@davewoodx Back when I had github accounts, I used to ssh sign the commits. It took a day of testing to get it working perfectly with Tower, from my scripts, and from the command line, however it worked flawlessly after it was set up.

I chose the ssh signing because I was already ssh authenticating with github, and I didn’t want to go down a rabbit hole of gpg signing, what binaries are safe, do I want my keys public, do I want visible attribution, blah blah. ssh was just straightforward.