Can this be used to make signed commits from GHA a-la `gitsign`?

[webknjaz]

Question

We now have a requirement to have all commits signed in Ansible: https://forum.ansible.com/t/important-github-com-ansible-now-requires-signed-commits/45520/14. This broke a couple of automated workflows that produce commits in GHA. I'm looking for automated signing solutions and thought of perhaps using Sigstore.

@woodruffw could you help me understand if this project (or the respective action) would be usable for signing Git commits from GitHub Actions jobs (provided they run in an OIDC-aware context)?

[woodruffw]

I think this could be used to sign commits, yeah, although I'm not sure if anybody has done so 🙂

(I think the action wouldn't be able to do it since it expects files on disk, but the library can sign whatever arbitrary bytes you want it to sign.)