Have you ever noticed the "verified" badge next to a commit on GitHub? A few years ago I did an wondered how I could get that on my own commits. After a little googling I realized it was because those commits were signed.

Signing a commit with a GPG key is something natively supported by Git as it turns out. Now this is one of the first things I set up on a new dev machine. Setting it up is fairly straight forward.

Prerequisites

You will need to have gpg and git installed. Additionally you will need to use the command line (terminal). These instructions will work on both OSX and Linux.

Creating a GPG key

To create a GPG key run:

gpg --gen-key

Once created you can run the following:

❯ gpg --list-keys
/home/crowdersoup/.gnupg/pubring.kbx
------------------------------------
pub   rsa3072 2023-08-05 [SC] [expires: 2025-08-04]
      2E16095B42BB50E73C4B334E2BB8D361D964BC2F
uid           [ultimate] Aaron Crowder <[email protected]>
sub   rsa3072 2023-08-05 [E] [expires: 2025-08-04]

Sign your commits

To tell git to sign your commits with your new GPG key you need to update your global git config. You can edit the file (git config --global -e) or run git config --global user.signingkey <UID>.

I also like to make sure I always sign my commits by default so I'll set commit.gpgsign to true (git config --global commit.gpgsign true). That way any time I run git commit that commit will get signed.

Tell GitHub about your GPG key

In order to tell GitHub about your GPG key you need to get your public key. You can do this by running:

gpg --armor --export <UID>

You will then copy the output of this command, and paste it here. Once saved any commits you sign and push to GitHub will now have the "verified" badge!

1. Subject Line

The Subject Line is the first line of your commit message. Often the subject alone is enough, but if it's not and you need a body be sure to separate the subject and body with a blank line.

• First line of a commit message
• Often the only part you'll need
• Separated from the body by a blank line
• Soft limit of 50 characters, hard limit of 69
• Github's interface truncates the subject line at 69 characters
• Capitalize!
• Don't end with a period
• Use the imperative mood
• Git itself uses the imperative mood when it creates a commit on your behalf
• We usually write in the indicative mood, which is more about reporting facts
• To help, the subject line should always complete the sentence:
  • "If applied, this commit will..."

2. Body

• Wrap the body at 72 characters
• This give git plenty of room to indent text while still keeping thing under 80 characters.
• Use the body to explain what and why vs. how
• The code tells us the how, the body of your commit message should tell us what and why.

Sample Commit Messages

Bad

Fixed the thing

Good

Fix all the broken things

There were some broken things so I refactored many codes to simplify
and fix all the things.

• Uses the imperative mood for the subject line
• Separates the subject from the body with a single blank line
• Describes the what and why in the body