Repository administrators can enforce required commit signing on a branch to block all commits that are not signed with a verified GPG key.
Note: Before enabling required commit signing on a branch, you must first set the branch up as a protected branch. For more information, see "Configuring protected branches."
On GitHub, navigate to the main page of the repository.
Under your repository name, click Settings.
In the left menu, click Branches.
Under Protected branches, select the branch you want to mark with required commit signing using the drop-down menu.
- Select Require signed commits.
- Optionally, select Include administrators. This enforces the required signed commits on the repository administrators.
- Click Save changes.