github logo

Getting the GitHub Verified commit badge when using Visual Code on Mac OS X

The Issue

Recently I’ve started to use Visual Code as my editor on Mac OS X, and using it with my GitHub Repos. It’s pretty cool! However I noticed that when I submit a commit via code, I do not see the verified badge.

github commit view - verified

The Cause

When I look at my global git config on my Mac OS X machine, I can see that I’ve configured the settings so that my user details are passed to GitHub as an author of the repository.

git config --global --list

git config --global --list

The Fix

We need to setup a GPG public key to be used by git on our machine when interacting with GitHub.

  • First we need to install GPG, if you do not have it already, it is not installed on Mac OS X by default.
  • Secondly in my GitHub account, I want to get my no-reply email address as I have email privacy turned on. Meaning my personal email will not be exposed in commits.
    • Go to settings > emails > find your ” no reply email under the “primary email address” header
Note: If you are happy to expose your email address used with GitHub, then just use your actual email address in the relevant sections.

GitHub emails - primary email address - no reply email address

Open up terminal on your Mac OS X machine and run the following command and provide the details as necessary;

gpg --full-generate-key
  • Select “RSA and RSA (default)”
  • Set your key size to 4096
  • Set your expiry
  • Add your Real User Name logged with GitHub
  • Enter your no-reply email.
  • Set a comment about the GPG key if you need to.
  • Enter a passphrase in the dialog box that appears

gpg --full-generate-key

gpg generate new key - provide passphrase - pinentry mac

You can now view your key details by running the following and get your Key ID in this example below, the Key ID is “3AA5C34371567BD2”:

$ gpg --list-secret-keys --keyid-format LONG
/Users/hubot/.gnupg/secring.gpg
------------------------------------
sec   4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid                          Hubot <[email protected] class="com">
ssb   4096R/42B317FD4BA89E7A 2016-03-10</[email protected]>

Now we need GPG ID in ASCII Amour Format:

gpg --armor --export {Key_ID}

Copy your GPG key,

Beginning with:

-----BEGIN PGP PUBLIC KEY BLOCK-----

And ending with:

-----END PGP PUBLIC KEY BLOCK-----

gpg --armor --export

And we’ll now add this to our GitHub account.

  • Go to Settings > SSH and GPG Keys > New GPG Key
  • Paste in your PGP output and save. Confirm your password
  • You will now see your key has been added

GitHub - SSH and GPG Keys - New GPG Key GitHub - SSH and GPG Keys - New GPG Key - Add New GitHub - SSH and GPG Keys - New GPG Key - Key Added

Now we all have to tell Git to use our GPG key for signing those commits when they are pushed by our system and Visual Code.

Within terminal using the key ID we found earlier:

# Reminder on how to get your Key ID
gpg --list-secret-keys --keyid-format LONG

# Configure git to use the Key ID and sign our commits

git config --global user.signingkey {Key_ID}
git config --global commit.gpgsign true

Let’s now test this. I’ve made a change to a file in a repo, and I’ve staged the commit. Which now triggers me to provide my GPG passphrase. I will select to save it in Apple Keychain so I don’t have to keep re-entering it.

And one I push the commit, I can see I am now verified on GitHub again.

Visual Code - Commit staged changes - provide passkey GitHub - Verified commit from Visual Code

Resources

Regards

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.