diff --git a/.github/workflows/spec-sync-on-merge.yml b/.github/workflows/spec-sync-on-merge.yml
index c21d03e6bc..58fa5b118c 100644
--- a/.github/workflows/spec-sync-on-merge.yml
+++ b/.github/workflows/spec-sync-on-merge.yml
@@ -113,19 +113,11 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.OPENAPI_SPEC_SYNC_TOKEN }}
           COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
+          SPEC_REPO: ansible-automation-platform/aap-openapi-specs
         run: |
-          # Configure git
-          git config user.name "github-actions[bot]"
-          git config user.email "github-actions[bot]@users.noreply.github.com"
-
-          # Create branch for PR
           SHORT_SHA="${{ github.sha }}"
           SHORT_SHA="${SHORT_SHA:0:7}"
           BRANCH_NAME="update-Controller-${{ github.ref_name }}-${SHORT_SHA}"
-          git checkout -b "$BRANCH_NAME"
-
-          # Add and commit changes
-          git add "controller.json"
 
           if [ "${{ steps.compare.outputs.is_new_file }}" == "true" ]; then
             COMMIT_MSG="Add Controller OpenAPI spec for ${{ github.ref_name }}"
@@ -133,15 +125,38 @@ jobs:
             COMMIT_MSG="Update Controller OpenAPI spec for ${{ github.ref_name }}"
           fi
 
-          git commit -m "$COMMIT_MSG
+          COMMIT_MSG="${COMMIT_MSG}
 
           Synced from ${{ github.repository }}@${{ github.sha }}
-          Source branch: ${{ github.ref_name }}
+          Source branch: ${{ github.ref_name }}"
 
-          Co-Authored-By: github-actions[bot] <github-actions[bot]@users.noreply.github.com>"
+          # Create branch via API
+          BASE_SHA=$(gh api "repos/${SPEC_REPO}/git/ref/heads/${{ github.ref_name }}" --jq '.object.sha')
+          gh api "repos/${SPEC_REPO}/git/refs" \
+            -f "ref=refs/heads/${BRANCH_NAME}" \
+            -f "sha=${BASE_SHA}"
 
-          # Push branch
-          git push origin "$BRANCH_NAME"
+          # Create blob and commit via API (commits created through the API are automatically signed by GitHub)
+          BLOB_SHA=$(gh api "repos/${SPEC_REPO}/git/blobs" \
+            -f "content=$(base64 -w 0 controller.json)" \
+            -f "encoding=base64" \
+            --jq '.sha')
+
+          TREE_SHA=$(gh api "repos/${SPEC_REPO}/git/trees" \
+            -f "base_tree=${BASE_SHA}" \
+            --input <(jq -n --arg blob "$BLOB_SHA" '{tree: [{path: "controller.json", mode: "100644", type: "blob", sha: $blob}]}') \
+            --jq '.sha')
+
+          NEW_COMMIT_SHA=$(gh api "repos/${SPEC_REPO}/git/commits" \
+            -f "message=${COMMIT_MSG}" \
+            -f "tree=${TREE_SHA}" \
+            -f "parents[]=${BASE_SHA}" \
+            --jq '.sha')
+
+          # Update branch ref to point to the new signed commit
+          gh api "repos/${SPEC_REPO}/git/refs/heads/${BRANCH_NAME}" \
+            -X PATCH \
+            -f "sha=${NEW_COMMIT_SHA}"
 
           # Create PR
           PR_TITLE="[${{ github.ref_name }}] Update Controller spec from merged commit"
@@ -165,6 +180,7 @@ jobs:
           🤖 This PR was automatically generated by the OpenAPI spec sync workflow."
 
           gh pr create \
+            --repo "${SPEC_REPO}" \
             --title "$PR_TITLE" \
             --body "$PR_BODY" \
             --base "${{ github.ref_name }}" \