⚠ This page is served via a proxy. Original site: https://github.com
This service does not collect credentials or authentication data.
Skip to content

Add script to bulk-sign commits #367

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
andyblundell wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add script to bulk-sign commits #367

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9a8b1bb
Add bulk-sign commands to retrospective-commit-signing.md
andyblundell Feb 10, 2026
1fa4165
Update retrospective-commit-signing.md
andyblundell Feb 10, 2026
d3741ff
Update retrospective-commit-signing.md
andyblundell Feb 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions practices/guides/retrospective-commit-signing.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,3 +75,18 @@ Please take the time to understand the commands that you are using, this is just
Refresh the browser window for your PR. You should now see the verified commits:

![Updated commit history in GitHub](../../images/updated-commit-history-github.png)

### Optional process variation: bulk update last N commits

If you are happy that the most recent N commits can *all* be signed in one go, that's possible in fewer steps than the method above, but is less flexible: you can't pick and choose which commits this acts on, so this won't always be an appropriate method.

If N == 10:

```bash
git rebase --exec "git commit -S --amend --no-edit --allow-empty" HEAD~10
Copy link
Contributor

@regularfry regularfry Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Possible alternative:

git rebase --exec 'git commit --amend --no-edit -n -S' $(git log --format='%H %G?' main..HEAD | grep ' N$' | tail -1 | cut -d' ' -f1)^

It's a bit wordy but it finds the first unsigned commit between main and HEAD and signs that and everything since. Avoids needing to figure out N, but relies on gpg.ssh.allowedSignersFile being configured if you're using SSH signing.

git push -f
Copy link
Contributor

@stefaniuk stefaniuk Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Worth considering using the safer long flag option git push --force-with-lease rather than -f

```

The first command automatically cycles through all 10 commits, signing each one. The second force-pushes the newly signed commits.

Note: --allow-empty is only needed if any of the commits you want to sign are empty.