GitHub branch protection rules do not include signed commits

Description

In GitHub, Branch Protection Rules define whether collaborators can delete or force push to the branch and set requirements for any pushes to the branch, such as passing status checks or a linear commit history.

When you enable required commit signing on a branch, contributors and bots can only push commits that have been signed and verified to the branch. If a collaborator pushes an unsigned commit to a branch that requires commit signatures, the collaborator will need to rebase the commit to include a verified signature, then force push the rewritten commit to the branch.

Fix - Buildtime

Terraform

• Resource: github_branch_protection, github_branch_protection_v3
• Attribute: require_signed_commits

resource "github_branch_protection_v3" "example" {
...
+  require_signed_commits = true
}