Skip to content

feat: add signed commits capability #5820

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jun 24, 2025
Merged

feat: add signed commits capability #5820

merged 7 commits into from
Jun 24, 2025

Conversation

hugodocto
Copy link
Contributor

@hugodocto hugodocto commented Jun 10, 2025
edited
Loading

This PR adds the signing commits feature to Goreleaser.

This change is being made in an attempt to guarantee that commits are not altered and are coming from a trusted source. This would allow organisations to enforce Github signed commits on repository in a safe manner.

@pull-request-size pull-request-size bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jun 10, 2025
@caarlos0 caarlos0 requested a review from Copilot June 10, 2025 10:55
Copilot
Copilot AI reviewed Jun 10, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces signed commit capabilities into goreleaser to ensure commits are verified and come from trusted sources.

  • Adds a new CommitSigning configuration struct and integrates it into CommitAuthor.
  • Updates the Get and Default functions to support templating for signing configuration.
  • Adds new tests in author_test.go and git_test.go and adjusts git client configuration to apply signing flags.

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
pkg/config/config.go Adds CommitSigning struct with signing options and integrates it with CommitAuthor configuration.
internal/commitauthor/author_test.go Introduces tests validating commit signing behavior and error handling for misconfigured templates.
internal/commitauthor/author.go Updates Get and Default functions to support templating and defaulting of signing parameters.
internal/client/git_test.go Adds tests ensuring git client correctly applies signing configuration and behavior.
internal/client/git.go Modifies git commands to conditionally enable commit signing and apply related configuration flags.

@codecov Codecov
Copy link

codecov bot commented Jun 10, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 90.00000% with 4 lines in your changes missing coverage. Please review.

Project coverage is 82.73%. Comparing base (8180429) to head (dc50ccc).
Report is 14 commits behind head on main.

Files with missing lines Patch % Lines
internal/commitauthor/author.go 85.00% 2 Missing and 1 partial ⚠️
internal/client/git.go 95.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #5820      +/-   ##
==========================================
+ Coverage   82.66%   82.73%   +0.07%     
==========================================
  Files         164      164              
  Lines       16445    16496      +51     
==========================================
+ Hits        13594    13648      +54     
+ Misses       2258     2256       -2     
+ Partials      593      592       -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

caarlos0
caarlos0 reviewed Jun 11, 2025
View reviewed changes
Copy link
Member

@caarlos0 caarlos0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hey, thanks for the PR!

looking good so far, only missing piece (I think) is to update docs at www/docs/includes/repository.md

@hugodocto
Copy link
Contributor Author

hey @caarlos0 , glad to hear that! I'll update the doc asap and put the PR as "ready for review"

@hugodocto hugodocto marked this pull request as ready for review June 11, 2025 19:25
@hugodocto hugodocto requested a review from caarlos0 June 11, 2025 19:25
@hugodocto hugodocto changed the title feat: add signed commits capabilities feat: add signed commits capability Jun 11, 2025
@vedantmgoyal9
Copy link
Member

@vedantmgoyal9 vedantmgoyal9 linked an issue Jun 12, 2025 that may be closed by this pull request
Support commit signing for homebrew taps (and maybe other platforms too) #4616
Closed
3 tasks
@hugodocto
Copy link
Contributor Author

hey @caarlos0, any news regarding this PR?

caarlos0
caarlos0 reviewed Jun 22, 2025
View reviewed changes
Copy link
Member

@caarlos0 caarlos0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor docs adjustments, LGTM otherwise!

thanks and sorry for the delay reviewing <3

www/docs/includes/repository.md Outdated
Comment on lines 98 to 99
# Git commit author used to commit to the repository.
# Templates: allowed.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# Git commit author used to commit to the repository.
# Templates: allowed.
# Git commit author used to commit to the repository.
#
# <!-- md:inline_version v2.11 -->

@hugodocto
Copy link
Contributor Author

o/

I pushed changes that should fix your comments; I did not "Commit suggestions" because I wasn't sure if you'll be able to approve if you co-authored the changes 🤷

No worries about the delays 😉

@caarlos0 caarlos0 merged commit b3b2a92 into goreleaser:main Jun 24, 2025
14 of 17 checks passed
@caarlos0
Copy link
Member

Thank you! <3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@caarlos0 caarlos0 caarlos0 left review comments

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support commit signing for homebrew taps (and maybe other platforms too)
3 participants
@hugodocto @vedantmgoyal9 @caarlos0