references:
- Testing webhooks
- GitHub Integration: Webhooks
- GitHub Permissions and API token Scopes for Jenkins
- CloudBees Pull Request Builder for GitHub plugin
- GitHub webhooks
- Guide for Troubleshooting GitHub Webhooks
- How to update Jenkins build status in GitHub pull requests [Step-by-Step Tutorial]
- How to set GitHub commit status with Jenkinsfile NOT using a pull request builder
- GitHub REST API documentation
- * Building Git Pull Requests with Jenkins
- sample code:
workflow && checkers
[!NOTE|label:workflow && checkers]
ci/jenkins:
[!NOTE|label:ci/jenkins:]
- How to update Jenkins build status in GitHub pull requests [Step-by-Step Tutorial]
- How to Use Custom GitHub Checks Using Jenkins Pipeline?!
- * Custom GitHub Checks With Jenkins Pipeline
- Show current state of Jenkins build on GitHub repo
- How to Integrate Your GitHub Repository to Your Jenkins Project
- Jenkins GitHub Integration for CI/CD Pipelines example
- Branches and Pull Requests
- kad/JENKINS-28447.workaround.groovy
- Use setGithubPullRequestStatus as a standalone feature #102
- Replay in pr-builder pipeline doesn't update GitHub PR status OR restarting a pipeline stage will not update pull request status
plugins:
[!NOTE|label:plugins:]
hooks
- in github
- pull request:
<JENKINS_URL>/github-pull-request-hook/ - push
<JENKINS_URL>/github-webhook/
- pull request:
jenkins
branch
+refs/pull/*:refs/remotes/origin/pr/*+refs/heads/*:refs/remotes/origin/*
actions
[!NOTE|label:references] -references:
- Advanced CI/CD Pipeline Optimization Techniques Using GitHub Actions
- GitHub Actions vs. Jenkins
- cloudposse/github-action-auto-release
- Setup Jenkins
- Jenkins-Action
- Build Jenkins jobs
- Trigger a Jenkins Job
- TriggerJenkinsBuild
- Run jenkins jobs
- GitHub Actions Linting
- jenkins-action-parametrized
- Jenkins Job Builder
- jenkins-job-action
- Trigger Jenkins Job and Return Result
- Run Jenkins Job with Build Result
- Run Jenkins Job and get build result
- Commit Message Checker for pull request
- Check Commit Message
- Git matching commits
- Git matching commits
- Commit Message Checker for pull request
- GS Commit Message Checker
- Git Commit Data
- Generate semver
- pre-commit ci
- utility
- Upload a Build Artifact
- Download a Build Artifact
- GitHub API Request
- Checkout
- Configure GitHub Pages
- GitHub API Request
- GitHub Script
- Git Version
- Load available actions
- Secret output
- Ansible Publish
- Jira Add Comment
- Setup Jira
- Release-Notes-Preview
- Trigger CircleCI Pipeline
- Deploy Helm to EKS
- Docker Build Tag Publish
- Deploy Helm to EKS
- Kubectl tool installer
- Kubernetes Set Context
- Helm tool installer
apps
[!NOTE|label:references:]
gpg commit signature
[!NOTE|label:references:]
generate gpg key pair
[!NOTE|label:references:]
(9) ECC (sign and encrypt)+(1) Curve 25519means:
ed25519for signingcv25519for encryption
$ gpg --full-generate-key
gpg (GnuPG) 2.4.9; Copyright (C) 2025 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(9) ECC (sign and encrypt) *default*
(10) ECC (sign only)
(14) Existing key from card
Your selection? 9
Please select which elliptic curve you want:
(1) Curve 25519 *default*
(4) NIST P-384
(6) Brainpool P-256
Your selection? 1
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: marslo
Email address: marslo@domain.com
Comment:
You selected this USER-ID:
"marslo <marslo@domain.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: directory '/Users/marslo/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/Users/marslo/.gnupg/openpgp-revocs.d/5**************************************3.rev'
public and secret key created and signed.
pub ed25519 2026-02-11 [SC]
5**************************************3
uid marslo <marslo@domain.com>
sub cv25519 2026-02-11 [E]
get gpg public key
# export
$ gpg --armor --export marslo@domain.com
# or via keyid
$ KEY_ID="$(gpg --list-secret-keys --with-colons marslo@domain.com | awk -F: '/^sec/ {print $5}')"
$ KEY_ID="$(gpg --list-secret-keys --keyid-format LONG marslo@domain.com | sed -rn 's|^sec[^/]+ed25519/([^ ]+) .+]$|\1|p')"
$ gpg --armor --export ${KEY_ID}
-----BEGIN PGP PUBLIC KEY BLOCK-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxx
-----END PGP PUBLIC KEY BLOCK-----
And copy the output into Github:
- Go to
Settings->SSH and GPG keys->New GPG key - Paste the public key into the
Keyfield and clickAdd GPG key
local git config
[!TIP|label:references:]
- this configuration is sign with gpg key what particular repos with particular account automatically
- this mostly used when you have multiple accounts and want to sign commit with different gpg key for different account
# ~/.gitconfig
[include]
path = ~/.marslo/gitconfig.d/account
# ~/.marslo/gitconfig.d/account
[includeIf "hasconfig:remote.*.url:*com?marslo_ghe/**"]
path = ~/.marslo/gitconfig.d/accounts/marslo_ghe
[includeIf "gitdir/i:~/code/github/**"]
path = ~/.marslo/gitconfig.d/accounts/marslo_ghe
[!NOTE|label:references:]
$ git help config gpg.format Specifies which key format to use when signing with --gpg-sign. Default is "openpgp". Other possible values are "x509", "ssh".
# ~/.marslo/gitconfig.d/accounts/marslo_ghe
[user]
name = marslo
email = marslo@domain.com
# signingkey => "${KEY_ID}"
signingkey = 7**************3
[commit]
gpgsign = true
[tag]
gpgsign = true
verify
$ git me
marslo <marslo@domain.com> # accounts/marslo_ghe [G]
$ git config user.signingkey
7**************3
$ git config commit.gpgsign
true
# create code change and commit
$ git show --show-signature -s
commit 09daeb35ddb7a78f395c0e2a323b300d7c565fce (origin/devel, origin/HEAD)
gpg: Signature made Tue Feb 10 16:19:41 2026 PST
gpg: using EDDSA key 5**************************************3
gpg: Good signature from "marslo <marslo@domain.com>" [ultimate]
Author: marslo <marslo@domain.com>
Date: 2026-02-10 16:19:41 -0800 Tuesday
test: verify gpg sign key
Signed-off-by: marslo <marslo@domain.com>
tips
show signature in git log
$ git config --global log.showSignature truelist GPG public key via API/CLI via Github
# API $ curl -sL -u marslo_ghe:$GITHUB_API_TOKEN https://api.github.com/users/marslo_ghe/gpg_keys | jq -r '.[] | .key_id + "\n" + .raw_key' # -- or authentication with gh CLI -- $ curl -H "Authorization: Bearer $(gh auth token)" \ -sL https://api.github.com/users/marslo_ghe/gpg_keys | jq -r '.[] | .key_id + "\n" + .raw_key' # CLI $ gh api users/marslo_ghe/gpg_keys --jq '.[] | .key_id + "\n" + .raw_key'