diff options
author | Neal H. Walfield <neal@pep.foundation> | 2023-10-26 10:16:41 +0200 |
---|---|---|
committer | Neal H. Walfield <neal@pep.foundation> | 2023-10-26 11:36:11 +0200 |
commit | c32e574b621ec34c23876101f6ec55c3fe5312b8 (patch) | |
tree | 1fd8da79af8b5a6821968261a77621cdca59c460 | |
parent | 18dd64b9548ad151fdfa0ec8f67927549a08f281 (diff) |
ci: Add a job to authenticate the commits
- Add a job to authenticate the commits using sequoia-git.
-rw-r--r-- | .gitlab-ci.yml | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2a05b371..87f99737 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -270,6 +270,26 @@ windows-msvc32-cng: variables: CFLAGS: "" # Silence some C warnings when compiling with MSVC +authenticate-commits: + stage: test + interruptible: true + image: registry.gitlab.com/sequoia-pgp/sequoia-git:latest + before_script: [] + script: + - sq-git policy describe + - /usr/sbin/gitlab.sh # Script baked-in to image + after_script: [] + rules: + # Run whenever the non-default branch is updated. Note, we only + # run for "push" events otherwise the job would also be triggered + # for merge requests, which would result in the job running twice. + # + # TODO: We currently only authenticate the changes on non-merged + # branches where we use the default branch as the trust root. For + # the default branch, the project needs to set an explicit trust + # root. + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH' + variables: DEBIAN_FRONTEND: noninteractive CARGO_HOME: $CI_PROJECT_DIR/../cargo |