feat(changelog): skip ssh and x509 signatures in tag messages

[PigeonF]

Description

Support for tag messages was added in 3eb828e. The commit contains code for stripping GPG signatures from the tag message, but git supports SSH signatures and x509 signatures as well.

This PR adds support for stripping those signature types.

The regex is not 100% accurate (e.g. this would allow SSH MESSAGE, which is not part of the gitformat-signature description), but I prioritized readability over correctness in this case (since the code is for replacing text, not verifying the signature).

Motivation and Context

Signatures should not show up in the changelog, regardless of what kind of signature was used.

How Has This Been Tested?

I have no x509 certificates, but I created a SSH-signed tag in my fork, and then ran the resolves_existing_tag_with_name_and_message test and replaced the tag that is checked from v0.2.3 to example-ssh-signed-tag

diff --git a/git-cliff-core/src/repo.rs b/git-cliff-core/src/repo.rs
index 95843d76840ce4d5..219d7a6e979e3db3 100644
--- a/git-cliff-core/src/repo.rs
+++ b/git-cliff-core/src/repo.rs
@@ -372,8 +372,8 @@ mod test {
        #[test]
        fn resolves_existing_tag_with_name_and_message() -> Result<()> {
                let repository = get_repository()?;
-               let tag = repository.resolve_tag("v0.2.3");
-               assert_eq!(tag.name, "v0.2.3");
+               let tag = repository.resolve_tag("example-ssh-signed-tag");
+               assert_eq!(tag.name, "example-ssh-signed-tag");
                assert_eq!(
                        tag.message,
                        Some(

Screenshots / Logs (if applicable)

Types of Changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation (no code change)
• Refactor (refactoring production code)
• Other

Arguably this could also be a bug fix.

Checklist:

• My code follows the code style of this project.
• I have updated the documentation accordingly.
• I have formatted the code with rustfmt.
• I checked the lints with clippy.
• I have added tests to cover my changes.
• All new and existing tests passed.

I did not update any documentation, since I could find no mention of the gpg signature stripping.

I am not sure how to add a test: the existing functionality is covered by reading a tag that is GPG signed, but I have no way to add a SSH signed tag to this repository :^)

[welcome]

Thanks for opening this pull request! Please check out our contributing guidelines! ⛰️

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 36.71%. Comparing base (227a307) to head (09e7650).

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #748   +/-   ##
=======================================
  Coverage   36.71%   36.71%           
=======================================
  Files          19       19           
  Lines        1501     1501           
=======================================
  Hits          551      551           
  Misses        950      950           

Flag	Coverage Δ
unit-tests	36.71% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[orhun]

Perfect, thanks for catching this!

[welcome]

Congrats on merging your first pull request! ⛰️