Git Commits
A Git commit is a snapshot of the hierarchy (Git tree) and the contents of the files (Git blob) in a Git repository. These endpoints allow you to read and write commit objects to your Git database on GitHub Enterprise. See the Git Database API for more details.
Get a commit
Gets a Git commit object.
GET /repos/:owner/:repo/git/commits/:commit_sha
Response
Status: 200 OK
{
"sha": "7638417db6d59f3c431d3e1f261cc637155684cd",
"node_id": "MDY6Q29tbWl0NmRjYjA5YjViNTc4NzVmMzM0ZjYxYWViZWQ2OTVlMmU0MTkzZGI1ZQ==",
"url": "https://api.github.com/repos/octocat/Hello-World/git/commits/7638417db6d59f3c431d3e1f261cc637155684cd",
"author": {
"date": "2014-11-07T22:01:45Z",
"name": "Monalisa Octocat",
"email": "octocat@github.com"
},
"committer": {
"date": "2014-11-07T22:01:45Z",
"name": "Monalisa Octocat",
"email": "octocat@github.com"
},
"message": "added readme, because im a good github citizen",
"tree": {
"url": "https://api.github.com/repos/octocat/Hello-World/git/trees/691272480426f78a0138979dd3ce63b77f706feb",
"sha": "691272480426f78a0138979dd3ce63b77f706feb"
},
"parents": [
{
"url": "https://api.github.com/repos/octocat/Hello-World/git/commits/1acc419d4d6a9ce985db7be48c6349a0475975b5",
"sha": "1acc419d4d6a9ce985db7be48c6349a0475975b5"
}
],
"verification": {
"verified": false,
"reason": "unsigned",
"signature": null,
"payload": null
}
}
Signature verification object
The response will include a verification object that describes the result of verifying the commit's signature. The following fields are included in the verification object:
| Name | Type | Description |
|---|---|---|
verified |
boolean |
Indicates whether GitHub considers the signature in this commit to be verified. |
reason |
string |
The reason for verified value. Possible values and their meanings are enumerated in table below. |
signature |
string |
The signature that was extracted from the commit. |
payload |
string |
The value that was signed. |
These are the possible values for reason in the verification object:
| Value | Description |
|---|---|
expired_key |
The key that made the signature is expired. |
not_signing_key |
The "signing" flag is not among the usage flags in the GPG key that made the signature. |
gpgverify_error |
There was an error communicating with the signature verification service. |
gpgverify_unavailable |
The signature verification service is currently unavailable. |
unsigned |
The object does not include a signature. |
unknown_signature_type |
A non-PGP signature was found in the commit. |
no_user |
No user was associated with the committer email address in the commit. |
unverified_email |
The committer email address in the commit was associated with a user, but the email address is not verified on her/his account. |
bad_email |
The committer email address in the commit is not included in the identities of the PGP key that made the signature. |
unknown_key |
The key that made the signature has not been registered with any user's account. |
malformed_signature |
There was an error parsing the signature. |
invalid |
The signature could not be cryptographically verified using the key whose key-id was found in the signature. |
valid |
None of the above errors applied, so the signature is considered to be verified. |
Create a commit
Creates a new Git commit object.
POST /repos/:owner/:repo/git/commits
Parameters
| Name | Type | Description |
|---|---|---|
message |
string |
Required. The commit message |
tree |
string |
Required. The SHA of the tree object this commit points to |
parents |
array of strings |
Required. The SHAs of the commits that were the parents of this commit. If omitted or empty, the commit will be written as a root commit. For a single parent, an array of one SHA should be provided; for a merge commit, an array of more than one should be provided. |
author |
object |
Information about the author of the commit. By default, the author will be the authenticated user and the current date. See the author and committer object below for details. |
committer |
object |
Information about the person who is making the commit. By default, committer will use the information set in author. See the author and committer object below for details. |
signature |
string |
The PGP signature of the commit. GitHub adds the signature to the gpgsig header of the created commit. For a commit signature to be verifiable by Git or GitHub, it must be an ASCII-armored detached PGP signature over the string commit as it would be written to the object database. To pass a signature parameter, you need to first manually create a valid PGP signature, which can be complicated. You may find it easier to use the command line to create signed commits. |
The author and committer objects have the following keys:
| Name | Type | Description |
|---|---|---|
name |
string |
The name of the author (or committer) of the commit |
email |
string |
The email of the author (or committer) of the commit |
date |
string |
Indicates when this commit was authored (or committed). This is a timestamp in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ. |
Example input
{
"message": "my commit message",
"author": {
"name": "Mona Octocat",
"email": "octocat@github.com",
"date": "2008-07-09T16:13:30+12:00"
},
"parents": [
"7d1b31e74ee336d15cbd21741bc88a537ed063a0"
],
"tree": "827efc6d56897b048c772eb4087f854f46256132",
"signature": "-----BEGIN PGP SIGNATURE-----\n\niQIzBAABAQAdFiEESn/54jMNIrGSE6Tp6cQjvhfv7nAFAlnT71cACgkQ6cQjvhfv\n7nCWwA//XVqBKWO0zF+bZl6pggvky3Oc2j1pNFuRWZ29LXpNuD5WUGXGG209B0hI\nDkmcGk19ZKUTnEUJV2Xd0R7AW01S/YSub7OYcgBkI7qUE13FVHN5ln1KvH2all2n\n2+JCV1HcJLEoTjqIFZSSu/sMdhkLQ9/NsmMAzpf/iIM0nQOyU4YRex9eD1bYj6nA\nOQPIDdAuaTQj1gFPHYLzM4zJnCqGdRlg0sOM/zC5apBNzIwlgREatOYQSCfCKV7k\nnrU34X8b9BzQaUx48Qa+Dmfn5KQ8dl27RNeWAqlkuWyv3pUauH9UeYW+KyuJeMkU\n+NyHgAsWFaCFl23kCHThbLStMZOYEnGagrd0hnm1TPS4GJkV4wfYMwnI4KuSlHKB\njHl3Js9vNzEUQipQJbgCgTiWvRJoK3ENwBTMVkKHaqT4x9U4Jk/XZB6Q8MA09ezJ\n3QgiTjTAGcum9E9QiJqMYdWQPWkaBIRRz5cET6HPB48YNXAAUsfmuYsGrnVLYbG+\nUpC6I97VybYHTy2O9XSGoaLeMI9CsFn38ycAxxbWagk5mhclNTP5mezIq6wKSwmr\nX11FW3n1J23fWZn5HJMBsRnUCgzqzX3871IqLYHqRJ/bpZ4h20RhTyPj5c/z7QXp\neSakNQMfbbMcljkha+ZMuVQX1K9aRlVqbmv3ZMWh+OijLYVU2bc=\n=5Io4\n-----END PGP SIGNATURE-----\n"
}
In this example, the payload of the signature would be:
tree 827efc6d56897b048c772eb4087f854f46256132
parent 7d1b31e74ee336d15cbd21741bc88a537ed063a0
author Mona Octocat <octocat@github.com> 1215576810 +1200
committer Mona Octocat <octocat@github.com> 1215576810 +1200
my commit message
Response
Status: 201 Created
Location: https://api.github.com/repos/octocat/Hello-World/git/commits/7638417db6d59f3c431d3e1f261cc637155684cd
{
"sha": "7638417db6d59f3c431d3e1f261cc637155684cd",
"node_id": "MDY6Q29tbWl0NzYzODQxN2RiNmQ1OWYzYzQzMWQzZTFmMjYxY2M2MzcxNTU2ODRjZA==",
"url": "https://api.github.com/repos/octocat/Hello-World/git/commits/7638417db6d59f3c431d3e1f261cc637155684cd",
"author": {
"date": "2014-11-07T22:01:45Z",
"name": "Monalisa Octocat",
"email": "octocat@github.com"
},
"committer": {
"date": "2014-11-07T22:01:45Z",
"name": "Monalisa Octocat",
"email": "octocat@github.com"
},
"message": "my commit message",
"tree": {
"url": "https://api.github.com/repos/octocat/Hello-World/git/trees/827efc6d56897b048c772eb4087f854f46256132",
"sha": "827efc6d56897b048c772eb4087f854f46256132"
},
"parents": [
{
"url": "https://api.github.com/repos/octocat/Hello-World/git/commits/7d1b31e74ee336d15cbd21741bc88a537ed063a0",
"sha": "7d1b31e74ee336d15cbd21741bc88a537ed063a0"
}
],
"verification": {
"verified": false,
"reason": "unsigned",
"signature": null,
"payload": null
}
}
Signature verification object
The response will include a verification object that describes the result of verifying the commit's signature. The following fields are included in the verification object:
| Name | Type | Description |
|---|---|---|
verified |
boolean |
Indicates whether GitHub considers the signature in this commit to be verified. |
reason |
string |
The reason for verified value. Possible values and their meanings are enumerated in table below. |
signature |
string |
The signature that was extracted from the commit. |
payload |
string |
The value that was signed. |
These are the possible values for reason in the verification object:
| Value | Description |
|---|---|
expired_key |
The key that made the signature is expired. |
not_signing_key |
The "signing" flag is not among the usage flags in the GPG key that made the signature. |
gpgverify_error |
There was an error communicating with the signature verification service. |
gpgverify_unavailable |
The signature verification service is currently unavailable. |
unsigned |
The object does not include a signature. |
unknown_signature_type |
A non-PGP signature was found in the commit. |
no_user |
No user was associated with the committer email address in the commit. |
unverified_email |
The committer email address in the commit was associated with a user, but the email address is not verified on her/his account. |
bad_email |
The committer email address in the commit is not included in the identities of the PGP key that made the signature. |
unknown_key |
The key that made the signature has not been registered with any user's account. |
malformed_signature |
There was an error parsing the signature. |
invalid |
The signature could not be cryptographically verified using the key whose key-id was found in the signature. |
valid |
None of the above errors applied, so the signature is considered to be verified. |