-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Support multiple signature verification strategies with --gitVerifySignaturesMode
#2803
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome work @jstevans 🥇
Couple of small comments about (minor) implementation details, PTAL whenever you have time.
--gitVerifySignaturesMode
(#2704)--gitVerifySignaturesMode
@hiddeco I'm having trouble what went wrong in the CI build -- I've read over the contributing docs, but I don't think I understand how to investigate this issue. Can you give some guidance? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be the last round of minor comments. Thanks for bearing with me 🌷
Can you please rebase on top of master and smash your commits together? The former to ensure no surprises happen when it gets merged in to master
, and the latter to keep our commit history there clean. Thank you!
55661f9
to
32443fb
Compare
@hiddeco done! |
One additional request I forgot to mention, can you please remove references to PR from the commit message and the description? The GitHub feature is amazing for most use-cases but it causes endless pings (including from forks) to the issues whenever the commit is in some way touched and seen as 'new'. |
32443fb
to
d0d09c2
Compare
@hiddeco Done! Is there anywhere I should add a reference to the issue? |
--gitVerifySignaturesMode
--gitVerifySignaturesMode
d0d09c2
to
ff2371f
Compare
--gitVerifySignaturesMode
--gitVerifySignaturesMode
@jstevans PR message itself so that the PR is linked to the issue (which you have already done). So all good now. |
5670a42
to
9ef7d65
Compare
Add a new flag that puts the `--gitVerifySignatures` behavior into one of two modes: * "all" (default) uses the existing `--gitVerifySignatures` behavior * "first-parent" uses an alternative behavior, wherein only each first-parent of each commit from the tip of the flux branch are considered when verifying GPG signatures
9ef7d65
to
42d6f18
Compare
GitHub PR flow takes some getting used to, I hope this is correct :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your patience with the reviews, and for the feature itself @jstevans. LGTM 🌻
the CommitsBetween method added a firstParent boolean here, in: fluxcd/flux@42d6f18 fluxcd/flux#2803 If we are calling CommitsBetween here, expecting the old behavior, then it should be set to "false" Signed-off-by: Kingdon Barrett <[email protected]>
Add a new flag that puts the
--gitVerifySignatures
behavior into oneof two modes:
Fixes issue #2704