Unverified signature using GitHub mirrored repository

I am using GitLab to mirror a GitHub repository for CI/CD. After merging a pull request using the GitHub UI, GitLab shows the commit as being unverified.


GitHub uses their own public GPG key to verify commits done using their UI. Is there any solution to this problem? I’m certain that this is a common situation that users of GitLab’s mirroring feature are running into.

More info on GitHub’s public GPG key: https://stackoverflow.com/questions/60482588/what-is-githubs-public-gpg-key

I’ve stumbled upon a closed issue of the same problem, which does not have a solution:


Did you find any solution?

I am having the same issue and I cannot create new user account (to automatically verify GPG) with external email address as my GitLab account is under SSO and only authentication through SSO is accepted.