Update docs for GPG app

2026-06-19 01:46:21 +08:00 · 2017-10-09 21:21:07 -05:00
parent 1dab527649
commit 60f11bd86c
1 changed files with 12 additions and 8 deletions
--- a/_apps/gpg.md
+++ b/_apps/gpg.md
@@ -1,10 +1,10 @@
 ---
 title: GPG
-description: Enforce GPG signatures on Pull Requests
+description: Enforce GPG signatures on pull requests
 slug: gpg
 screenshots:
- https://user-images.githubusercontent.com/235875/30783301-3b314432-a106-11e7-8e15-68ef7584f076.png
- https://user-images.githubusercontent.com/235875/30783306-54c68524-a106-11e7-89b4-78bf126d3008.png
+- https://github.com/jarrodldavis/probot-gpg/raw/develop/docs/screenshot-success.png
+- https://github.com/jarrodldavis/probot-gpg/raw/develop/docs/screenshot-failure.png
 authors:
 - jarrodldavis
 repository: jarrodldavis/probot-gpg
@@ -19,18 +19,22 @@ updated: 2017-10-09 02:37:52 UTC

 Git supports [signing commits with GPG keys](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work) to verify commit authorship beyond the easy-to-forge [author](https://git-scm.com/docs/git-commit#git-commit---authorltauthorgt) field.

-GitHub supports [verifying GPG signatures on commits](https://github.com/blog/2144-gpg-signature-verification) and has an excellent [series of help articles](https://help.github.com/articles/signing-commits-with-gpg/) for creating a GPG key, using it with `git` locally, and linking it to your GitHub account.
+GitHub supports [verifying GPG signatures on commits](https://github.com/blog/2144-gpg-signature-verification) and has an excellent [series of help articles](https://help.github.com/articles/signing-commits-with-gpg/) for creating a GPG key, using it with `git` locally, and linking it to a GitHub account.

-After installation, this app [checks all commits](https://developer.github.com/v3/repos/commits/#compare-two-commits) of new (or newly updated) pull requests for valid GPG signatures [according to the GitHub API](https://developer.github.com/changes/2016-04-04-git-signing-api-preview/). Note that for the status check to pass, _every_ contributor of a pull request must:
+After installation, this app [checks all commits](https://developer.github.com/v3/repos/commits/#compare-two-commits) of new (or newly updated) pull requests for valid GPG signatures [according to the GitHub API](https://developer.github.com/changes/2016-04-04-git-signing-api-preview/). Note that for the status check to be `success`, _every_ contributor of a pull request must:
 - set up a GPG key on their local machine
 - sign _all_ of their commits in the pull request with that key
 - link that key with their GitHub account

-![GPG Status Check Success](https://user-images.githubusercontent.com/235875/30783301-3b314432-a106-11e7-8e15-68ef7584f076.png "GPG Status Check Success")
+![GPG status check success screenshot](https://github.com/jarrodldavis/probot-gpg/raw/develop/docs/screenshot-success.png "GPG status check success screenshot")

-Otherwise, the app will set the status to `failed`.
+Otherwise, the app will set the status to `failure`.

-![GPG Status Check Failed](https://user-images.githubusercontent.com/235875/30783306-54c68524-a106-11e7-89b4-78bf126d3008.png "GPG Status Check Failed")
+![GPG status check failed screenshot](https://github.com/jarrodldavis/probot-gpg/raw/develop/docs/screenshot-failure.png "GPG status check failed screenshot")
+
+## Email privacy
+
+If you or any of your contributors use a [GitHub-provided `noreply` email address](https://help.github.com/articles/about-commit-email-addresses/) to keep a personal email address private, that `noreply` address should be used when creating a GPG key. Make sure that [`git`'s config is also using that `noreply` address](https://help.github.com/articles/setting-your-commit-email-address-in-git/) so that GitHub associates the GPG key correctly and validates it.

 ## Further reading