堆栈内存溢出
  简体   繁体   English

如何强制TeamCity仅在GitLab中处理已签名的提交

[英]How to force TeamCity to only work on signed commits in GitLab

 原文  2017-08-29 23:57:29       git/ teamcity/ gitlab/ gnupg

问题描述

Currently, we are using GitLab Enterprise Edition 9.5.1 and TeamCity Professional 2017.1.2 (build 46812). 当前,我们正在使用GitLab企业版9.5.1和TeamCity Professional 2017.1.2(内部版本46812)。 The build agent has a line like 构建代理的行像

git pull --verify-signature

Our group would like to have TeamCity verify gpg signature without having an explicit pull command. 我们的小组希望TeamCity在没有显式pull命令的情况下验证gpg签名。

How do you configure TeamCity to do this? 您如何配置TeamCity来做到这一点?

1 个解决方案

解决方案1
 1  2017-09-05 21:03:42

Absent input from the community, here is the first working kludge. 社区缺乏意见,这是第一个工作难题。

First build step 第一步

The first lines in the first TeamCity build step are: 第一个TeamCity构建步骤的第一行是: 

git verify-commit HEAD~0

export VERIFY_EXIT_CODE=$?

if [ "$VERIFY_EXIT_CODE" -eq "0" ]
then
  echo "Git commit GPG signature is VERIFIED"
else
  echo "Git commit GPG signature is NOT VERIFIED"
  build stop
fi

GPG signature verified GPG签名已验证

When the commit has a verified GPG signature, the output resembles this: 当提交具有经过验证的GPG签名时,输出类似于以下内容: 

[12:17:54] Step 1/3: Verify GPG signature on commit (Command Line)
[12:17:54][Step 1/3] Starting: /home/*******/Applications/TeamCity/buildAgent_***_1/temp/agentTmp/custom_script5468853061762530637
[12:17:54][Step 1/3] in directory: /home/*******/Applications/TeamCity/buildAgent_***_1/work/c8edabae02b7df61
[12:17:54][Step 1/3] 
[12:17:54][Step 1/3] git verify-commit HEAD~0
[12:17:54][Step 1/3] gpg: Signature made Tue 05 Sep 2017 12:15:59 PM MDT using RSA key ID 71F1FCB8
[12:17:54][Step 1/3] gpg: Good signature from "My Name (*** gpg key) <******@*****.***>"
[12:17:54][Step 1/3] 
[12:17:54][Step 1/3] export VERIFY_EXIT_CODE=$?=0
[12:17:54][Step 1/3] Git commit GPG signature is VERIFIED
[12:17:54][Step 1/3] Process exited with code 0

GPG signature unverified GPG签名未验证

When the commit has no verified GPG signature, or TeamCity can't find the public key, the output looks like this: 当提交没有经过验证的GPG签名,或者TeamCity找不到公钥时,输出如下所示: 

[12:10:37] Step 1/3: Verify gpg signature on git repository (Command Line)
[12:10:37][Step 1/3] Starting: /home/*******/Applications/TeamCity/buildAgent_***_1/temp/agentTmp/custom_script4984466249864504039
[12:10:37][Step 1/3] in directory: /home/*******/Applications/TeamCity/buildAgent_***_1/work/c8edabae02b7df61

[12:10:37][Step 1/3] git verify-commit HEAD~0
[12:10:37][Step 1/3] Git repository is NOT VERIFIED
[12:10:37][Step 1/3] 
[12:10:37][Step 1/3] export VERIFY_EXIT_CODE=$?=1
[12:10:37][Step 1/3] Git repository is NOT VERIFIED
[12:10:37][Step 1/3] 
[12:10:37][Step 1/3] build stop
[12:10:37][Step 1/3] /home/*******/Applications/TeamCity/buildAgent_***_1/temp/agentTmp/custom_script4984466249864504039: line 19: build: command not found
[12:10:37][Step 1/3] Process exited with code 127
[12:10:37][Step 1/3] Process exited with code 127
[12:10:37][Step 1/3] Step Verify gpg signature on git repository (Command Line) failed
[12:10:37][Step 1/3] Error message is logged

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 仅为提交运行 gitlab 管道 - Run gitlab pipeline only for commits 如何限制推送操作以仅允许在github中使用GPG签名的提交 - How to limit pushing operation to allow only commits that are signed with GPG in github 如何强制推送到 Gitlab - How to force push to Gitlab 如何指定GitLab的CI子模块设置以仅使用master分支上的提交? - How to specify GitLab's CI submodule setup to ONLY use commits on the master branch? 如何在本地验证其他人签名的提交? - How to locally verify signed commits by other people? 如何删除gitlab中的几个中间提交? - How to delete few middle commits in gitlab? 在 GitLab,如何比较两个不同提交的文件 - On GitLab, how to compare a file of two different commits Gitlab:如何纠正错误的壁球提交 - Gitlab: how to correct a bad squash commits 如何从 Gitlab 中完全删除旧提交? - How to completely remove old commits from Gitlab? 如何强制 TeamCity 将每个提交构建到 GIt 中? - How to force TeamCity to build every commit into GIt?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM