fix(commit-conventions): address Copilot second-sweep finding from #27#28
Conversation
The rationale for explicit '-S' was technically inaccurate: when commit.gpgsign=true IS loaded, git aborts noisily on signing failure, it doesn't silently fall back to unsigned. The real failure mode is that global config isn't loaded — subprocess env isolation, different $HOME, env scrubbing — so git doesn't know signing was requested in the first place and creates an unsigned commit with no error. Explicit -S pins the requirement to the invocation so the 'not loaded' case becomes visible. Thread: PRRT_kwDOQoBsD858lFR9 Signed-off-by: Sebastian Mendel <info@sebastianmendel.de>
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the documentation regarding the use of the -S flag in Git commits to better explain how subprocess environments can miss global configurations. A review comment suggests refining the phrasing to more clearly distinguish between missing configurations and unreachable signing agents, while also recommending more precise terminology like 'creating' instead of 'shipping' for local commits.
There was a problem hiding this comment.
Pull request overview
This PR refines the documentation rationale for requiring explicit commit signing (-S) by correcting an inaccurate failure mode description and replacing it with the real-world case where global Git config isn’t loaded in certain subprocess environments.
Changes:
- Rewrites the “Why explicit
-S” explanation to focus on missing global config loading (e.g., different/scrubbed$HOME) rather than “silent failure” when signing is requested via config. - Clarifies that explicit
-Sforces signing to be requested at invocation time so failures become immediate and visible.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
fix(commit-conventions): refine -S rationale per #28 review
Follow-up to a Copilot comment on #27 (the follow-up to #26).
Changes
commit-conventions.md: rewrite the-Srationale. The prior phrasing said signing could silently fail whencommit.gpgsign=trueis set — that's inaccurate: git aborts noisily in that case. The real failure mode is that global config isn't loaded (subprocess env isolation, different$HOME, env scrubbing), so git doesn't realize signing was requested and creates an unsigned commit with no error. Explicit-Spins the requirement to the invocation so the 'config not loaded' case becomes visible.Thread ID resolved after merge