Unverified signature using GitHub mirrored repository

tomvothecoder · June 5, 2020, 10:07pm

I am using GitLab to mirror a GitHub repository for CI/CD. After merging a pull request using the GitHub UI, GitLab shows the commit as being unverified.

Github:

GitLab:

GitHub uses their own public GPG key to verify commits done using their UI. Is there any solution to this problem? I’m certain that this is a common situation that users of GitLab’s mirroring feature are running into.

More info on GitHub’s public GPG key: https://stackoverflow.com/questions/60482588/what-is-githubs-public-gpg-key

I’ve stumbled upon a closed issue of the same problem, which does not have a solution:

Thanks!

rbuzz · October 7, 2020, 2:59am

Did you find any solution?

I am having the same issue and I cannot create new user account (to automatically verify GPG) with external email address as my GitLab account is under SSO and only authentication through SSO is accepted.

Topic		Replies	Views
Verify GPG Signature for mirrored repositories How to Use GitLab	0	565	October 7, 2020
Commits made on GitHub web interface are unverified on GitLab side How to Use GitLab github	0	654	March 16, 2020
Commit Signing "unverified signature" How to Use GitLab	9	4325	September 22, 2022
GPG Key listed as Unverified How to Use GitLab	2	9490	March 14, 2024
GPG key shows Unverified How to Use GitLab	0	843	August 15, 2022

Unverified signature using GitHub mirrored repository

Related topics