Last active
November 23, 2023 16:12
-
-
Save MrCordeiro/342f357754b1d2d9be2fce13c32e9491 to your computer and use it in GitHub Desktop.
Ensures all commits from a repo are signed
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -euxo pipefail | |
is_commit_signed() { | |
local commit=$1 | |
git verify-commit "$commit" &> /dev/null | |
return $? | |
} | |
sign_commit() { | |
local commit=$1 | |
GIT_SEQUENCE_EDITOR=: git rebase -i "$commit^" | |
git commit --amend --no-edit -S | |
git rebase --continue | |
} | |
main() { | |
local repo_path=$1 | |
cd "$repo_path" || exit 1 | |
# Get list of all commits and filter out already signed commits | |
local commits=$(git rev-list --all | while read commit; do is_commit_signed "$commit" || echo "$commit"; done) | |
for commit in $commits; do | |
echo "Signing commit: $commit" | |
sign_commit "$commit" || { | |
echo "Error signing commit $commit. Stopping script." | |
exit 1 | |
} | |
done | |
echo "All commits have been signed." | |
} | |
# Input validation | |
if [ -z "$1" ]; then | |
echo "Usage: $0 <path-to-repository>" | |
exit 1 | |
fi | |
main "$1" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment