How to fix unverified commits on GitHub

Margeaux Spring — Sun, 13 Mar 2022 16:46:04 +0000

Is today the day you are signing your commits but still experienceing the dreaded amber "unverified' tag on them? I have a solution that worked for me to fix that issue.

First run this command via the command line to see which keys already exist: gpg --list-secret-keys --keyid-format=long

You should get a list of the keys that you have previously generated.

Make sure the email that is being used in your key on GitHub is the correct email in git by running this command: git config --list

The output of user name, email and key should match what is in your GPG key on GitHub:

user.name=Margeaux Spring
user.email=youremailhere
user.signingkey=yourgpgkey

If there is an email mismatch, your signed commits are still being tagged as “unverified” on GitHub, and you will need to add the correct email found via the step above with this command:
git config --global user.email youremailhere

You cannot assume that git will use the same email for storing and signing the commit.

You can also add more than one email to a key like this:
1. gpg --list-secret-keys --keyid-format=long
2. gpg --edit-key YOURKEYTOEDITHERE
3. a gpg prompt should appear, then you type adduid and press enter
4. add the email you need to when prompted
5. after you have followed all the prompts, enter save at the gpg prompt
6. now enter gpg --armor --export YOUREDITEDKEY
7. copy and paste the entire block that appears in your terminal, from and including:

-----BEGIN PGP PUBLIC KEY BLOCK----- to -----END PGP PUBLIC KEY BLOCK-----

Next, go to GitHub and click on Settings->SSH & GPG Keys, delete the old key, click the green New GPG Key button, paste in the key you have copied from your terminal output previously and click save.

Your commits should now be automagically verified.

Adding Font Awesome Pro to your CI/CD Pipeline using GitHub Actions and Azure

Margeaux Spring — Sat, 11 Sep 2021 15:35:50 +0000

I've been working on an SSR flavored Nuxt.js app that needed to leverage Font Awesome Pro. Font Awesome has excellent documentation how to install Font Awesome Pro with npm or yarn locally, but I needed to make a few tweaks to get it to play nicely with our particular app and CI/CD flavors.

This post assumes you already have a working Nuxt.js SSR app deployed to Azure with Github Actions.

First, since we are leveraging CI/CD, we want to set Font Awesome Pro up on a per project basis, so we need to create a .npmrc file in the root of our project.

Contrary to the instructions provided, since we are leveraging Github Actions and Azure as part of our CI/CD pipeline our .npmrc file should only contain @fortawesome:registry=https://npm.fontawesome.com/

Next, we need to install Font Awesome Pro locally by running

FONTAWESOME_NPM_AUTH_TOKEN=YOUR_OWN_TOKEN_HERE npm install --save @fortawesome/fontawesome-pro

Then, we need to set up the Font Awesome Pro Token as a GitHub Secret on our repo, so click on over to secrets on your repo and add your key there and click save.

Next, we need to adjust the GitHub Actions workflows yaml file in our local branch to be able to reference our key in the CI/CD pipeline, as follows:

- name: Install dependencies using a safe clean install, build and test run: | npm config set '//npm.fontawesome.com/:_authToken' "${{ secrets.FONTAWESOME_NPM_AUTH_TOKEN }}" npm ci --ignore-scripts

Note, in our yaml file, the pipe after our run: is a block scalar that indicates new lines in our block should be preserved.

Finally, let your scripts deploy your app to Azure and enjoy your lovely Font Awesome Pro icons.

I hope this helps folks who run in to some of the same issues I did on first go round with these frameworks and services.

Forem: Margeaux Spring

How to fix unverified commits on GitHub

Adding Font Awesome Pro to your CI/CD Pipeline using GitHub Actions and Azure