Prepare Commits API to enabling commit signing globally

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Overview

Within Signed commits created via REST API should not ... (#456481 - closed), the following limitation has been introduced:

  • When signing is not enabled for the instance, commits can be created via API and author fields can be specified
  • When signing is enabled:
    • If author fields are not specified, the commit can be created via API and it will be signed by GitLab
    • If author fields are specified and their values are not equal to name and email of the user who performs the API call, then the request will be rejected

For the customers that have existing automation that specifies author fields this behavior will be a breaking change when commit signing is enabled for them:

  • For self-managed customers, it's not critical because enabling commit signing globally is a deliberate action for them and they can adapt their tools before enabling commit signing.
  • For Saas customers, it's critical because their existing automation may unexpectedly break when we enable commit signing globally

Proposal

Find a solution that will mitigate the issue for Saas customers.

1. Extra option

Commits API has sign option that allow customers to modify their automation and either remove author fields or specify sign: false and still create custom commits but without signing. It's still arguably a breaking change.

  1. Add a new field to Commits API (sign or sign_commits)
  2. If commit signing is not configured for the instance, it doesn't have any effect
  3. If commit signing is enabled, then the commits created via Commits API are signed
  4. If author name and email are specified, then Commits API returns validation error: these fields cannot be specified when the field sign equals true
  5. A user has an option to pass sign: false along with author fields and create a commit without signing but with setting the author fields
  6. If an organization uses reject unsigned commits and the organization has commit signing enabled for commits made by Gitlab, the unsigned commits created via Commits API are rejected.

2. Deprecate author fields customization

We could deprecate and remove author_name and author_email fields from Commits API and always set the user who performs the request as the author of the commit. It's a breaking change, but it's done in a controllable way. Requires extra time to deprecate + remove the fields.

3. Soft strategy for signing

  • Commits created via Commits API are signed
  • If author fields are customized, the commits are not signed

The change is not breaking for existing customers

Edited by 🤖 GitLab Bot 🤖