automated commits (eg green-button merges) should be signed by gitlab.com key.

Description

I want all the commits in my repo to be signed. However automated commits run by gitlab are not signed.

Proposal

At first boot gitlab should generate a Curve25519 PGP key and use that key to sign all commits.

It should also be possible to upload a new PGP key.

Links / references

Documentation blurb

Overview

What is it? Automated commits are signed by gitlab Why should someone use this feature? so that all commits are signed What is the underlying (business) problem? I want all commits in my repos to be signed. How do you use this feature? it's automatic, or you can override the PGP key generation.

Use cases

This is for people who want all commits to be signed.

Feature checklist

Make sure these are completed before closing the issue, with a link to the relevant commit.

• Feature assurance
• Documentation
• Added to features.yml
• auto generated key must be ed25519

/cc @DouweM

added Platform feature proposal labels

/cc @mydigitalself

I like this. It's similar to GitHub displaying "[User] committed on GitHub" on merge commits and other commits made through the web interface.

We could sign the commit, and display it in a special way.

changed milestone to %Next 3-6 months

mentioned in issue #36944

#29007 (moved) is related