Skip to content

GPG signed commits

What does this MR do?

  1. Shows gpg signed commits (excl. tags)
  2. If the gpg key is verified (= the gpg was added to GitLab and the user's email matches the key's email) a "Verified" batch is displayed
  3. If the gpg key is not verified or does not exist on GitLab an "Unverified" batch is displayed
  4. If the commit is not signed, the behaviour is unchanged
  5. Allows the user to add gpg keys to his profile

Are there points in the code the reviewer needs to double check?

Why was this MR needed?

Git allows to signed commits. This PR enables displaying those commits.

The development of this MR is sponsored by @siemens (/cc @bufferoverflow).

Screenshots (if relevant)

Commits list:

Commits___signed_commits___nannie_bernhard___gitlab_test___GitLab_3_

Commit details:

signed_commit_by_nannie_bernhard__0f44cd1d____Commits___nannie_bernhard___gitlab_test___GitLab

Badge popovers:

Commits___signed_commits___nannie_bernhard___gitlab_test___GitLab_5_

Commits___signed_commits___nannie_bernhard___gitlab_test___GitLab_4_

User settings > GPG key:

GPG_Keys___User_Settings___GitLab_2_

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/20268.

Edited by Dmytro Zaporozhets (DZ)

Merge request reports