Deploy keys aren't allowed to push anymore when push rule "Reject unsigned commits" is checked
Summary
Since yesterday deploy keys are not allowed to push to the remote anymore when the push rule "Reject unsigned commits" is checked.
Steps to reproduce
- Have a deploy key enabled on the repository with write access
- Check the push rule "Reject unsigned commits"
- Within the CI/CD create a pipeline/job that pushes to the remote
- An error will occur:
remote: GitLab: Commit must be signed with a GPG key
Example Project
https://gitlab.com/mobilea/development/modules/tslintworm/-/jobs/241729505
What is the current bug behavior?
Throws an error remote: GitLab: Commit must be signed with a GPG key
What is the expected correct behavior?
That deploy keys can still push to the remote.
Relevant logs and/or screenshots
remote: GitLab: Commit must be signed with a GPG key
Output of checks
This bug happens on GitLab.com
Possible fixes
- Allow deploy keys to be handle differently
- Deploy keys are assigned to a user, maybe also configure it with a GPG to pass the checks?
- Alternate way would be do allow unsigned commits for a short moment in CI/CD and then re-enable the option through the API, but unfortunaly the API does not allow to change this setting: https://docs.gitlab.com/ee/api/projects.html#edit-project-hook
Edited by ..:: Mark Veenstra ::..