ansible playbook to set up a laminar container Ci build. moved to: https://git.sindominio.net/sindominio/ansible_laminar
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

73 lines
1.7 KiB

#!/bin/bash
###############################################################################
# Check that the signature of all commits for the last signed tag is valid,
# with some exceptions.
#
# There are two cases we allow unsigned commits:
# * a commit that is merged by a signed merge commit
# * a merge commit that merges all signed commits
#
# Know issues:
# * If a signed merge commit merges a list of commits that includes signed
# and not signed commits the script will fail to detect it as valid.
###############################################################################
# Inspired from: https://github.com/rmandvikar/dotfiles/blob/next/bin/git-find-merge
merge_commit() {
commit=$1
# 1st common commit from bottom of first-parent and ancestry-path
grep -f \
<(git rev-list --first-parent $commit..HEAD) \
<(git rev-list --ancestry-path $commit..HEAD) \
| tail -1
}
# For a merge commit we want to check if we have a line of commits with valid
# signatures up to the merge commit.
valid_commit() {
git rev-list --first-parent $1..$2 | while read commit
do
git verify-commit $commit
if [ $? -ne 0 ]
then
echo "Signature not valid: $commit"
exit 1
fi
done
}
TAG=""
for tag in `git tag --sort=-taggerdate`
do
if git verify-tag $tag
then
TAG=$tag
break
fi
done
RANGE="HEAD"
if [ ! -z "$TAG" ]
then
RANGE="$TAG..HEAD"
fi
LAST_VALID="$TAG"
git rev-list --reverse --no-merges $RANGE | while read commit
do
if git verify-commit $commit
then
LAST_VALID=$commit
else
if [ -z "$LAST_VALID" ]
then
echo "Signature not valid: $commit"
exit 1
fi
MERGE_COMMIT=`merge_commit $commit`
valid_commit $LAST_VALID $MERGE_COMMIT || exit 1
fi
done || exit 1
echo "All signatures are valid"