Add require signed commit for protected branch (#9708)

* Add require signed commit for protected branch * Fix fmt * Make editor show if they will be signed * bugfix * Add basic merge check and better information for CRUD * linting comment * Add descriptors to merge signing * Slight refactor * Slight improvement to appearances * Handle Merge API * manage CRUD API * Move error to error.go * Remove fix to delete.go * prep for merge * need to tolerate \r\n in message * check protected branch before trying to load it * Apply suggestions from code review Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * fix commit-reader Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2025-07-22 18:28:37 +00:00 · 2020-01-15 08:32:57 +00:00
parent 6b1fa12359
commit 66ee9b87f9
29 changed files with 618 additions and 122 deletions
--- a/templates/repo/editor/commit_form.tmpl
+++ b/templates/repo/editor/commit_form.tmpl
@@ -1,7 +1,11 @@
 <div class="commit-form-wrapper">
 	<img width="48" height="48" class="ui image commit-avatar" src="{{.SignedUser.RelAvatarLink}}">
 	<div class="commit-form">
-		<h3>{{.i18n.Tr "repo.editor.commit_changes"}}</h3>
+		<h3>{{- if .CanCommitToBranch.WillSign}}
+		<i title="{{.i18n.Tr "repo.signing.will_sign" .CanCommitToBranch.SigningKey}}" class="lock green icon"></i>{{.i18n.Tr "repo.editor.commit_signed_changes"}}
+		{{- else}}
+		<i title="{{.i18n.Tr (printf "repo.signing.wont_sign.%s" .CanCommitToBranch.WontSignReason)}}" class="unlock grey icon"></i>{{.i18n.Tr "repo.editor.commit_changes"}}
+		{{- end}}</h3>
 		<div class="field">
 			<input name="commit_summary" placeholder="{{if .PageIsDelete}}{{.i18n.Tr "repo.editor.delete" .TreePath}}{{else if .PageIsUpload}}{{.i18n.Tr "repo.editor.upload_files_to_dir" .TreePath}}{{else if .IsNewFile}}{{.i18n.Tr "repo.editor.add_tmpl"}}{{else}}{{.i18n.Tr "repo.editor.update" .TreePath}}{{end}}" value="{{.commit_summary}}" autofocus>
 		</div>
@@ -10,11 +14,20 @@
 		</div>
 		<div class="quick-pull-choice js-quick-pull-choice">
 			<div class="field">
-		 		<div class="ui radio checkbox {{if not .CanCommitToBranch}}disabled{{end}}">
+				<div class="ui radio checkbox {{if not .CanCommitToBranch.CanCommitToBranch}}disabled{{end}}">
 					<input type="radio" class="js-quick-pull-choice-option" name="commit_choice" value="direct" button_text="{{.i18n.Tr "repo.editor.commit_changes"}}" {{if eq .commit_choice "direct"}}checked{{end}}>
 					<label>
 						<i class="octicon octicon-git-commit" height="16" width="14"></i>
 						{{.i18n.Tr "repo.editor.commit_directly_to_this_branch" (.BranchName|Escape) | Safe}}
+						{{if not .CanCommitToBranch.CanCommitToBranch}}
+						<div class="ui visible small warning message">
+							{{.i18n.Tr "repo.editor.no_commit_to_branch"}}
+							<ul>
+								{{if not .CanCommitToBranch.UserCanPush}}<li>{{.i18n.Tr "repo.editor.user_no_push_to_branch"}}</li>{{end}}
+								{{if and .CanCommitToBranch.RequireSigned (not .CanCommitToBranch.WillSign)}}<li>{{.i18n.Tr "repo.editor.require_signed_commit"}}</li>{{end}}
+							</ul>
+						</div>
+						{{end}}
 					</label>
 				</div>
 			</div>
--- a/templates/repo/issue/view_content/pull.tmpl
+++ b/templates/repo/issue/view_content/pull.tmpl
@@ -48,6 +48,7 @@
 	{{else if .IsBlockedByApprovals}}red
 	{{else if .IsBlockedByRejection}}red
 	{{else if and .EnableStatusCheck (not .IsRequiredStatusCheckSuccess)}}red
+	{{else if and .RequireSigned (not .WillSign)}}}red
 	{{else if .Issue.PullRequest.IsChecking}}yellow
 	{{else if .Issue.PullRequest.CanAutoMerge}}green
 	{{else}}red{{end}}"><span class="mega-octicon octicon-git-merge"></span></a>
@@ -93,49 +94,69 @@
 				</div>
 			{{else if .IsPullRequestBroken}}
 				<div class="item text red">
-					<span class="octicon octicon-x"></span>
+					<i class="icon icon-octicon"><span class="octicon octicon-x"></span></i>
 					{{$.i18n.Tr "repo.pulls.data_broken"}}
 				</div>
 			{{else if .IsPullWorkInProgress}}
 				<div class="item text grey">
-					<span class="octicon octicon-x"></span>
+					<i class="icon icon-octicon"><span class="octicon octicon-x"></span></i>
 					{{$.i18n.Tr "repo.pulls.cannot_merge_work_in_progress" .WorkInProgressPrefix | Str2html}}
 				</div>
 			{{else if .Issue.PullRequest.IsChecking}}
 				<div class="item text yellow">
-					<span class="octicon octicon-sync"></span>
+					<i class="icon icon-octicon"><span class="octicon octicon-sync"></span></i>
 					{{$.i18n.Tr "repo.pulls.is_checking"}}
 				</div>
 			{{else if .Issue.PullRequest.CanAutoMerge}}
 				{{if .IsBlockedByApprovals}}
 					<div class="item text red">
-						<span class="octicon octicon-x"></span>
+						<i class="icon icon-octicon"><span class="octicon octicon-x"></span></i>
 					{{$.i18n.Tr "repo.pulls.blocked_by_approvals" .GrantedApprovals .Issue.PullRequest.ProtectedBranch.RequiredApprovals}}
 					</div>
 				{{else if .IsBlockedByRejection}}
 					<div class="item text red">
-						<span class="octicon octicon-x"></span>
+						<i class="icon icon-octicon"><span class="octicon octicon-x"></span></i>
 					{{$.i18n.Tr "repo.pulls.blocked_by_rejection"}}
 					</div>
 				{{else if and .EnableStatusCheck (not .IsRequiredStatusCheckSuccess)}}
 					<div class="item text red">
-						<span class="octicon octicon-x"></span>
+						<i class="icon icon-octicon"><span class="octicon octicon-x"></span></i>
 						{{$.i18n.Tr "repo.pulls.required_status_check_failed"}}
 					</div>
+				{{else if and .RequireSigned (not .WillSign)}}
+					<div class="item text red">
+						<i class="icon icon-octicon"><span class="octicon octicon-x"></span></i>
+						{{$.i18n.Tr "repo.pulls.require_signed_wont_sign"}}
+					</div>
+					<div class="item text yellow">
+						<i class="icon unlock grey"></i>
+						{{$.i18n.Tr (printf "repo.signing.wont_sign.%s" .WontSignReason) }}
+					</div>
 				{{end}}
-				{{$notAllOk := or .IsBlockedByApprovals .IsBlockedByRejection (and .EnableStatusCheck (not .IsRequiredStatusCheckSuccess))}}	
-				{{if or $.IsRepoAdmin (not $notAllOk)}}
+				{{$notAllOk := or .IsBlockedByApprovals .IsBlockedByRejection (and .RequireSigned (not .WillSign)) (and .EnableStatusCheck (not .IsRequiredStatusCheckSuccess))}}
+				{{if and (or $.IsRepoAdmin (not $notAllOk)) (or (not .RequireSigned) .WillSign)}}
 					{{if $notAllOk}}
 						<div class="item text yellow">
-							<span class="octicon octicon-primitive-dot"></span>
+							<i class="icon icon-octicon"><span class="octicon octicon-primitive-dot"></span></i>
 							{{$.i18n.Tr "repo.pulls.required_status_check_administrator"}}
 						</div>
 					{{else}}
 						<div class="item text green">
-							<span class="octicon octicon-check"></span>
+							<i class="icon icon-octicon"><span class="octicon octicon-check"></span></i>
 							{{$.i18n.Tr "repo.pulls.can_auto_merge_desc"}}
 						</div>
 					{{end}}
+					{{if .WillSign}}
+						<div class="item text green">
+							<i class="icon lock green"></i>
+							{{$.i18n.Tr "repo.signing.will_sign" .SigningKey}}
+						</div>
+					{{else}}
+						<div class="item text yellow">
+							<i class="icon unlock grey"></i>
+							{{$.i18n.Tr (printf "repo.signing.wont_sign.%s" .WontSignReason) }}
+						</div>
+					{{end}}
 					{{if .AllowMerge}}
 						{{$prUnit := .Repository.MustGetUnit $.UnitTypePullRequests}}
 						{{$approvers := .Issue.PullRequest.GetApprovers}}
@@ -282,6 +303,11 @@
 						<span class="octicon octicon-x"></span>
 						{{$.i18n.Tr "repo.pulls.required_status_check_failed"}}
 					</div>
+				{{else if and .RequireSigned (not .WillSign)}}
+					<div class="item text red">
+						<span class="octicon octicon-x"></span>
+						{{$.i18n.Tr "repo.pulls.require_signed_wont_sign"}}
+					</div>
 				{{else}}
 					<div class="item text red">
 						<span class="octicon octicon-x"></span>
--- a/templates/repo/settings/protected_branch.tmpl
+++ b/templates/repo/settings/protected_branch.tmpl
@@ -210,7 +210,7 @@
 							<label for="block_on_rejected_reviews">{{.i18n.Tr "repo.settings.block_rejected_reviews"}}</label>
 							<p class="help">{{.i18n.Tr "repo.settings.block_rejected_reviews_desc"}}</p>
 						</div>
-					</div>					
+					</div>
 					<div class="field">
 						<div class="ui checkbox">
 							<input name="dismiss_stale_approvals" type="checkbox" {{if .Branch.DismissStaleApprovals}}checked{{end}}>
@@ -218,6 +218,13 @@
 							<p class="help">{{.i18n.Tr "repo.settings.dismiss_stale_approvals_desc"}}</p>
 						</div>
 					</div>
+					<div class="field">
+						<div class="ui checkbox">
+							<input name="require_signed_commits" type="checkbox" {{if .Branch.RequireSignedCommits}}checked{{end}}>
+							<label for="require_signed_commits">{{.i18n.Tr "repo.settings.require_signed_commits"}}</label>
+							<p class="help">{{.i18n.Tr "repo.settings.require_signed_commits_desc"}}</p>
+						</div>
+					</div>

 				</div>