add ability to sign commits with git-xargs

gruntwork-io / git-xargs

git-xargs is a command-line tool (CLI) for making updates across multiple Github repositories with a single command.

https://blog.gruntwork.io/introducing-git-xargs-an-open-source-tool-to-update-multiple-github-repos-753f9f3675ec

Apache License 2.0

944 stars 62 forks source link

add ability to sign commits with git-xargs #140

Open zack-is-cool opened 11 months ago

zack-is-cool commented 11 months ago

Description

Closes #93.

This PR allows users to sign commits with git-xargs using a global signingkey in their git config. see: https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key for more info on configuring git to use a signing key.

TODOs

Read the Gruntwork contribution guidelines.

[ ] Update the docs.
[x] Run the relevant tests successfully, including pre-commit checks.
[x] Ensure any 3rd party code adheres with our license policy or delete this line if its not applicable.
[x] Include release notes. If this PR is backward incompatible, include a migration guide.

Release Notes (draft)

Added ability to sign commits with git-xargs. This depends on the user's git config to be configured with a signing key. If not configured, it will default to not signing commits.

Migration Guide

N/A

gekitsuu commented 1 month ago

@zack-is-cool I saw this PR was waiting on an approver and since I also need this feature I just fetched your repo/branch zack-is-cool/git-xargs and checked out the feat/add-commit-signing branch. I have commit signing setup correctly and I tried to run git-xargs directly from the branch via go run main.go --branch-name 'git-xargs-test' --commit-message 'Testing my sig' --repo gekitsuu/git-xargs-text-repo /home/gekitsuu/repos/git-xargs/test.sh. The command succeeded and it cut a PR but the commit wasn't signed.

Screenshot from 2024-08-13 15-59-26

zack-is-cool commented 1 month ago

@gekitsuu try bumping up the logging level for more info. You can look at the debug logging I added. I've been using my fork since I made this PR to be able to sign commits for my org's security settings.

gekitsuu commented 1 month ago

@zack-is-cool I did that and realized that I hadn't checked out the branch correctly. I am able to run the command now, and it prompted me for my GPG key password. Even though I'm entering the passphrase correctly, I get [git-xargs] DEBU[2024-08-14T14:53:23-04:00] Error encountered while processing repo Error="openpgp: invalid argument: signing key is encrypted" Repo name=git-xargs-test-repo Any ideas what's causing that? I'm on Debian 12 running gpg (GnuPG) 2.2.40 and git 2.39.2 if that helps in any way.

gekitsuu commented 1 month ago

@zack-is-cool Not sure I tagged you correctly in the last comment

zack-is-cool commented 1 month ago

Not totally sure tbh, if you look at this: https://github.com/gruntwork-io/git-xargs/pull/140/files#diff-daf8735f223c2102f6c67b11ae0f6c605ae36798314376c9b9d976d30ff3d930R311-R364

you can kinda see what's going on - specifically here it's calling gpg program with arguments --export-secret-keys", "--armor" and your signing key id. You could try to call those manually in your terminal to see if you get a similar error. I'm running this on mac gpg (GnuPG) 2.4.5

https://github.com/gruntwork-io/git-xargs/pull/140/files#diff-daf8735f223c2102f6c67b11ae0f6c605ae36798314376c9b9d976d30ff3d930R340

gekitsuu commented 1 month ago

@zack-is-cool I'm going to guess that you don't have a password on your GPG key. When I removed the passphrase from mine, then your branch signed the commit as expected, but it should handle taking a user through supplying the passphrase if they use one.