You may want to check out https://github.com/sigstore/gitsign! You can generate ephemeral x509 code signing certs for free using Sigstore.
(disclosure: I'm a maintainer for gitsign)
Def check out the gitsign project mentioned in the post: https://github.com/sigstore/gitsign
Shameless plug for the gitsign project in sigstore: https://github.com/sigstore/gitsign
This isn't supported by GitHub yet but we're hopefully working towards that too.
Src: https://github.com/sigstore/gitsign
> Keyless Git signing with Sigstore!
> This is heavily inspired by [github/smimesign], but uses keyless Sigstore to sign Git commits with your own GitHub / OIDC identity