Behaviour and protocol

Code reviews Consulting 101 Feedback Good meetings practices How to facilitate team meetings Inclusive language Values

Career

360 review Engineering manager career ladder Roles Software engineer progression framework Technical skills sheet

Employee manual

Abtion's pomodoro Employee benefits Internal days & community Intro Parental leave policy Safety and security Schedule, time tracking & calendar Sickness & unplanned absence Travelling Vacation & planned time off Work from anywhere policy

Project management

Technical setup when starting a new project Client discontinuing hosting or sla Converting projects from development to maintenance mode Estimating Estimating project maintenance Go live checklist Handoffs Invoicing guidelines Procedure for traffic

Setup

Audio setup Create amazon bucket Database backup setup Gpg signing Pairing setup

Technical practices

Bug triaging Css How and why we do design research Kick off meeting Pair programming Tdd testdriven development Workflow

Templates

Readme.standard

Tools and services

Access and permissions Purchasing licenses and memberships Sharing sensitive information Stack and services Wordpress
Logo
=

Setup

GPG Signing with Git

Visual Studio Code have made this instrution video on how to setup verified commits on github.

Install GPG

MacOSX

Install gpg via homebrew: brew install gpg

Create GPG Key

Set up a GPG key for your GitHub account by following the Github guide: Generating a new GPG key

Save your GPG signing key in 1Password.

Adding the new GPG key to your GitHub account

Add the GPG key to your GitHub account (This is step 14 from the “Generating a new GPG key” guide) Adding the new GPG key

Configure git to default to signed commits

To set up GPG signed commits, replace YOUR_GPG_KEY id in the following script, and run it:

YOUR_GPG_KEY will be a long string of hex digits like: 981F5859DB768873A306424DAB0254A0AB3ECAA4

git config --global commit.gpgSign true
git config --global user.signingKey YOUR_GPG_KEY

You may want to use --local instead if you want to set up GPG signing (or use a different key) for only a specific repository.

All Abtion projects should use signed commits.

Make a signed commit

git commit --allow-empty -m 'GPG signed commit'

Test that it worked

git log --show-signature -1

commit fa8004b481174e054057a4ea860588f5082b67a9 (HEAD -> main)
gpg: Signature made Mon 14 Sep 12:44:46 2020 CEST
gpg:                using RSA key 89F18595DB786873A360442DAB0524A0AB3CAE4A
gpg: Good signature from "Geoff Hubbard (Abtion Github Signing Key) <[email protected]>" [ultimate]
Author: Geoff Hubbard <[email protected]>
Date:   Mon Sep 14 12:44:46 2020 +0200

    GPG signed commit

Issues

Failed to sign

error: gpg failed to sign the data
fatal: failed to write commit object

Run export GPG_TTY=$(tty) in your terminal and try again.

I don’t like having to type my password in all the time.

To avoid having to enter you password for each commit, you can create a ~/.gnupg/gpg-agent.conf file with the following content:

default-cache-ttl 3600
max-cache-ttl 3600

This way you only have to provide your password once every hour. Run gpgconf --reload gpg-agent to reload your updated GPG configuration.