Git Configuration
Profile Setup
Setting up your Git profile with the correct user.name and user.email is
crucial for maintaining consistency in your project's commit history. This guide
explains why it's important and how to configure your Git profile.
Why Set Your Git Profile?
- Uniformity: ensures that all commits are associated with a consistent identity, which is especially important in collaborative environments.
- Professionalism: using your work email address in commits reflects a professional approach and aligns with organizational standards.
How to Set Your Git Profile
To set your Git profile, use the following commands in your terminal:
git config --global user.name "Jane Doe"
git config --global user.email "jane.doe@pagopa.it"
Replace "Jane Doe" and "jane.doe@pagopa.it" with your actual name and work
email address. This configuration will apply globally to all repositories on
your machine. If you need to set it for a specific repository, omit the
--global flag.
Alternatively, you can manually edit your .gitconfig file to set your profile.
Open the file located in your home directory and add or update the following
lines:
[user]
name = Jane Doe
email = jane.doe@pagopa.it
This method provides a direct way to configure your Git profile settings.
For more detailed information on Git configuration, you can refer to the Git manual.
Signed Commits
Why Use Signed Commits?
Signed commits provide an additional layer of security and trust in a repository. While not mandatory, they can be useful in various scenarios:
- Authenticity: ensures that commits are genuinely from the author and have not been tampered with.
- Trust: helps reviewers and collaborators verify commit authorship without relying solely on email addresses.
Enabling Signed Commits
To use signed commits, you need to generate a GPG key (if you don't already have one) and configure Git to use it.
Install GPG
If not yet installed, you can install GPG by running the following command:
brew install gpg
Once installed, you might need to add the following line to your
~/.gnupg/gpg.conf file:
use-agent
Additionally, add these lines to your shell profile file (~/.bashrc,
~/.bash_profile, or equivalent) and restart your shell:
export GPG_TTY=$(tty)
gpgconf --launch gpg-agent
Generate a GPG Key (if you don’t have one)
Run the following command and follow the prompts:
gpg --full-gen-key
You might need to run the command with sudo privileges.
When prompted:
- Select the key type:
(4) RSA (sign only)is sufficient for signing commits. - Choose a key size:
4096bits is recommended. - Set an expiration date (e.g.,
2yfor two years). - Enter your name and email (
Jane Doe <jane.doe@pagopa.it>). - Set a secure passphrase.
Alternatively, you can follow the GitHub guide to generate a GPG key.
Pay attention to steps 12 and 13 in the GitHub guide. They explain how to
copy the public key that you need to add to your GitHub profile.
Update Your GPG Key to GitHub
To make sure your commits are signed with the correct key, you need to add the
key to your GitHub profile.
To address that, follow the
GitHub guide.
List Your GPG Keys
To find your key ID, run:
gpg --list-secret-keys --keyid-format SHORT
Look for a line similar to:
sec rsa4096/ABCDEF1234567890 2025-02-26 [SC]
Copy the key ID (ABCDEF1234567890).
Configure Git to Use Your GPG Key
Set up Git to use your key for signing commits:
git config --global user.signingkey ABCDEF1234567890
git config --global commit.gpgSign true
Alternatively, you can edit your .gitconfig file and add:
[user]
signingkey = ABCDEF1234567890
[commit]
gpgSign = true
Doing this, every time you run the commit command (git commit -m), by default,
it will sign the commit.
For more details, refer to the Git documentation on signing commits.