search

lindell / multi-gitter

Update multiple repositories in with one command
Apache License 2.0
874 stars 64 forks source link

multi-gitter run does not sign commits #261

Open jetersen opened 2 years ago

jetersen commented 2 years ago

Describe the bug Should be able to understand signing commits

To Reproduce Steps to reproduce the behavior:

  1. Run multi-gitter run -xxx
  2. git verify-commit HEAD

Expected behavior Commits are signed

Additional context Changing git-type to cmd does not work

git-type: cmd
lemeurherve commented 2 years ago

AFAIU a SignKey should be added after the Author here, but I didn't found how to declare an openpgp.Entity

image
lindell commented 2 years ago

@jetersen When running with --git-type=cmd, did you have git configured to always sign commits? (git config --global commit.gpgsign true).

If implemented, I would be happy to merge a PR that adds support for signing natively in both git modes. But that should be behind a flag since it's not the default git behavior. (behind the -S flag).

jetersen commented 2 years ago

@lemeurherve mentioned he already tried: https://gist.github.com/lemeurherve/e2cd5d883ffa93ae21549dc78d4422ae?permalink_comment_id=4236233#gistcomment-4236233

lindell commented 2 years ago

I think I've tried that too.

Can you please confirm that this is actually the case?

When I try to run it I get this: image

I don't have gpg set up on in this terminal, so the error is expected, but it tries to sign the commit.

jetersen commented 2 years ago

I can give it a shot :)

lemeurherve commented 2 years ago

I think I've tried that too.

Can you please confirm that this is actually the case?

When I try to run it I get this: image

If I remember correctly it's the same error I've got. I'll try again later today (hopefully) and let you know too.

jetersen commented 2 years ago

@lemeurherve it worked for me: https://github.com/jenkinsci/jenkins-infra-test-plugin/pull/40

Question is do you have a password on your key? Have you enabled gpg agent to store password temporarily.

Perhaps you need to configure for interactivity so you could enter your password? Not sure if git would detect the tty being available.

One trick you can do regarding gpg commit signing is create a subkey without password. If you want to keep to master key secure. I tried that but decided against it after some issues with other applications.

jetersen commented 2 years ago

While testing though I found conditional logic bug, for some reason it says the feature branch existed even though it was a new fork. This was using git-type: cmd had to change conflict strategy to replace https://github.com/lindell/multi-gitter/blob/eb15db4fc137d5a23f3d137a778e4235b26b4e74/internal/multigitter/run.go#L294

concurrent: 1
git-type: cmd
conflict-strategy: replace
fork: true
fork-owner: jetersen-cloud
log-file: '-'
log-format: text
log-level: debug
repo:
  - jenkinsci/jenkins-infra-test-plugin
branch: test-multi-gitter
commit-message: Testing Multi Gitter
pr-title: Testing multi-gitter
pr-body: |
  Testing out the multi-gitter with gpg signing.

  Sweet 💣
jetersen commented 2 years ago

Although it would be nice to support -S sign and -s signoff as flags in git-type: cmd

lindell commented 2 years ago

@jetersen In regards to the newly created fork and the branch already existing. Could the branch name have existed in the original repo, before the fork? In that case the branch would have been copied to the fork, and it would exist.

lindell commented 2 years ago

Although it would be nice to support -S sign and -s signoff as flags in git-type: cmd

I've been thinking of creating a new flag/setting called something like "--extra-commit-args" that would only work with git-type: cmd. That way it would be possible to use these, and other features before it's implemented for real in multi-gitter, or things that might not ever be implemented.

jetersen commented 2 years ago

--extra-commit-args makes sense :)

lemeurherve commented 2 years ago

I think I've tried that too.

Can you please confirm that this is actually the case? When I try to run it I get this: image

If I remember correctly it's the same error I've got. I'll try again later today (hopefully) and let you know too.

I've made another test today, and it's working as intended, I must have missed the passphrase prompt the first time, sorry for the noise.

NB: +1 for the --extra-commit-args!

Sam13 commented 5 months ago

@jetersen When running with --git-type=cmd, did you have git configured to always sign commits? (git config --global commit.gpgsign true).

@lindell I had to remove author-email and author-name from my multi-gitter configuration file to get signed GIT commits although correctly configured via git config. Probably this section of the GIT configuration is not used when environment variables are set for author and commiter? https://github.com/lindell/multi-gitter/blob/8334e34e6952c98eff6ead65956f0158a7028f57/internal/git/cmdgit/git.go#L87