When saving Harness configurations in remote repositories e.g. GitHub commits are unverified. This blocks standard practice such as enforcing signed commits through GitHub Rulesets.

It would be good to see commits being pushed to GitHub under the users identity but signed by gpg keys at account, org or project level to verify the commit from Harness.

Hi team,

This is a ticket sent at the request of Sreeja to map to a Feature Request for getting Signed Commits working from Harness when pushing Git changes from Harness to the mapped git repos.

All the best,

Bogdan

Looking for something of a similar feature parity to commit author verification hook in some other competitors to address licensing issues we have with other tooling.

For example in Bitbucket this is a pre-receive repository hook named Verify Committer.

Checkmarx specifically uses the commit author email address for licensing.

We'd like to have a method to be able to stop commits that are attempted if they don't meet certain criteria. For example as a part of our licensing for 3rd party software, they look at the emails for the commit authors and charge by the author. Some of our teams use multiple emails, so we want to restrict our users from only using the authorized emails.

Hi everyone,

Just sending this as a Support Ticket so that we can also track it on our side:

This is basically to mention that this is becoming an issue for us as well. We only allow signed commits to LBG repositories, however when we try to push or reconcile pipeline changes from the UI to code via Harness, the commits are coming through as unsigned and we cannot merge them easily. Currently we have to copy those changes manually and then commit from our devices.

We are also making changes, which raise risks internally, to allow unsigned commits that is not ideal at all.

Is there a chance to raise this with Srinivas and see whether there is bandwidth at the Harness side to prioritise this?

Thank you for all the help!

All the best,

Bogdan

Provide a pre-execution compiled YAML (excluding runtime inputs and other dynamic elements such as output variables) for pipelines utilizing templates. This feature would allow users to visualize the complete structure and logic of the pipeline in one view, and would reduce the need for users to jump between different template references and provide a clear end-to-end understanding of the pipeline’s flow before execution.

Git supports signing commits with SSH or GPG keys. This can be used to block pushes or it can display which commits are signed for non-repupdiation.

We are using Git repos in GitHub Enterprise to store our Harness yaml. FIS is requiring all commits made to GitHub Enterprise to be signed with either a SSH or a GPG key. We would like the Git connector for Harness to have the ability to sign the commits it makes to Git repos in GitHub Enterprise.