add support for retrieving signatures for tags (!2235) · Merge requests · GitLab.org / API / client-go

Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

This change adds support for retrieving X.509 signatures for Git tags in a GitLab repository. The implementation includes:

A new method GetTagSignature in the TagsServiceInterface that allows retrieving the signature information for a specific tag
New data structures to represent the signature information:
- X509Signature - contains the signature type, verification status, and certificate details
- X509Certificate - holds certificate information like subject, key identifier, email, and status
- X509Issuer - stores information about the certificate issuer

The change also updates the mock testing code to support testing the new functionality. This feature enables users to verify the authenticity of tags by examining their cryptographic signatures, which is important for security and compliance in software development workflows.

Edited Apr 04, 2025 by David Luhmer

add support for retrieving signatures for tags

Merge request reports