https://johanneskueber.com/tags/automation/Recent content in Automation on johanneskueber.comHugoen_USTue, 26 May 2026 00:00:00 +0000https://johanneskueber.com/posts/2026-05-26-sign-renovate-commits/Tue, 26 May 2026 00:00:00 +0000https://johanneskueber.com/posts/2026-05-26-sign-renovate-commits/<p>Keeping dependencies up to date is one of those chores that is easy to neglect and expensive to ignore. Renovate solves it nicely: it scans my repositories, opens pull requests for outdated dependencies, and - if I let it - merges them on its own. On a self-hosted Gitea instance with branch protection, however, there is a catch. If I require signed commits on my protected branches, an unsigned bot commit is simply rejected. So before automating anything, Renovate needs an identity and a signing key, and its commits need to show up as <em>Verified</em>.</p>