diff options
| author | fanquake <fanquake@gmail.com> | 2021-08-31 20:45:23 +0800 |
|---|---|---|
| committer | fanquake <fanquake@gmail.com> | 2021-08-31 20:48:31 +0800 |
| commit | 19aa5afcaee3ed8987ad2108b9ab3cc3708ef44e (patch) | |
| tree | 97d4f56e42a3a240255c0dec05290a494dabe4a7 | |
| parent | 7be143a960e2bb9ac81144f55c45731c1bb209c5 (diff) | |
| parent | fa001602cd5ac61b9258e998ee2b236688c19ef7 (diff) | |
Merge bitcoin/bitcoin#22744: ci: Re-enable verify-commits.py check
fa001602cd5ac61b9258e998ee2b236688c19ef7 ci: Re-enable verify-commits.py check (MarcoFalke)
fa880b10d67542b8eb476a0e1f3ffb67e88d5e53 ci: Unconditionally set the global git author name in cirrys.yml (MarcoFalke)
Pull request description:
Might be useful to detect bugs in the script itself or an accidentally missed signature.
ACKs for top commit:
josibake:
ACK https://github.com/bitcoin/bitcoin/pull/22744/commits/fa001602cd5ac61b9258e998ee2b236688c19ef7
Zero-1729:
tACK fa001602cd5ac61b9258e998ee2b236688c19ef7
fanquake:
untested ACK fa001602cd5ac61b9258e998ee2b236688c19ef7
Tree-SHA512: 8a13a67d325f2477f4088d1034f0d5e4e04937a01ee3c738435fe66394c02b9f33225529952ad331b0ba19b63ca4b2f26911cb5d264890159840cf3e09085969
| -rw-r--r-- | .cirrus.yml | 6 | ||||
| -rwxr-xr-x | ci/lint/06_script.sh | 11 |
2 files changed, 12 insertions, 5 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index fe75403261..4a7c4eaf55 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -21,11 +21,13 @@ persistent_worker_template: &PERSISTENT_WORKER_TEMPLATE base_template: &BASE_TEMPLATE skip: $CIRRUS_REPO_FULL_NAME == "bitcoin-core/gui" && $CIRRUS_PR == "" # No need to run on the read-only mirror, unless it is a PR. https://cirrus-ci.org/guide/writing-tasks/#conditional-task-execution merge_base_script: + # Unconditionally install git (used in fingerprint_script) and set the + # default git author name (used in verify-commits.py) - bash -c "$PACKAGE_MANAGER_INSTALL git" - - if [ "$CIRRUS_PR" = "" ]; then exit 0; fi - - git fetch $CIRRUS_REPO_CLONE_URL $CIRRUS_BASE_BRANCH - git config --global user.email "ci@ci.ci" - git config --global user.name "ci" + - if [ "$CIRRUS_PR" = "" ]; then exit 0; fi + - git fetch $CIRRUS_REPO_CLONE_URL $CIRRUS_BASE_BRANCH - git merge FETCH_HEAD # Merge base to detect silent merge conflicts stateful: false # https://cirrus-ci.org/guide/writing-tasks/#stateful-tasks diff --git a/ci/lint/06_script.sh b/ci/lint/06_script.sh index c3c7619ef7..f7dacd8512 100755 --- a/ci/lint/06_script.sh +++ b/ci/lint/06_script.sh @@ -23,10 +23,15 @@ test/lint/git-subtree-check.sh src/crc32c test/lint/check-doc.py test/lint/lint-all.sh -if [ "$CIRRUS_REPO_FULL_NAME" = "bitcoin/bitcoin" ] && [ -n "$CIRRUS_CRON" ]; then - git log --merges --before="2 days ago" -1 --format='%H' > ./contrib/verify-commits/trusted-sha512-root-commit +if [ "$CIRRUS_REPO_FULL_NAME" = "bitcoin/bitcoin" ] && [ "$CIRRUS_PR" = "" ] ; then + # Sanity check only the last few commits to get notified of missing sigs, + # missing keys, or expired keys. Usually there is only one new merge commit + # per push on the master branch and a few commits on release branches, so + # sanity checking only a few (10) commits seems sufficient and cheap. + git log HEAD~10 -1 --format='%H' > ./contrib/verify-commits/trusted-sha512-root-commit + git log HEAD~10 -1 --format='%H' > ./contrib/verify-commits/trusted-git-root ${CI_RETRY_EXE} gpg --keyserver hkps://keys.openpgp.org --recv-keys $(<contrib/verify-commits/trusted-keys) && - ./contrib/verify-commits/verify-commits.py --clean-merge=2; + ./contrib/verify-commits/verify-commits.py; fi echo |