I think you only need to handle merges locally if the pull request author didn't sign their commits:
> You can always push local commits to the branch if the commits are signed and verified. > You can also merge signed and verified commits into the branch using a pull request on GitHub. > However, you cannot squash and merge a pull request into the branch on GitHub unless you are the > author of the pull request. You can squash and merge pull requests locally. For more information, see > "Checking out pull requests locally <https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/checking-out-pull-requests-locally> ." Source: https://docs.github.com/en/github/administering-a-repository/about-protected-branches#require-signed-commits On Mon, Mar 29, 2021, 06:19 Ayesh Karunaratne <ayesh@php.watch> wrote: > I think this is a great step forward. > With commit signatures required, I think the person who merges a PR > now needs to do so locally. [GitHub CLI](https://cli.github.com/) > helps me a lot to locally checkout a PR quickly, and then > rebase/squash with my own signature. > > Thanks to Levi Morrison and Nikita for the very quick response. > > > > > On Mon, 29 Mar 2021, 03:30 Rasmus Lerdorf, <ras...@lerdorf.com> wrote: > > > > > On Sun, Mar 28, 2021 at 17:15 Sara Golemon <poll...@php.net> wrote: > > > > > > > On Sun, Mar 28, 2021 at 6:57 PM Paul Crovella < > paul.crove...@gmail.com> > > > > wrote: > > > > > > > >> You might consider requiring commits be signed while you're at it. > > > >> > > > >> > > > > I suggested this as well, and even if we don't require it, we should > > > > STRONGLY encourage it. > > > > > > > > I've been signing my commits for several years now, it's not even > that > > > > hard. > > > > > > > I think for php-src commits we can require it. For doc and other repos > we > > > can make it optional for now until people are more comfortable with it. > > > > > > -Rasmus > > > > > > > > > > We can require Signed Commits for the main active branches on GitHub: > > > > https://docs.github.com/en/github/administering-a-repository/about-protected-branches#require-signed-commits > > > > > > We can create rules that requires that for all active maintained version > of > > PHP. > > > > We can set that per repo, or in a organization level. > > > > - Gabriel Caruso > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > >
