SAMMY UI is optimized for resolutions with a width 1024px and higher.
Signing of artifacts
B-SB-5-1: Signing of artifacts
  • Digitally signing artifacts for all steps during the build and especially docker images, helps to ensure their integrity and authenticity.
Description

To perform a push to a GitHub repository, you must be authenticated. It's important to note that GitHub does not verify if the authenticated user's email address matches the one in the commit. To clearly identify the author of a commit for reviewers, commit signing is recommended. GitHub actions such as semantic-release-action do not automatically sign commits and may encounter issues as a result. To address this, you can refer to a working configuration example in the workflow folder of DSOMM, which demonstrates how to use semantic release action in conjunction with planetscale/ghcommit-action. For added security, consider using Fine-grained personal access tokens provided by your organization for a specific repository. Store the Personal Access Token (PAT) as a secret in your project.