added feature")