From fa001602cd5ac61b9258e998ee2b236688c19ef7 Mon Sep 17 00:00:00 2001
From: MarcoFalke <falke.marco@gmail.com>
Date: Thu, 19 Aug 2021 11:47:58 +0200
Subject: ci: Re-enable verify-commits.py check

---
 ci/lint/06_script.sh | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'ci')

diff --git a/ci/lint/06_script.sh b/ci/lint/06_script.sh
index c3c7619ef7..f7dacd8512 100755
--- a/ci/lint/06_script.sh
+++ b/ci/lint/06_script.sh
@@ -23,10 +23,15 @@ test/lint/git-subtree-check.sh src/crc32c
 test/lint/check-doc.py
 test/lint/lint-all.sh
 
-if [ "$CIRRUS_REPO_FULL_NAME" = "bitcoin/bitcoin" ] && [ -n "$CIRRUS_CRON" ]; then
-    git log --merges --before="2 days ago" -1 --format='%H' > ./contrib/verify-commits/trusted-sha512-root-commit
+if [ "$CIRRUS_REPO_FULL_NAME" = "bitcoin/bitcoin" ] && [ "$CIRRUS_PR" = "" ] ; then
+    # Sanity check only the last few commits to get notified of missing sigs,
+    # missing keys, or expired keys. Usually there is only one new merge commit
+    # per push on the master branch and a few commits on release branches, so
+    # sanity checking only a few (10) commits seems sufficient and cheap.
+    git log HEAD~10 -1 --format='%H' > ./contrib/verify-commits/trusted-sha512-root-commit
+    git log HEAD~10 -1 --format='%H' > ./contrib/verify-commits/trusted-git-root
     ${CI_RETRY_EXE}  gpg --keyserver hkps://keys.openpgp.org --recv-keys $(<contrib/verify-commits/trusted-keys) &&
-    ./contrib/verify-commits/verify-commits.py --clean-merge=2;
+    ./contrib/verify-commits/verify-commits.py;
 fi
 
 echo
-- 
cgit v1.2.3