As you may know, creating commits in GitHub Actions can involve a risk of supply chain attacks.
Ref: [Security Advisory] Supply Chain Attack on reviewdog GitHub Actions during a specific time period · Issue #2079 · reviewdog/reviewdog

Commit signing helps prevent this kind of risk. It ensures that the commit is made by the author who owns a valid signing key.

If tagpr supports commit signing, we can enforce signed commits by using the Ruleset feature on GitHub.

We can use GitHub’s Git API to create signed commits without managing signing keys ourselves.

Ref: GitHub Actions で Verified Commit でコードを自動修正 (Japanese article)