mirror of
https://github.com/go-gitea/gitea.git
synced 2025-12-16 05:20:14 +01:00
26602fd207
Per-repository signing keys have never been officially supported, as they would require users to modify the repository’s config file. At this point, it is clear that only global signing keys (GPG or SSH) should be allowed. If we want to introduce per-repository signing keys in the future, it will require a complete design proposal. The endpoint will not be removed for repository special signing key, but it will reference the global signing key. --------- Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: delvh <dev.lh@web.de>
85 lines
2.6 KiB
Go
85 lines
2.6 KiB
Go
// Copyright 2024 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package repository
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"os"
|
|
"time"
|
|
|
|
repo_model "code.gitea.io/gitea/models/repo"
|
|
user_model "code.gitea.io/gitea/models/user"
|
|
"code.gitea.io/gitea/modules/git/gitcmd"
|
|
"code.gitea.io/gitea/modules/log"
|
|
repo_module "code.gitea.io/gitea/modules/repository"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
asymkey_service "code.gitea.io/gitea/services/asymkey"
|
|
)
|
|
|
|
// initRepoCommit temporarily changes with work directory.
|
|
func initRepoCommit(ctx context.Context, tmpPath string, repo *repo_model.Repository, u *user_model.User, defaultBranch string) (err error) {
|
|
commitTimeStr := time.Now().Format(time.RFC3339)
|
|
|
|
sig := u.NewGitSig()
|
|
// Because this may call hooks we should pass in the environment
|
|
env := append(os.Environ(),
|
|
"GIT_AUTHOR_NAME="+sig.Name,
|
|
"GIT_AUTHOR_EMAIL="+sig.Email,
|
|
"GIT_AUTHOR_DATE="+commitTimeStr,
|
|
"GIT_COMMITTER_DATE="+commitTimeStr,
|
|
)
|
|
committerName := sig.Name
|
|
committerEmail := sig.Email
|
|
|
|
if stdout, _, err := gitcmd.NewCommand("add", "--all").WithDir(tmpPath).RunStdString(ctx); err != nil {
|
|
log.Error("git add --all failed: Stdout: %s\nError: %v", stdout, err)
|
|
return fmt.Errorf("git add --all: %w", err)
|
|
}
|
|
|
|
cmd := gitcmd.NewCommand("commit", "--message=Initial commit").
|
|
AddOptionFormat("--author='%s <%s>'", sig.Name, sig.Email)
|
|
|
|
sign, key, signer, _ := asymkey_service.SignInitialCommit(ctx, u)
|
|
if sign {
|
|
if key.Format != "" {
|
|
cmd.AddConfig("gpg.format", key.Format)
|
|
}
|
|
cmd.AddOptionFormat("-S%s", key.KeyID)
|
|
|
|
if repo.GetTrustModel() == repo_model.CommitterTrustModel || repo.GetTrustModel() == repo_model.CollaboratorCommitterTrustModel {
|
|
// need to set the committer to the KeyID owner
|
|
committerName = signer.Name
|
|
committerEmail = signer.Email
|
|
}
|
|
} else {
|
|
cmd.AddArguments("--no-gpg-sign")
|
|
}
|
|
|
|
env = append(env,
|
|
"GIT_COMMITTER_NAME="+committerName,
|
|
"GIT_COMMITTER_EMAIL="+committerEmail,
|
|
)
|
|
|
|
if stdout, _, err := cmd.WithDir(tmpPath).WithEnv(env).RunStdString(ctx); err != nil {
|
|
log.Error("Failed to commit: %v: Stdout: %s\nError: %v", cmd.LogString(), stdout, err)
|
|
return fmt.Errorf("git commit: %w", err)
|
|
}
|
|
|
|
if len(defaultBranch) == 0 {
|
|
defaultBranch = setting.Repository.DefaultBranch
|
|
}
|
|
|
|
if stdout, _, err := gitcmd.NewCommand("push", "origin").
|
|
AddDynamicArguments("HEAD:" + defaultBranch).
|
|
WithDir(tmpPath).
|
|
WithEnv(repo_module.InternalPushingEnvironment(u, repo)).
|
|
RunStdString(ctx); err != nil {
|
|
log.Error("Failed to push back to HEAD: Stdout: %s\nError: %v", stdout, err)
|
|
return fmt.Errorf("git push: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|