Closed raphael-proust closed 3 years ago
qqshfox
commented
3 years ago Guessing you are referring to Signing commits with GPG in GitLab. It requires a GPG private key to sign a commit. I don't think Marge is able to sign as the author without knowing his private key. Maybe it can be done by letting Marge sign as itself after validating the original commit signatures.
rbardou
commented
3 years ago More precisely, GitLab requires all new commits to be signed, not just the last one. The easiest way to obtain this is to use -S when running git rebase. It does require a private key to be set up.
raphael-proust
commented
3 years ago For anyone encountering the same problem, we solved this by:
.gitconfig for the margebot user in the docker image so it'd sign on rebaseIt's a satisfying solution in that it works, but having to build a docker image is a step that'd be nice to remove.
qqshfox
commented
3 years ago @raphael-proust Glad to hear that you've solved your problem. Would you mind sharing some snippets of the modifications? Thanks.
In projects that run with the push rule requiring commits to be signed, margebot is enable to merge. Specifically, after margebot rebases the commits, the attempt to force push the resulting branch fails, margebot leaves a message indicating to check logs, and logs contain the error message from git: You can only push commits that were committed with one of your own verified emails.
There doesn't seem to be an option to sign commits. (Technically we could wrap the
gitbinary that marge accesses in order to sign commits before pushing them, but that would be very hackish.)Has anyone needed that before?
Is there a workaround that's simpler than hijacking
gitto do more work thanmargebotrequests via the command-line?