In the Open source world, signing your commits is very important for compliance, and validating the person making the commit. A few days back, I was trying to contribute to the Direktiv Repository. I tried to follow the general way of making PR but noticed that I needed to set my computer up more to be able to sign my commits. This guide will help you set up your computer so that you can start committing to any open source project and won't have to worry if your commits are not signed :

1. Forking the Repo
2. Cloning into the Local system.

   git clone https://github.com/itisaby/direktiv
   

3. Changing the Branch

   git checkout -b <Branch Name>
   

4. Making the Appropriate Changes
5. Staging it using

   git add .
   

6. Committing the code using

   git commit -sm "MESSAGE"
   

7. Finally pushing it on the Forked repo in the branch we created locally

   git push origin <Branch Name>
   

8. Then I got a Create PR Option in my forked repo:
9. But, after creating a PR I got to see this: As you can see, it says the merging is blocked, as we need to have a Signed Commit. You can check more about it by reading this doc After that, I reverted back to the old version using

   git revert <Commit ID>
   

   then I made the changes and tried this command:

   git commit -S -sm "update CONTRIBUTORS.md"
   

   OR you can even create a new branch, make changes to it, and try to use the above command for a signed commit. But the moment I ran that command I found this error: As you can see from the error message that the gpg key failed. This is because we haven't added any GPG key in our local system, through which we can make signed commits. So now we need to see how to add a GPG key to our local system and make signed commits.

   Adding GPG Key in our Local System

10. First check whether you have an existing gpg key with this command:

    gpg --list-secret-keys --keyid-format=long
    

    If you don't have any gpg key you will see this:
11. Since we don't have a gpg key, so we need to generate it using this command:

    gpg --full-generate-key
    

    Now we get to choose the option: Choose the first one that is the default: Choose All the default option and then it will ask for your name, email, and some comments. Finally, it will ask for a passphrase where you can write a password. Now if you want to check the generated key you can check by using the previous command:

    gpg --list-secret-keys --keyid-format=long
    

    It will show like this: The Key which is generated it is AADE3CB05ECB0F7A615D05619A6E90FEDC0562FD in this case, it will be different in your case.
12. We need to run the below command, which prints the GPG key ID in ASCII armour format:

    gpg --armor --export AADE3CB05ECB0F7A615D05619A6E90FEDC0562FD
    

    You will be able to see your gpg key in the ASCII armour format. Now you need to add that key to your GitHub, so copy it down from

    -----BEGIN GPG PUBLIC KEY BLOCK-----
    .
    .
    .
    ---END GPG PUBLIC KEY BLOCK-----
    

    to add to your GitHub account, you can check by following the steps in this Doc
13. Tell Git about the GPG key.

    git config --global user.signingkey AADE3CB05ECB0F7A615D05619A6E90FEDC0562FD
    

14. You need to configure the gpg with all your commits:

    git config --global gpg.program gpg
    

    You can read about it more in this Link

After this, Now try to commit your changes using:

git commit -sm "add terraform template(example)" -S