google · gmlewis · Jun 22, 2019 · Apr 2, 2019 · Jun 14, 2019 · Jun 14, 2019
diff --git a/github/git_commits.go b/github/git_commits.go
@@ -6,9 +6,13 @@
 package github
 
 import (
+	"bytes"
 	"context"
+	"errors"
 	"fmt"
 	"time"
+
+	"golang.org/x/crypto/openpgp"
 )
 
 // SignatureVerification represents GPG signature verification.
@@ -37,6 +41,11 @@ type Commit struct {
 	// is only populated for requests that fetch GitHub data like
 	// Pulls.ListCommits, Repositories.ListCommits, etc.
 	CommentCount *int `json:"comment_count,omitempty"`
+
+	// SigningKey denotes a key to sign the commit with. If not nil this key will
+	// be used to sign the commit. The private key must be present and already
+	// decrypted. Ignored if Verification.Signature is defined.
+	SigningKey *openpgp.Entity `json:"-"`
 }
 
 func (c Commit) String() string {
@@ -116,6 +125,13 @@ func (s *GitService) CreateCommit(ctx context.Context, owner string, repo string
 	if commit.Tree != nil {
 		body.Tree = commit.Tree.SHA
 	}
+	if commit.SigningKey != nil {
+		signature, err := createSignature(commit.SigningKey, body)
+		if err != nil {
+			return nil, nil, err
+		}
+		body.Signature = &signature
+	}
 	if commit.Verification != nil {
 		body.Signature = commit.Verification.Signature
 	}
@@ -133,3 +149,41 @@ func (s *GitService) CreateCommit(ctx context.Context, owner string, repo string
 
 	return c, resp, nil
 }
+
+func createSignature(SigningKey *openpgp.Entity, commit *createCommit) (string, error) {
+	if commit.Author == nil {
+		return "", errors.New("createSignature: commit.Author=nil")
+	}
+	message := createSignatureMessage(commit)
+
+	writer := new(bytes.Buffer)
+	reader := bytes.NewReader([]byte(message))
+	if err := openpgp.ArmoredDetachSign(writer, SigningKey, reader, nil); err != nil {
+		return "", err
+	}
+
+	return writer.String(), nil
+}
+
+func createSignatureMessage(commit *createCommit) string {
+	message := ""
+
+	if commit.Tree != nil {
+		message = fmt.Sprintf("tree %s\n", *commit.Tree)
+	}
+
+	for _, parent := range commit.Parents {
+		message += fmt.Sprintf("parent %s\n", parent)
+	}
+
+	message += fmt.Sprintf("author %s <%s> %d %s\n", commit.Author.GetName(), commit.Author.GetEmail(), commit.Author.GetDate().Unix(), commit.Author.GetDate().Format("-0700"))
+	committer := commit.Committer
+	if committer == nil {
+		committer = commit.Author
+	}
+
+	// There needs to be a double newline after committer
+	message += fmt.Sprintf("committer %s <%s> %d %s\n\n", committer.GetName(), committer.GetEmail(), committer.GetDate().Unix(), committer.GetDate().Format("-0700"))
+	message += fmt.Sprintf("%s", *commit.Message)
+	return message
+}