diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2021-12-10 16:14:24 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-10 16:14:24 +0800 |
| commit | 3ca5dc7e32b372d14ff80d96f14b8f6a805862f1 (patch) | |
| tree | 50d193ed0dacf2888d57b193a9b0d36065aff205 /models/pull_sign.go | |
| parent | 0a9fcf63a49799ad3b0f146c54879161bac61e10 (diff) | |
| download | gitea-3ca5dc7e32b372d14ff80d96f14b8f6a805862f1.tar.gz gitea-3ca5dc7e32b372d14ff80d96f14b8f6a805862f1.zip | |
Move keys to models/asymkey (#17917)
* Move keys to models/keys
* Rename models/keys -> models/asymkey
* change the missed package name
* Fix package alias
* Fix test
* Fix docs
* Fix test
* Fix test
* merge
Diffstat (limited to 'models/pull_sign.go')
| -rw-r--r-- | models/pull_sign.go | 133 |
1 files changed, 0 insertions, 133 deletions
diff --git a/models/pull_sign.go b/models/pull_sign.go deleted file mode 100644 index 269e8e06d2..0000000000 --- a/models/pull_sign.go +++ /dev/null @@ -1,133 +0,0 @@ -// Copyright 2019 The Gitea Authors. All rights reserved. -// Use of this source code is governed by a MIT-style -// license that can be found in the LICENSE file. - -package models - -import ( - "code.gitea.io/gitea/models/db" - "code.gitea.io/gitea/models/login" - user_model "code.gitea.io/gitea/models/user" - "code.gitea.io/gitea/modules/git" - "code.gitea.io/gitea/modules/log" - "code.gitea.io/gitea/modules/setting" -) - -// SignMerge determines if we should sign a PR merge commit to the base repository -func (pr *PullRequest) SignMerge(u *user_model.User, tmpBasePath, baseCommit, headCommit string) (bool, string, *git.Signature, error) { - if err := pr.LoadBaseRepo(); err != nil { - log.Error("Unable to get Base Repo for pull request") - return false, "", nil, err - } - repo := pr.BaseRepo - - signingKey, signer := SigningKey(repo.RepoPath()) - if signingKey == "" { - return false, "", nil, &ErrWontSign{noKey} - } - rules := signingModeFromStrings(setting.Repository.Signing.Merges) - - var gitRepo *git.Repository - var err error - -Loop: - for _, rule := range rules { - switch rule { - case never: - return false, "", nil, &ErrWontSign{never} - case always: - break Loop - case pubkey: - keys, err := ListGPGKeys(u.ID, db.ListOptions{}) - if err != nil { - return false, "", nil, err - } - if len(keys) == 0 { - return false, "", nil, &ErrWontSign{pubkey} - } - case twofa: - twofaModel, err := login.GetTwoFactorByUID(u.ID) - if err != nil && !login.IsErrTwoFactorNotEnrolled(err) { - return false, "", nil, err - } - if twofaModel == nil { - return false, "", nil, &ErrWontSign{twofa} - } - case approved: - protectedBranch, err := GetProtectedBranchBy(repo.ID, pr.BaseBranch) - if err != nil { - return false, "", nil, err - } - if protectedBranch == nil { - return false, "", nil, &ErrWontSign{approved} - } - if protectedBranch.GetGrantedApprovalsCount(pr) < 1 { - return false, "", nil, &ErrWontSign{approved} - } - case baseSigned: - if gitRepo == nil { - gitRepo, err = git.OpenRepository(tmpBasePath) - if err != nil { - return false, "", nil, err - } - defer gitRepo.Close() - } - commit, err := gitRepo.GetCommit(baseCommit) - if err != nil { - return false, "", nil, err - } - verification := ParseCommitWithSignature(commit) - if !verification.Verified { - return false, "", nil, &ErrWontSign{baseSigned} - } - case headSigned: - if gitRepo == nil { - gitRepo, err = git.OpenRepository(tmpBasePath) - if err != nil { - return false, "", nil, err - } - defer gitRepo.Close() - } - commit, err := gitRepo.GetCommit(headCommit) - if err != nil { - return false, "", nil, err - } - verification := ParseCommitWithSignature(commit) - if !verification.Verified { - return false, "", nil, &ErrWontSign{headSigned} - } - case commitsSigned: - if gitRepo == nil { - gitRepo, err = git.OpenRepository(tmpBasePath) - if err != nil { - return false, "", nil, err - } - defer gitRepo.Close() - } - commit, err := gitRepo.GetCommit(headCommit) - if err != nil { - return false, "", nil, err - } - verification := ParseCommitWithSignature(commit) - if !verification.Verified { - return false, "", nil, &ErrWontSign{commitsSigned} - } - // need to work out merge-base - mergeBaseCommit, _, err := gitRepo.GetMergeBase("", baseCommit, headCommit) - if err != nil { - return false, "", nil, err - } - commitList, err := commit.CommitsBeforeUntil(mergeBaseCommit) - if err != nil { - return false, "", nil, err - } - for _, commit := range commitList { - verification := ParseCommitWithSignature(commit) - if !verification.Verified { - return false, "", nil, &ErrWontSign{commitsSigned} - } - } - } - } - return true, signingKey, signer, nil -} |