ref: 69b31099c6ce67a8279e2d61642957aed4d59af2
parent: 558a3c2a3f16fd21c16e5821bd8b71898af69bb8
author: Tim-Philipp Müller <tim@centricular.com>
date: Wed Apr 26 14:35:57 EDT 2023
ci: add ci-fairy linter to make sure commits are GPG signed
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,6 +1,15 @@
include:
- template: 'Workflows/Branch-Pipelines.gitlab-ci.yml'
+# https://docs.gitlab.com/ee/ci/yaml/workflow.html#switch-between-branch-pipelines-and-merge-request-pipelines
+workflow:
+ rules:
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_PIPELINE_SOURCE == "push"
+ when: never
+ - if: $CI_COMMIT_BRANCH
+ - if: $CI_COMMIT_TAG
+
default:
tags:
- docker
@@ -23,6 +32,26 @@
stage: test
script:
- git diff-tree --check origin/master HEAD
+
+# Make sure commits are GPG signed
+ci-fairy:
+ image: 'debian:bookworm-slim'
+ stage: test
+ script:
+ - apt update
+ - apt install -y python3-pip git
+ - pip3 install --break-system-packages git+https://gitlab.freedesktop.org/freedesktop/ci-templates@7811ba9814a3bad379377241c6c6b62d78b20eac
+ - echo Checking commits $CI_FAIRY_BASE_COMMIT..HEAD
+ - ci-fairy check-commits --gpg-signed-commit $CI_FAIRY_BASE_COMMIT..HEAD
+ tags:
+ - 'docker'
+ rules:
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ variables:
+ CI_FAIRY_BASE_COMMIT: $CI_MERGE_REQUEST_DIFF_BASE_SHA
+ - if: $CI_PIPELINE_SOURCE != "merge_request_event"
+ variables:
+ CI_FAIRY_BASE_COMMIT: 'HEAD^1'
autoconf:
stage: build