landing_checks: add blocker for signed Git commits (bug 1996492) #1092 (lando@main)
| Warnings |
|
|---|---|
| Blockers |
|
| Branches | bug1996492/gpgsig-blocker -> main |
| Repo | lando@main (git) (git://github.com/mozilla-conduit/lando.git) |
| Author | shtrom |
| State | open |
| Commit Title | landing_checks: add blocker for signed Git commits (bug 1996492) |
| Commit Body | Git cinnabar doesn't support signed commits. If we allow any signed commit to land into a repo synced to HgMO with git-hg-sync, this will immediately create a divergence which will be painful to resolve. For backward compatibility with existing deployments, we set `gpg.ssh.allowedSignersFile` in the Dockerfile. This allows SSH-signature detection to be functional on pre-existing clones. New clones will have the config explicitly set on creation. * scm.helpers: add PatchHelperMetadata * GitScm: populate signature in PatchHelperMetadata * tests: add support for SSH-signing commits in test fixtures * test: add tests for commit signature detection * PatchHelper: add get_commit_summary to return first line of commit * landing_checks: add blocker for signed Git commits (bug 1996492) * repo: add PreventSignedCommitsCheck to HooksChoices * scm: type-hint PatchHelper factory methods as Self |
Landings
Not yet Landed
There has been no attempt to land revisions in this stack.