Is it possible to have the action push signed commits?

[goduchesne]

Hello, thanks for creating this action!

I recently had the Require signed commits setting enabled for a repo as a security measure. However, this setting now prevents me from merging Pull Requests including any of licensed-ci's Auto-update license files commits.

I was wondering if it's possible to have signed commits when licensed-ci pushes its Auto-update license files commit via push/push_for_bots to help with this. It sadly does not seem possible when looking at the current push script :
https://github.com/github/licensed-ci/blob/6238e9d3b8f908d8cf5da450950d40ace4faf597/lib/workflows/push.js#L51C1-L65

[agrobbin]

We just ran into this limitation as well. It'd be great if it was possible for this action to push signed commits!

[agrobbin]

For those coming here looking for a way to have this action sign commits, we did this in a step before this action:

- name: Set up GPG key
  run: |
    echo -e "$GPG_PRIVATE_KEY" | gpg --import
    git config --global user.signingkey $GPG_PRIVATE_KEY_ID
    git config --global commit.gpgsign true
  env:
    GPG_PRIVATE_KEY: ${{ secrets.LICENSED_GPG_PRIVATE_KEY }}
    GPG_PRIVATE_KEY_ID: ${{ secrets.LICENSED_GPG_PRIVATE_KEY_ID }}