git-xargs icon indicating copy to clipboard operation
git-xargs copied to clipboard
verified publisher icon gruntwork-io

add ability to sign commits with git-xargs

Open zack-is-cool opened this issue 2 years ago • 6 comments

Description

Closes #93.

This PR allows users to sign commits with git-xargs using a global signingkey in their git config. see: https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key for more info on configuring git to use a signing key.

TODOs

Read the Gruntwork contribution guidelines.

  • [ ] Update the docs.
  • [x] Run the relevant tests successfully, including pre-commit checks.
  • [x] Ensure any 3rd party code adheres with our license policy or delete this line if its not applicable.
  • [x] Include release notes. If this PR is backward incompatible, include a migration guide.

Release Notes (draft)

Added ability to sign commits with git-xargs. This depends on the user's git config to be configured with a signing key. If not configured, it will default to not signing commits.

Migration Guide

N/A

zack-is-cool avatar Oct 25 '23 17:10 zack-is-cool

@zack-is-cool I saw this PR was waiting on an approver and since I also need this feature I just fetched your repo/branch zack-is-cool/git-xargs and checked out the feat/add-commit-signing branch. I have commit signing setup correctly and I tried to run git-xargs directly from the branch via go run main.go --branch-name 'git-xargs-test' --commit-message 'Testing my sig' --repo gekitsuu/git-xargs-text-repo /home/gekitsuu/repos/git-xargs/test.sh. The command succeeded and it cut a PR but the commit wasn't signed.

Screenshot from 2024-08-13 15-59-26

gekitsuu avatar Aug 13 '24 20:08 gekitsuu

@gekitsuu try bumping up the logging level for more info. You can look at the debug logging I added. I've been using my fork since I made this PR to be able to sign commits for my org's security settings.

zack-is-cool avatar Aug 13 '24 20:08 zack-is-cool

@zack-is-cool I did that and realized that I hadn't checked out the branch correctly. I am able to run the command now, and it prompted me for my GPG key password. Even though I'm entering the passphrase correctly, I get [git-xargs] DEBU[2024-08-14T14:53:23-04:00] Error encountered while processing repo Error="openpgp: invalid argument: signing key is encrypted" Repo name=git-xargs-test-repo Any ideas what's causing that? I'm on Debian 12 running gpg (GnuPG) 2.2.40 and git 2.39.2 if that helps in any way.

gekitsuu avatar Aug 14 '24 18:08 gekitsuu

@zack-is-cool Not sure I tagged you correctly in the last comment

gekitsuu avatar Aug 24 '24 13:08 gekitsuu

Not totally sure tbh, if you look at this: https://github.com/gruntwork-io/git-xargs/pull/140/files#diff-daf8735f223c2102f6c67b11ae0f6c605ae36798314376c9b9d976d30ff3d930R311-R364

you can kinda see what's going on - specifically here it's calling gpg program with arguments --export-secret-keys", "--armor" and your signing key id. You could try to call those manually in your terminal to see if you get a similar error. I'm running this on mac gpg (GnuPG) 2.4.5

https://github.com/gruntwork-io/git-xargs/pull/140/files#diff-daf8735f223c2102f6c67b11ae0f6c605ae36798314376c9b9d976d30ff3d930R340

zack-is-cool avatar Aug 28 '24 20:08 zack-is-cool

@zack-is-cool I'm going to guess that you don't have a password on your GPG key. When I removed the passphrase from mine, then your branch signed the commit as expected, but it should handle taking a user through supplying the passphrase if they use one.

gekitsuu avatar Aug 28 '24 23:08 gekitsuu