Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document signing of Git Commits #3162

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Document signing of Git Commits #3162

wants to merge 1 commit into from

Conversation

juliogonzalez
Copy link
Member

Description

We are going to enforce commit signing soon, so I am documenting this.

Target branches

  • Which product version this PR applies to (Uyuni, SUMA 4.3, SUMA MU X.Y.Z, or SUMA development version). This information can be helpful if ifeval statements are needed to publish it for certain products only.

All maintained versions.

  • Does this PR need to be backported? If yes, create an issue for tracking it and add the link to this PR.

Ideally, yes, prepare backports to 5.0 and 4.3, as we'll enforce signing for all branches.

  • Whenever possible, cross-reference each backport PR here, so that all backports can be easily accessed from the description.

Backport targets (edit as needed):

  • 5.0
  • 4.3

Links

None.

@jcayouette
Copy link
Contributor

How will this affect automation?

@jcayouette
Copy link
Contributor

Informing Git about your signing key:

https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key

Signing commits:

$ git commit -S -m "YOUR_COMMIT_MESSAGE"
# Creates a signed commit

$ git push
# Pushes your local commits to the remote repository

@juliogonzalez
Copy link
Member Author

How will this affect automation?

AFAIK the automation does not generate PRs, so it should still be able to generate commits. Worst case we'll disable it again until we find out a solution.

Informing Git about your signing key:

https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key

Signing commits:

$ git commit -S -m "YOUR_COMMIT_MESSAGE"
# Creates a signed commit

$ git push
# Pushes your local commits to the remote repository

Not sure what you mean with this. Yes, this comes from the GitHub help that I am linking for this change.

If you mean for the automation, then this is not enough, as the automation will need a GPG key..

@juliogonzalez
Copy link
Member Author

@jcayouette in any case, this is about the README, and every human contribution should still sign the commits.

But thanks for pinging about the automation, because I noticed something that could be problematic and maybe we'll need to address before we actually enforce this for all PRs.

@jcayouette
Copy link
Contributor

@juliogonzalez Right, I was considering if this would affect translations and automatic updates to our po files from weblate or other automated events.

@juliogonzalez
Copy link
Member Author

@juliogonzalez Right, I was considering if this would affect translations and automatic updates to our po files from weblate or other automated events.

Discussed on the retrospective, we'll check something.

But in any case, that's not relevant for the PR, as we can ask every contributor to start signing :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keichwa keichwa Awaiting requested review from keichwa

@jcayouette jcayouette Awaiting requested review from jcayouette

@0rnela 0rnela Awaiting requested review from 0rnela

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@juliogonzalez @jcayouette