Deploy keys aren't allowed to push anymore when push rule "Reject unsigned commits" is checked

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Summary

Since yesterday deploy keys are not allowed to push to the remote anymore when the push rule "Reject unsigned commits" is checked.

Steps to reproduce

Have a deploy key enabled on the repository with write access
Check the push rule "Reject unsigned commits"
Within the CI/CD create a pipeline/job that pushes to the remote
An error will occur: remote: GitLab: Commit must be signed with a GPG key

Example Project

https://gitlab.com/mobilea/development/modules/tslintworm/-/jobs/241729505

What is the current bug behavior?

Throws an error remote: GitLab: Commit must be signed with a GPG key

What is the expected correct behavior?

That deploy keys can still push to the remote.

Relevant logs and/or screenshots

remote: GitLab: Commit must be signed with a GPG key

Output of checks

This bug happens on GitLab.com

Possible fixes

Allow deploy keys to be handle differently
Deploy keys are assigned to a user, maybe also configure it with a GPG to pass the checks?
Alternate way would be do allow unsigned commits for a short moment in CI/CD and then re-enable the option through the API, but unfortunaly the API does not allow to change this setting: https://docs.gitlab.com/ee/api/projects.html#edit-project-hook

Edited Aug 28, 2025 by 🤖 GitLab Bot 🤖