[PATCH 2/2] dim: sign pull-request tags if the GPG key is configured

[Jani Nikula <jani.nikula@intel.com>]

Add new environment variable $DIM_GPG_KEYID for configuring the GPG key
ID of the key to use for signing tags for pull requests. The tags will
be signed if the key ID is set, otherwise annotated tags will be used
like before.

The drm-intel-testing tags are left unsigned, at least for now.

Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
Cc: Sean Paul <seanpaul@chromium.org>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>

---

BEWARE OF THE LEOPARD! I didn't actually test this. I will try it when I
need to tag something next.

We should probably also add verification to dim apply-pull.
---
 dim     |  9 ++++++---
 dim.rst | 11 +++++++++++
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/dim b/dim
index 23dfccb5513d..4d7864d8f450 100755
--- a/dim
+++ b/dim
@@ -70,6 +70,9 @@ DIM_TEMPLATE_SIGNATURE=${DIM_TEMPLATE_SIGNATURE:-$HOME/.dim.template.signature}
 # dim pull-request tag summary template
 DIM_TEMPLATE_TAG_SUMMARY=${DIM_TEMPLATE_TAG_SUMMARY:-$HOME/.dim.template.tagsummary}
 
+# GPG key id for signing tags. If unset, don't sign.
+DIM_GPG_KEYID=${DIM_GPG_KEYID:+-u $DIM_GPG_KEYID}
+
 #
 # Internal configuration.
 #
@@ -1549,7 +1552,7 @@ function dim_update_next_continue
 		tag_testing="drm-intel-testing-$today-$((++suffix))"
 	done
 
-	$DRY git tag -a $tag $DIM_DRM_INTEL_REMOTE/drm-intel-next
+	$DRY git tag -a $DIM_GPG_KEYID $tag $DIM_DRM_INTEL_REMOTE/drm-intel-next
 	git push $DRY_RUN $DIM_DRM_INTEL_REMOTE $tag
 
 	echo "Updating drm-intel-testing to latest drm-tip"
@@ -1589,7 +1592,7 @@ function dim_tag_next
 			tag="drm-intel-next-$today-$((++suffix))"
 		done
 
-		$DRY git tag -a $tag $DIM_DRM_INTEL_REMOTE/drm-intel-next
+		$DRY git tag -a $DIM_GPG_KEYID $tag $DIM_DRM_INTEL_REMOTE/drm-intel-next
 		git push $DRY_RUN $DIM_DRM_INTEL_REMOTE $tag
 	else
 		echo "drm-intel-next not up-to-date, aborting"
@@ -1650,7 +1653,7 @@ function dim_pull_request
 		done
 		gitk "$branch@{upstream}" ^$upstream &
 		prep_pull_tag_summary | $DRY git tag -F- $tag "$branch@{upstream}"
-		$DRY git tag -a -f $tag
+		$DRY git tag -a $DIM_GPG_KEYID -f $tag
 		$DRY git push $remote $tag
 		prep_pull_mail $req_file $tag
 
diff --git a/dim.rst b/dim.rst
index 7aacc4e776e2..65e652e8bc75 100644
--- a/dim.rst
+++ b/dim.rst
@@ -349,6 +349,8 @@ recipients already set.
 Since the tag for the *branch* is date based, the pull request can be
 regenerated with the same commands if something goes wrong.
 
+The tag will be signed using the key specified by \$DIM_GPG_KEYID, if set.
+
 pull-request-fixes [*upstream*]
 -------------------------------
 **pull-request** shorthand for *drm-intel-fixes* as the branch and
@@ -391,6 +393,8 @@ opened.
 Also checks that the drm-intel-fixes|-next-queued are fully
 merged into drm-tip to avoid operator error.
 
+The tag will be signed using the key specified by \$DIM_GPG_KEYID, if set.
+
 update-next-continue
 --------------------
 
@@ -405,6 +409,8 @@ remote is up-to-date. Useful if drm-intel-next has been changed since the last
 run of the update-next command (e.g. to apply a hotfix before sending out the
 pull request).
 
+The tag will be signed using the key specified by \$DIM_GPG_KEYID, if set.
+
 DIM HELP COMMANDS
 =================
 
@@ -498,6 +504,11 @@ DIM_TEMPLATE_TAG_SUMMARY
 -------------------------
 Path to a file containing the template for dim pull-request tag summaries.
 
+DIM_GPG_KEYID
+-------------
+GPG key ID to use for signing tags. If set, tags will be signed. If unset, the
+default, tags will not be signed.
+
 dim_alias_<alias>
 -----------------
 Make **<alias>** an alias for the subcommand defined as the value. For example,
-- 
2.11.0

_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx