From be6118047d8b6aeadf0b1278fdccbfb97bba0894 Mon Sep 17 00:00:00 2001 From: Simone Rodigari Date: Wed, 16 Oct 2024 09:02:18 +0100 Subject: [PATCH] fix(doc): add gpgsign to devcontainer,add GHA sign check, update doc --- .devcontainer/installMoreTools.sh | 3 +++ .../{commit-message.yaml => commit-verify.yaml} | 11 ++++++++++- docs/07-Contributing/developing.md | 15 +-------------- test.sh | 8 ++++++++ 4 files changed, 22 insertions(+), 15 deletions(-) rename .github/workflows/{commit-message.yaml => commit-verify.yaml} (78%) create mode 100755 test.sh diff --git a/.devcontainer/installMoreTools.sh b/.devcontainer/installMoreTools.sh index 8d8fc3b369f..c3eadcee992 100755 --- a/.devcontainer/installMoreTools.sh +++ b/.devcontainer/installMoreTools.sh @@ -6,3 +6,6 @@ sudo apt-get update && sudo apt-get install -y lsb-release wget software-propert # Install LLVM 14 export LLVM_VERSION=14 curl -sL https://apt.llvm.org/llvm.sh | sudo bash -s "$LLVM_VERSION" + +# Configure Git client to sign commits by default +git config commit.gpgsign true diff --git a/.github/workflows/commit-message.yaml b/.github/workflows/commit-verify.yaml similarity index 78% rename from .github/workflows/commit-message.yaml rename to .github/workflows/commit-verify.yaml index de88a7d9e0b..8c5444adcda 100644 --- a/.github/workflows/commit-message.yaml +++ b/.github/workflows/commit-verify.yaml @@ -1,4 +1,4 @@ -name: commit-message +name: commit-verify on: merge_group: pull_request: @@ -36,3 +36,12 @@ jobs: echo "For more details, see .github/workflows/commit-message.yaml" exit 1 } + - name: verify_commit_signing + run: | + if git log -1 --pretty=%G? | grep -q "G"; + then + echo "Commit signature verification succeeded: the latest commit is signed." + else + echo "ERROR: Commit signature verification failed: the latest commit is not signed." + exit 1; + fi diff --git a/docs/07-Contributing/developing.md b/docs/07-Contributing/developing.md index 2474ca14b28..fd90a4fa60e 100644 --- a/docs/07-Contributing/developing.md +++ b/docs/07-Contributing/developing.md @@ -190,23 +190,10 @@ In order to certify the provenance of commits and defend against impersonation, Documentation for setting up Git and Github to sign your commits can be found [here](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits). Additional information about Git's use of GPG can be found [here](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work) -This can be accomplished by providing a `-S` flag to `git commit` as documented [here](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt--Sltkeyidgt) +> To configure your Git client to sign commits by default for a local repository, run `git config commit.gpgsign true`. ### Developers Certificate of Origin (DCO) Contributions to Retina must contain a Developers Certificate of Origin within their constituent commits. This can be accomplished by providing a `-s` flag to `git commit` as documented [here](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt--s). This will add a `Signed-off-by` trailer to your Git commit, affirming your acceptance of the Contributor License Agreement. - -### Example commit - -Here is an example development flow to add a change made to file `docs/07-Contributing/developing.md` - -```sh -git checkout -b feat-branch-1 -git add docs/07-Contributing/developing.md -git commit -m "fix(doc): update contributing docs" -sS -git push origin feat-branch-1 -u -``` - -After committing your change, when accessing [retina project's repo](https://github.com/microsoft/retina) you will get a prompt to create a PR from your fork. diff --git a/test.sh b/test.sh new file mode 100755 index 00000000000..19d605956fa --- /dev/null +++ b/test.sh @@ -0,0 +1,8 @@ +#!/bin/bash +if git log -1 --pretty=%G? | grep -q "G"; +then + echo "The latest commit is signed." +else + echo "Error: The latest commit is not signed." + exit 1; +fi