diff options
Diffstat (limited to 'models/pull_sign.go')
| -rw-r--r-- | models/pull_sign.go | 59 |
1 files changed, 34 insertions, 25 deletions
diff --git a/models/pull_sign.go b/models/pull_sign.go index 19d8907c3d..1d3474abe7 100644 --- a/models/pull_sign.go +++ b/models/pull_sign.go @@ -11,16 +11,16 @@ import ( ) // SignMerge determines if we should sign a PR merge commit to the base repository -func (pr *PullRequest) SignMerge(u *User, tmpBasePath, baseCommit, headCommit string) (bool, string) { +func (pr *PullRequest) SignMerge(u *User, tmpBasePath, baseCommit, headCommit string) (bool, string, error) { if err := pr.GetBaseRepo(); err != nil { log.Error("Unable to get Base Repo for pull request") - return false, "" + return false, "", err } repo := pr.BaseRepo signingKey := signingKey(repo.RepoPath()) if signingKey == "" { - return false, "" + return false, "", &ErrWontSign{noKey} } rules := signingModeFromStrings(setting.Repository.Signing.Merges) @@ -30,92 +30,101 @@ func (pr *PullRequest) SignMerge(u *User, tmpBasePath, baseCommit, headCommit st for _, rule := range rules { switch rule { case never: - return false, "" + return false, "", &ErrWontSign{never} case always: break case pubkey: keys, err := ListGPGKeys(u.ID) - if err != nil || len(keys) == 0 { - return false, "" + if err != nil { + return false, "", err + } + if len(keys) == 0 { + return false, "", &ErrWontSign{pubkey} } case twofa: - twofa, err := GetTwoFactorByUID(u.ID) - if err != nil || twofa == nil { - return false, "" + twofaModel, err := GetTwoFactorByUID(u.ID) + if err != nil { + return false, "", err + } + if twofaModel == nil { + return false, "", &ErrWontSign{twofa} } case approved: protectedBranch, err := GetProtectedBranchBy(repo.ID, pr.BaseBranch) - if err != nil || protectedBranch == nil { - return false, "" + if err != nil { + return false, "", err + } + if protectedBranch == nil { + return false, "", &ErrWontSign{approved} } if protectedBranch.GetGrantedApprovalsCount(pr) < 1 { - return false, "" + return false, "", &ErrWontSign{approved} } case baseSigned: if gitRepo == nil { gitRepo, err = git.OpenRepository(tmpBasePath) if err != nil { - return false, "" + return false, "", err } defer gitRepo.Close() } commit, err := gitRepo.GetCommit(baseCommit) if err != nil { - return false, "" + return false, "", err } verification := ParseCommitWithSignature(commit) if !verification.Verified { - return false, "" + return false, "", &ErrWontSign{baseSigned} } case headSigned: if gitRepo == nil { gitRepo, err = git.OpenRepository(tmpBasePath) if err != nil { - return false, "" + return false, "", err } defer gitRepo.Close() } commit, err := gitRepo.GetCommit(headCommit) if err != nil { - return false, "" + return false, "", err } verification := ParseCommitWithSignature(commit) if !verification.Verified { - return false, "" + return false, "", &ErrWontSign{headSigned} } case commitsSigned: if gitRepo == nil { gitRepo, err = git.OpenRepository(tmpBasePath) if err != nil { - return false, "" + return false, "", err } defer gitRepo.Close() } commit, err := gitRepo.GetCommit(headCommit) if err != nil { - return false, "" + return false, "", err } verification := ParseCommitWithSignature(commit) if !verification.Verified { - return false, "" + return false, "", &ErrWontSign{commitsSigned} } // need to work out merge-base mergeBaseCommit, _, err := gitRepo.GetMergeBase("", baseCommit, headCommit) if err != nil { - return false, "" + return false, "", err } commitList, err := commit.CommitsBeforeUntil(mergeBaseCommit) if err != nil { - return false, "" + return false, "", err } for e := commitList.Front(); e != nil; e = e.Next() { commit = e.Value.(*git.Commit) verification := ParseCommitWithSignature(commit) if !verification.Verified { - return false, "" + return false, "", &ErrWontSign{commitsSigned} } } } } - return true, signingKey + return true, signingKey, nil } |