Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Allow GPG signing on cz bump for tags and commits #347

Open
ShaneMalachow opened this issue Feb 16, 2021 · 4 comments
Open

[Feature] Allow GPG signing on cz bump for tags and commits #347

ShaneMalachow opened this issue Feb 16, 2021 · 4 comments
Labels
help wanted type: feature A new enhacement proposal

Comments

@ShaneMalachow
Copy link

Description

Allow for the version tag and commit from a cz bump command to be signed using a GPG key.

Possible Solution

Implementing a flag on cz bump that allows for the tag and commit to be signed by adding the -S argument to the git client.

Additional context

This is related to issue #248 but the fixes proposed to cz c there won't help if I also need to enforce tags and commits during a version bump being signed.
@ShaneMalachow ShaneMalachow added the type: feature A new enhacement proposal label Feb 16, 2021
@woile
Copy link
Member

woile commented Mar 5, 2021

I'm haven't use -S so I'm not sure I can implement this. Don't you have to create a pair of keys to sign the commits? How would you configure this in a CI?

If you could provide a mini-tutorial/explanation on how to do on a CI I'll give it a try. Otherwise we won't be able to support our users.

Thanks!

@Lee-W
Copy link
Member

Lee-W commented Aug 20, 2022

I think this has been supported since https://github.com/commitizen-tools/commitizen/blob/master/CHANGELOG.md#v2290-2022-07-22. Could you please try with version higher than v2.29.0? I'll close this one for now. Feel free to reopen it if you think there's something missed

@Lee-W Lee-W closed this as completed Aug 20, 2022
@samupl
Copy link

samupl commented Mar 20, 2023

@Lee-W I believe this might still be unsupported - especially if somebody wants to explicitly sign commits, and not have git configured for auto-signing.

@Lee-W Lee-W reopened this Apr 5, 2023
@AdrianDC
Copy link
Contributor

I'd like to add always_signgpg and -S parameter to -- -S just as implemented in #1206,
given this is common usage for developers and would allow better adoption
(or default control for always_* as done currently using the MR changes).

Tested manually in a clean Docker container using GPG local keys, and Git not configured for auto-signing :

(I also have a physical Yubikey for hardware GPG but not testing it here, I might if facing a use case)

# Create keys (defaults, with password)
gpg --full-generate-key
gpg --list-secret-keys --keyid-format=long

# Signing key: sec   .../BC48BD5325580A88 ...
# Signature key: ssb   .../2785C6F3562417C5 ...

# Configure Git user
git config --global user.signingkey BC48BD5325580A88
git config --global --get user.signingkey

# Configure GPG
cat >>~/.gnupg/gpg.conf <<EOF
use-agent
pinentry-mode loopback
EOF
cat >>~/.gnupg/gpg-agent.conf <<EOF
allow-loopback-pinentry
EOF

# Configure hooks
export SKIP='no-commit-to-branch'

# Create Git commit with GPG (Enter passphrase: should ask for GPG passphrase)
git add -p ./...
git commit -S

# Validate signature (should show in blue under commit SHA)
git log --show-signature

# Create commitizen commit with GPG
git add -p ./...
cz c -- -S

# Validate signature (should show in blue under commit SHA)
git log --show-signature

This was referenced Aug 22, 2024
Open
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted type: feature A new enhacement proposal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@samupl @AdrianDC @woile @Lee-W @ShaneMalachow