Hi,
i'm trying to create a signed (verified) commit from a GitHub Actions workflow. I'm running semantic-release and using the repository token, but the commits pushed by the action are not shown as "Verified."

Ideally:

• The commit would be created via the API so I don't have to manage a private key or SSH key.
• The commit would be signed automatically so I don't need to sign anything locally.
• The commit would appear to have been made by the GitHub Actions user.

Below are my current .releaserc and the workflow step I'm running (I can share them if needed). Thank you!

This is my releaserc:

{
  "branches": [
    "main",
    {
      "name": "your-branch-name",
      "prerelease": "snapshot"
    }
  ],
  "plugins": [
    "@semantic-release/commit-analyzer",
    [
      "@semantic-release/release-notes-generator",
      {
        "preset": "conventionalcommits",
        "presetConfig": {
          "issueUrlFormat ": "https://some-jira.de/jira/browse/{{id}}"
        }
      }
    ],
    "@semantic-release/changelog",
    [
      "@semantic-release/git",
      {
        "assets": [
          "CHANGELOG.md"
        ]
      }
    ],
    [
      "@semantic-release/npm",
      {
        "pkgRoot": "node-dist"
      }
    ],
    "@semantic-release/github"
  ]
}

and this is my Github Action

    - name: Run semantic-release
      run: pnpm exec semantic-release
      shell: bash
      env:
        NPM_TOKEN: ${{ steps.import-secrets.outputs.NPM_TOKEN }}
        NPM_CONFIG_ALWAYS_AUTH: "true"
        NPM_CONFIG_REGISTRY: my-repo
        GIT_AUTHOR_NAME: "github-actions[bot]"
        GIT_AUTHOR_EMAIL: "ID+github-actions[bot]@users.noreply.github.com"
        GIT_COMMITTER_NAME: "github-actions[bot]"
        GIT_COMMITTER_EMAIL: "ID+github-actions[bot]@users.noreply.github.com"
        GH_TOKEN: ${{ github.token }}

But this does not lead to a verified commit

Do you guys have a better idea on how to do that?
Thank you very much :)

EDIT: improved writing