Some of the Guidelines can appear to be excessively disruptive to workflows. This page lists options and workarounds folks have found for some circumstances. Please add additional ones that you have used successfully! (It's a wiki!)

The first 2 sections list problems and options per guideline. If a guideline isn't listed, no one has (yet) had a problem. It's fair game to list a problem you actually have without a solution - other folks in the community may have ideas, even if they do not experience that particular problem. (No hypothetical problems though, please.)

Membership Guidelines

Repository Guidelines

Commits (including merges) to the production branch should be GPG signed.

Problem: Needing to setup GPG for use on GitHub might dissuade contributors

The guidance "require signed commits" only targets the production branch(es). Other branches (such as feature or topic branches) need not require signing. However, having unsigned commits in a branch means you need to handle merges in a certain way. In particular, you will not be able to rebase unsigned commits onto a production branch. You will need to merge ("squash-merge" is a GitHub feature that is incompatible with requiring signing).

One option:

• create a "feature branch", used only for merges (no signing required)
• create a "shadow branch", used only for merges (no signing required)
• whomever does the merge, merges via shadow branch using GitHub web UI:

Merging unsigned commits into commit required branch

Problem: I can't squash merge PRs generated by 3rd party services

This often occurs with dependency management tools, and is a known problem. The commits in the PR are signed, they just can't be included via any method that modifies that signed commit. Only the "merge" technique meets that requirement.

General Notes

For tips that don't fit nicely above, please list them here.

GitHub web UI Challenges