diff --git a/__test__/git-command-manager.int.test.ts b/__test__/git-command-manager.int.test.ts index 354852e..c52fcdb 100644 --- a/__test__/git-command-manager.int.test.ts +++ b/__test__/git-command-manager.int.test.ts @@ -1,4 +1,4 @@ -import {GitCommandManager, Commit} from '../lib/git-command-manager' +import {GitCommandManager} from '../lib/git-command-manager' const REPO_PATH = '/git/local/repos/test-base' @@ -14,11 +14,13 @@ describe('git-command-manager integration tests', () => { const parent = await git.getCommit('HEAD^') const commit = await git.getCommit('HEAD') expect(parent.subject).toEqual('initial commit') + expect(parent.signed).toBeFalsy() expect(parent.changes).toEqual([ {mode: '100644', status: 'A', path: 'README.md'} ]) expect(commit.subject).toEqual('add sparkles') expect(commit.parents[0]).toEqual(parent.sha) + expect(commit.signed).toBeFalsy() expect(commit.changes).toEqual([ {mode: '100644', status: 'M', path: 'README.md'} ]) diff --git a/dist/index.js b/dist/index.js index 4843f51..79186d0 100644 --- a/dist/index.js +++ b/dist/index.js @@ -454,7 +454,6 @@ function createPullRequest(inputs) { const outputs = new Map(); outputs.set('pull-request-branch', inputs.branch); outputs.set('pull-request-operation', 'none'); - outputs.set('pull-request-commits-verified', 'false'); // Create or update the pull request branch core.startGroup('Create or update the pull request branch'); const result = yield (0, create_or_update_branch_1.createOrUpdateBranch)(git, inputs.commitMessage, inputs.base, inputs.branch, branchRemoteName, inputs.signoff, inputs.addPaths); @@ -486,8 +485,6 @@ function createPullRequest(inputs) { } core.endGroup(); } - // If the verified output is not set yet, and there are commits (from result), and the head commit is signed, then: - // Get the commit and check verification status if (result.hasDiffWithBase) { core.startGroup('Create or update the pull request'); const pull = yield ghPull.createOrUpdatePullRequest(inputs, baseRemote.repository, branchRepository); @@ -518,8 +515,23 @@ function createPullRequest(inputs) { } } } - // Set outputs core.startGroup('Setting outputs'); + // If the head commit is signed, get its verification status if we don't already know it. + // This can happen if the branch wasn't updated (action = 'not-updated'), or GPG commit signing is in use. + if (!outputs.has('pull-request-commits-verified') && + result.branchCommits.length > 0 && + result.branchCommits[result.branchCommits.length - 1].signed) { + core.info(`Checking verification status of head commit ${result.headSha}`); + try { + const headCommit = yield ghBranch.getCommit(result.headSha, branchRepository); + outputs.set('pull-request-commits-verified', headCommit.verified.toString()); + } + catch (error) { + core.warning('Failed to check verification status of head commit.'); + core.debug(utils.getErrorMessage(error)); + } + } + // Set outputs for (const [key, value] of outputs) { core.info(`${key} = ${value}`); core.setOutput(key, value); @@ -696,7 +708,7 @@ class GitCommandManager { '--raw', '--cc', '--diff-filter=AMD', - `--format=%H%n%T%n%P%n%s%n%b%n${endOfBody}`, + `--format=%H%n%T%n%P%n%G?%n%s%n%b%n${endOfBody}`, ref ]); const lines = output.stdout.split('\n'); @@ -706,8 +718,9 @@ class GitCommandManager { sha: detailLines[0], tree: detailLines[1], parents: detailLines[2].split(' '), - subject: detailLines[3], - body: detailLines.slice(4, endOfBodyIndex).join('\n'), + signed: detailLines[3] !== 'N', + subject: detailLines[4], + body: detailLines.slice(5, endOfBodyIndex).join('\n'), changes: lines.slice(endOfBodyIndex + 2, -1).map(line => { const change = line.match(/^:(\d{6}) (\d{6}) \w{7} \w{7} ([AMD])\s+(.*)$/); if (change) { @@ -1336,6 +1349,16 @@ class GitHubHelper { }; }); } + getCommit(sha, branchRepository) { + return __awaiter(this, void 0, void 0, function* () { + const repository = this.parseRepository(branchRepository); + const { data: remoteCommit } = yield this.octokit.rest.git.getCommit(Object.assign(Object.assign({}, repository), { commit_sha: sha })); + return { + sha: remoteCommit.sha, + verified: remoteCommit.verification.verified + }; + }); + } createOrUpdateRef(branchRepository, branch, newHead) { return __awaiter(this, void 0, void 0, function* () { const repository = this.parseRepository(branchRepository); diff --git a/src/create-pull-request.ts b/src/create-pull-request.ts index 847e488..a585ec9 100644 --- a/src/create-pull-request.ts +++ b/src/create-pull-request.ts @@ -181,7 +181,6 @@ export async function createPullRequest(inputs: Inputs): Promise { const outputs = new Map() outputs.set('pull-request-branch', inputs.branch) outputs.set('pull-request-operation', 'none') - outputs.set('pull-request-commits-verified', 'false') // Create or update the pull request branch core.startGroup('Create or update the pull request branch') @@ -234,9 +233,6 @@ export async function createPullRequest(inputs: Inputs): Promise { core.endGroup() } - // If the verified output is not set yet, and there are commits (from result), and the head commit is signed, then: - // Get the commit and check verification status - if (result.hasDiffWithBase) { core.startGroup('Create or update the pull request') const pull = await ghPull.createOrUpdatePullRequest( @@ -272,8 +268,31 @@ export async function createPullRequest(inputs: Inputs): Promise { } } - // Set outputs core.startGroup('Setting outputs') + // If the head commit is signed, get its verification status if we don't already know it. + // This can happen if the branch wasn't updated (action = 'not-updated'), or GPG commit signing is in use. + if ( + !outputs.has('pull-request-commits-verified') && + result.branchCommits.length > 0 && + result.branchCommits[result.branchCommits.length - 1].signed + ) { + core.info(`Checking verification status of head commit ${result.headSha}`) + try { + const headCommit = await ghBranch.getCommit( + result.headSha, + branchRepository + ) + outputs.set( + 'pull-request-commits-verified', + headCommit.verified.toString() + ) + } catch (error) { + core.warning('Failed to check verification status of head commit.') + core.debug(utils.getErrorMessage(error)) + } + } + + // Set outputs for (const [key, value] of outputs) { core.info(`${key} = ${value}`) core.setOutput(key, value) diff --git a/src/git-command-manager.ts b/src/git-command-manager.ts index f9f00b8..73661f7 100644 --- a/src/git-command-manager.ts +++ b/src/git-command-manager.ts @@ -9,6 +9,7 @@ export type Commit = { sha: string tree: string parents: string[] + signed: boolean subject: string body: string changes: { @@ -158,7 +159,7 @@ export class GitCommandManager { '--raw', '--cc', '--diff-filter=AMD', - `--format=%H%n%T%n%P%n%s%n%b%n${endOfBody}`, + `--format=%H%n%T%n%P%n%G?%n%s%n%b%n${endOfBody}`, ref ]) const lines = output.stdout.split('\n') @@ -169,8 +170,9 @@ export class GitCommandManager { sha: detailLines[0], tree: detailLines[1], parents: detailLines[2].split(' '), - subject: detailLines[3], - body: detailLines.slice(4, endOfBodyIndex).join('\n'), + signed: detailLines[3] !== 'N', + subject: detailLines[4], + body: detailLines.slice(5, endOfBodyIndex).join('\n'), changes: lines.slice(endOfBodyIndex + 2, -1).map(line => { const change = line.match( /^:(\d{6}) (\d{6}) \w{7} \w{7} ([AMD])\s+(.*)$/ diff --git a/src/github-helper.ts b/src/github-helper.ts index 62fd1c5..0b5822b 100644 --- a/src/github-helper.ts +++ b/src/github-helper.ts @@ -295,6 +295,21 @@ export class GitHubHelper { } } + async getCommit( + sha: string, + branchRepository: string + ): Promise { + const repository = this.parseRepository(branchRepository) + const {data: remoteCommit} = await this.octokit.rest.git.getCommit({ + ...repository, + commit_sha: sha + }) + return { + sha: remoteCommit.sha, + verified: remoteCommit.verification.verified + } + } + private async createOrUpdateRef( branchRepository: string, branch: string,