np icon indicating copy to clipboard operation
np copied to clipboard
verified publisher icon sindresorhus

Sign git tags

Open slavafomin opened this issue 4 years ago • 3 comments

Description

Right now, np publishes Git tags unsigned. You have to manually update the tag using --force and then force-push the updated tag to the repository in order to fix it.

Implementation

Signed Git tag could be created like this: git tag -s v1.0.0.

As a workaround Git could be configured to sign all tags automatically: git config --global tag.gpgSign true

slavafomin avatar Aug 10 '21 18:08 slavafomin

Sounds interesting to me. Its an easy fix, and might be useful for multiple people.

@sindresorhus , thoughts on this?

dopecodez avatar Aug 11 '21 11:08 dopecodez

I would prefer if this just worked. I guess we could run npm version internally with the https://docs.npmjs.com/cli/v7/commands/npm-version#sign-git-tag config and then without if it fails. (We don't actually execute git tag directly, but rather npm version)

This also needs https://github.com/sindresorhus/np/pull/618.

sindresorhus avatar Aug 12 '21 17:08 sindresorhus

True, we need to support GPG passwords for this to work. We'll wait for #618 before picking this up.

dopecodez avatar Aug 13 '21 06:08 dopecodez

Duplicate of https://github.com/sindresorhus/np/issues/60

fregante avatar Feb 03 '23 12:02 fregante