Add Gitlab::Ssh::Commit class
What does this MR do and why?
Describe in detail what your merge request does and why.
In order to add Sign commits with your SSH key (#343879 - closed), this MR adds a new Gitlab::Ssh::Commit
class which is responsible for creating CommitSignatures::SshSignature
records in the database and returning them.
This class mirrors the existing Gitlab::Gpg::Commit
and Gitlab::X509::Commit
classes, and will be called from
Commit#signature
My testing approach differs from the existing Gitlab::Gpg::Commit
and Gitlab::X509::Commit
commit specs, which
I find difficult to maintain due to the sheer amount of bootstrapping they do. The Gitlab::Ssh::Signature
spec
already thoroughly tests the correctness of signature verification, so there is no need to re-test that in these specs.
Instead, we only check that we correctly handle the output of Gitlab::Ssh::Signature
.
Since it is expected for signatures with the unknown_key
status to not have a key_id
available, this MR also
removes the NOT NULL
constraint from the key_id
column on the ssh_signatures
table.
Migrations
Up
main: == 20220728114136 MakeSshSignatureKeyNullable: migrating ======================
main: -- change_column_null(:ssh_signatures, :key_id, true)
main: -> 0.0015s
main: == 20220728114136 MakeSshSignatureKeyNullable: migrated (0.0020s) =============
Down
main: == 20220728114136 MakeSshSignatureKeyNullable: reverting ======================
main: -- change_column_null(:ssh_signatures, :key_id, false)
main: -> 0.0067s
main: == 20220728114136 MakeSshSignatureKeyNullable: reverted (0.0143s) =============
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
Start the rails console:
bundle exec rails c
Run this Ruby code:
project = Project.find_by_path("gitlab-test")
commit = project.commit_by(oid: '7b5160f9bb23a3d58a0accdbe89da13b96b1ece9')
Gitlab::Ssh::Commit.new(commit).signature
This will show the commit signature for gitlab-test@7b5160f9,
which should be pre-seeded into your GDK. If it's not there, then you can either re-seed your GDK with gdk reset-data
or
add it to your local gitlab-test
from upstream:
git clone git@gitlab.com:gitlab-org/gitlab-test.git
cd gitlab-test
git remote add gdk ssh://git@gdk.local:2222/gitlab-org/gitlab-test.git
git checkout ssh-signed-commit
git push -u gdk ssh-signed-commit
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.