Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow signed commits to be required #4249

Closed
hlandau opened this issue Jun 15, 2018 · 14 comments · Fixed by #9708
Closed

Allow signed commits to be required #4249

hlandau opened this issue Jun 15, 2018 · 14 comments · Fixed by #9708
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Milestone
1.12.0

Comments

@hlandau
Copy link

hlandau commented Jun 15, 2018

GitHub allows protected branches to require signed commits. This is a blocking issue for adoption of Gitea by some projects.
@lunny lunny added the type/feature Completely new functionality. Can only be merged if feature freeze is not active. label Jun 15, 2018
@lunny lunny added this to the 1.x.x milestone Jun 15, 2018
@lunny
Copy link
Member

lunny commented Jun 15, 2018
edited
Loading

There should be an option on protected branches like below:
image

@clarfonthey
Copy link
Contributor

It would be nice if we could also do this for releases/tags only. I don't think that signing every commit is necessary, but I want to enforce it for releases.

@techknowlogick techknowlogick mentioned this issue Jul 4, 2018
Closed
@stale
Copy link

stale bot commented Jan 22, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale stale bot added the issue/stale label Jan 22, 2019
@kolaente
Copy link
Member

Anyone wanting to tacle this? I could look into it, but only in about 4 weeks.

@stale stale bot removed the issue/stale label Jan 22, 2019
@stale stale bot added the issue/stale label Mar 23, 2019
@clarfonthey
Copy link
Contributor

This feature seems like a no-brainer; could it be marked as confirmed so it doesn't become stale?

@stale stale bot removed the issue/stale label Mar 23, 2019
@techknowlogick techknowlogick added the issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented label Mar 23, 2019
@go-gitea go-gitea deleted a comment from stale bot Mar 23, 2019
@dvn0
Copy link

dvn0 commented Jul 15, 2019

No movement on this? Would anyone familiar with the relevant part of the Gitea codebase be interested in mentoring me on getting this implemented? I'm relatively new to Go, and would be happy to work on getting this feature implemented with a little bit of assistance.

@lunny
Copy link
Member

lunny commented Jul 16, 2019

At first, you should add an option on protected branch page to add an option deny all commits no signed which default is unchecked.

Then you should change code on cmd/serv.go or cmd/hooks.go to test if the commit unsigned allowed on that branch.

@djbrown
Copy link

djbrown commented Oct 18, 2019

Any news on this?

@lunny
Copy link
Member

lunny commented Oct 18, 2019

The idea is to add an option and check the signed commits on prereceive hook.

@zeripath
Copy link
Contributor

This has only really become practicable since #7631 was merged.

It's not just a case of enforcing commits are signed - commits from merging PRs have to be signed and we need to indicate whether such a commit will be signed and likely indicate why it wouldn't be. We would need to add a block on attempting to merge a pr if it wouldn't be signed.

@lunny lunny mentioned this issue Oct 19, 2019
Closed
@jamesponddotco
Copy link

What would be a good bounty to help speed development on this issue?

@lafriks
Copy link
Member

lafriks commented Jan 9, 2020

Any bounty is good ;)

@jamesponddotco
Copy link

Bounty posted:
https://www.bountysource.com/issues/59720659-allow-signed-commits-to-be-required

@zeripath zeripath mentioned this issue Jan 11, 2020
Merged
@zeripath
Copy link
Contributor

OK so #9708 represents an implementation of this.

There are a couple of points to be made:

  • Depending on your server configuration you may not be able to merge PRs into your protected branch. (Remember these have to be signed too.)
  • Similarly, You may not be able merge CRUD actions into your protected branch.

There are few extension options which probably need discussion to see if there is interest:

  • Allow repo admin to push unsigned
  • Allow repo admin to merge unsigned

@lafriks lafriks modified the milestones: 1.x.x, 1.12.0 Jan 15, 2020
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Projects
None yet
Milestone
1.12.0
10 participants
@lunny @techknowlogick @lafriks @zeripath @hlandau @jamesponddotco @dvn0 @djbrown @kolaente @clarfonthey