aboutsummaryrefslogtreecommitdiff
path: root/ci
diff options
context:
space:
mode:
Diffstat (limited to 'ci')
-rwxr-xr-xci/lint/06_script.sh11
1 files changed, 8 insertions, 3 deletions
diff --git a/ci/lint/06_script.sh b/ci/lint/06_script.sh
index c3c7619ef7..f7dacd8512 100755
--- a/ci/lint/06_script.sh
+++ b/ci/lint/06_script.sh
@@ -23,10 +23,15 @@ test/lint/git-subtree-check.sh src/crc32c
test/lint/check-doc.py
test/lint/lint-all.sh
-if [ "$CIRRUS_REPO_FULL_NAME" = "bitcoin/bitcoin" ] && [ -n "$CIRRUS_CRON" ]; then
- git log --merges --before="2 days ago" -1 --format='%H' > ./contrib/verify-commits/trusted-sha512-root-commit
+if [ "$CIRRUS_REPO_FULL_NAME" = "bitcoin/bitcoin" ] && [ "$CIRRUS_PR" = "" ] ; then
+ # Sanity check only the last few commits to get notified of missing sigs,
+ # missing keys, or expired keys. Usually there is only one new merge commit
+ # per push on the master branch and a few commits on release branches, so
+ # sanity checking only a few (10) commits seems sufficient and cheap.
+ git log HEAD~10 -1 --format='%H' > ./contrib/verify-commits/trusted-sha512-root-commit
+ git log HEAD~10 -1 --format='%H' > ./contrib/verify-commits/trusted-git-root
${CI_RETRY_EXE} gpg --keyserver hkps://keys.openpgp.org --recv-keys $(<contrib/verify-commits/trusted-keys) &&
- ./contrib/verify-commits/verify-commits.py --clean-merge=2;
+ ./contrib/verify-commits/verify-commits.py;
fi
echo