Check signed commits for matching author for web commits
What does this MR do and why?
This change is to skip checking that author and user match for instance signed commits during rebasing. For example: rebasing a merge request from a fork would could have new commits from the upstream go through this check.
References
The check was originally introduced in: Check signed Web commits authorship on push (!150466 - merged)
How to set up and validate locally
- Setup gdk for signing commits from the UI (https://docs.gitlab.com/administration/gitaly/configure_gitaly/?tab=Self-compiled+%28source%29#configure-commit-signing-for-gitlab-ui-commits)
- I had to edit the
gitaly-0.praefect.tomlfile
- I had to edit the
- Check that the rebase is possible in the situation described in this comment:
- Check that creating a commit through using a different author than user making the request still raises an error
For example:
PAYLOAD=$(cat << 'JSON'
{
"branch": "main",
"commit_message": "some commit message",
"actions": [
{
"action": "create",
"file_path": "foo/bars",
"content": "some content"
}
],
"author_email": "non_matching_email@example.com",
"author_name": "first last"
}
JSON
)
curl -XPOST \
--header "PRIVATE-TOKEN: token" \
--header "Content-Type: application/json" \
--data "$PAYLOAD" \
--url "http://gdk.test:3000/api/v4/projects/36/repository/commits"MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Jerry Seto