If you've enforced branch protections in your repository, you can set up required commit signing. For more information, see "Configuring protected branches."
When you enable required commit signing on a branch, contributors and bots can only push commits that have been signed and verified to the branch. For more information, see "About commit signature verification."
You can always push local commits to the branch if the commits are signed and verified. You can also merge signed and verified commits into the branch using a pull request on GitHub. However, you cannot squash and merge a pull request into the branch on GitHub unless you are the author of the pull request. You can squash and merge pull requests locally. For more information, see "Checking out pull requests locally." For more information about merge methods, see "About merge methods on GitHub."
Note: Enabling required commit signing on a branch will make it more difficult to contribute. If a collaborator pushes an unsigned commit to a branch that has required commit signing enabled, they will need to rebase their commit to include a verified signature and force push the rewritten commit to the branch.
Administrators of a repository can push local commits that have not been signed and verified, however you can require administrators to be subject to required commit signing. For more information, see "Enabling required commit signing."