Skip to content

Docs: Clarify the requirement for signed commits in merge requests

https://docs.gitlab.com/user/project/repository/push_rules/#require-signed-commits

Summary

Currently, the documentation doesn't explicitly state how the requirement for signed commits works for merge requests:

  • What if the author of the MR doesn't have a GPG signature? Does it only matter that the developer merging the MR has a signature?
  • Does it matter that the commits were created through the web interface (single-file editor or Web IDE)?
  • What if there are more than one commit and from different authors (without signatures)?
  • Does it matter whether the commits are squashed?
  • Does it matter if the MR author uses community forks?
  • How does applying Code Suggestions (by a MR author from a developer or vice versa) affect this?
  • Any other conditions ...

References

The source of the questions is gitlab-org/gitlab-services/version.gitlab.com!239 (merged). In it, I still managed to create a MR (merged) without GPG. I used the Web IDE, community forks, and commit squashing. I'm not sure which of these factors mattered.

Edited by 🤖 GitLab Bot 🤖